Settings on the CISCO side
- In Cisco ISE, you will need to enable the “ERS API service” setting.
- In Cisco ISE, login to your ISE PAN
- Go to Administration > System > Settings > ERS Settings
- Turn on ERS API by enabling ERS for Read/Write
- Save your changes
- You will now be able to use the local endpoint “https://<Cisco ISE IP address>:9060/ers/”
- Create a Sponsor
A sponsor is the user's proxy that does the provisioning of the new visitors
- In ISE, go to Administration > Identity Management > Identities.
- Select “Users” and click “Add”
- Give the sponsor a name (Something like “onVisitGuestSponsor”)
- Set Status to Enabled
- Set Password Type to “Internal Users”. Create a password (you will need this later in step 6)
- Assign User Groups. Best practice is “ALL_ACCOUNTS” unless you have a specific reason not to.
- Create a Guest Type
The Guest Type will determine the permissions the visitor will have.
- Go to Work Centers > Guest Access > Portals and Components.
- Select “Guest Types” and click “Create”
- Name the Visitor type to whatever you wish (Something like “onVisitVisitor”)
- Set the field “Account duration starts” to “From First Login”
- Set the “Maximum account Duration” to however long you want (recommended 1 day)
- Set the “Sponsor Groups” to the same group that you assigned to the sponsor in step 2. (Recommended “ALL_ACCOUNTS”)
- Go back to Work Centers > Guest Access > Portals and Components and select “Sponsor Groups” and select the group you are using. Make sure this group can create accounts using the Guest Type we just created.
- Copy the Portal ID
- Go to Work Centers > Guest Access
- Select “Sponsor Portals” and choose the “Sponsor Portal (default)” unless you have a specific reason to use a custom portal.
- Right click on “Portal Test URL” and select “Copy Link Address”.
Paste this link somewhere safe to reference later.
- Copy location name
- Go to Work Centers > Guest Access > Settings
- Select “Guest Locations and SSID”
- Choose your location and copy it and paste the name to same place you pasted the Portal ID