Guest Access
The Nile Access Service offers three different options for providing guest network access:
- Integration with an external Captive portal such as ClearPass and ISE
- Nile-hosted Guest Portals
- Nile Secure Guest Service
This solution is ideal for customers who already have a Cisco ISE or Aruba ClearPass implementation with their existing WLAN. In this model, the Nile Access Service acts as a pass-through, relying on the external captive portal server to authenticate the guest devices.
There are two modes or operation:
- Server Initiated flow
- Static URL
In the server-initiated flow, the captive portal server is configured with the redirect URL and hosts the captive portal page. When a guest device connects to the captive portal SSID:
- The Nile Access Service assigns the device to a guest segment and provides an IP address from the DHCP server.
- The Nile Access Service initiates a MAC authentication request to the captive portal server.
- If the MAC address is not in the captive portal server's database, it responds with an Access-Accept message and embeds the redirect URL.
- The Nile Access Service then redirects the user to the URL provided by the captive portal server.
- The user communicates with the captive portal server and provides the necessary authentication (e.g., accept and connect, social login, password).
- Once authenticated, the captive portal server initiates a Change of Authorization (CoA), and the Nile Access Service re-initiates the MAC authentication. This time, the server responds with an Access-Accept without the redirect URL.
- The Nile Access Service then allows the device onto the network.
To configure this flow, navigate to the "Settings" > "Authentication" section in the Nile Cloud Services Portal and add a RADIUS server.
In the static URL mode, the administrator configures the redirect URL in the Nile Cloud Services Portal when adding the RADIUS server. The captive portal server does not provide the URL via the MAC authentication process.
This solution is ideal for customers who do not have an external captive portal server. The Nile Access Service hosts the captive portal server in the cloud and provides it as part of the service, free of charge. Nile supports two authentication methods for onboarding guest users:
- Click-Through
- Email Approval
The click-through feature requires the guest user to accept the terms and conditions to access the network. This is the most basic form of authentication. Once accepted, the user is granted access to the network.
he email approval feature displays a form that the guest user must fill out, and then the request must be approved. The form includes the following fields:
- Guest User's Name
- Guest User's Email
- Visiting Employee's Name
- Visiting Employee's Email
Once the form is filled out, an email is sent to the visiting employee, who must approve the request for the guest user to gain access.
Nile will only send the email if the domain of the visiting employee's email entered by the guest is a valid domain for the tenant. The administrator can add multiple domains if needed.
To configure the Nile-hosted guest portals, navigate to the "Settings" > "Authentication" section in the Nile Cloud Services Portal and select the "Guest" option when adding a RADIUS server.
Q. What is the default session time of guest?
A. The default session time out is 24hrs and it can be changed
Q. As an admin can I customize the branding of the page?
A. Nile offers the ability to brand the page using background images, colors and logos
he Nile Secure Guest Service is an optional component of the Nile Access Service that provides secure internet access for guest devices, including those belonging to customers, partners, and employees, while isolating them from the organization's internal network resources.
For more information on the Nile Secure Guest Service, please refer to the Nile Guest Service documentation.
