Guest Access

the nile access service offers three different options for providing guest network access integration with an external captive portal, such as clearpass and ise nile hosted guest portals nile secure guest service integration with external captive portal this soluti on is ideal for customers who already have a cisco ise or aruba clearpass implementation with their existing wlan in this model, the nile access service acts as a pass through, relying on the external captive portal server to authenticate the guest devices there are two modes of operation server initiated flow static url server initiated flow in the server initiated flow, the captive portal server is configured with the redirect url and hosts the captive portal page when a guest device connects to the captive portal ssid the nile access service assigns the device to a guest segment and provides an ip address from the dhcp server the nile access service initiates a mac authentication request to the captive portal server if the mac address is not in the captive portal server's database, it responds with an access accept message and embeds the redirect url the nile access service then redirects the user to the url provided by the captive portal server the user communicates with the captive portal server and provides the necessary authentication (e g , accept and connect, social login, password) once authenticated, the captive portal server initiates a change of authorization (coa), and the nile access service re initiates the mac authentication this time, the server responds with an access accept without the redirect url the nile access service then allows the device onto the network to configure this flow, navigate to the "settings" > "authentication" section in the nile cloud services portal and add a radius server static url in the static url mode, the administrator configures the redirect url in the nile cloud services portal when adding the radius server the captive portal server does not provide the url via the mac authentication process nile hosted guest portals this solution is ideal for customers who do not have an external captive portal server the nile access service hosts the captive portal server in the cloud and provides it as part of the service, free of charge nile supports two authentication methods for onboarding guest users click through email approval access codes click through the click through feature requires the guest user to accept the terms and conditions to access the network this is the most basic form of authentication once accepted, the user is granted access to the network email approval the email approval feature displays a form that the guest user must fill out, and then the request must be approved the form includes the following fields guest user's name guest user's email visiting employee's name visiting employee's email once the form is filled out, an email is sent to the visiting employee, who must approve the request for the guest user to gain access nile will only send the email if the domain of the visiting employee's email entered by the guest is a valid domain for the tenant the administrator can add multiple domains if needed to configure the nile hosted guest portals, navigate to the "settings" > "authentication" section in the nile cloud services portal and select the "guest" option when adding a radius server access codes feature value nile guest wi fi access codes provide flexible options for granting temporary network access to visitors customers can choose between simple, shared access codes for short events or user specific access codes for personalized, auditable guest access both options are available through the nile portal for manual administration nile apis for automation and integration with external systems this flexibility allows customers to match the access model to their operational needs without changing network configuration feature description nile guest portals support access code–based authentication when using access codes, customers can choose between two access models option 1 generic access code a single shared access code that can be used by multiple guests characteristics the administrator has the option to define a custom access code, or nile can automatically generate one one access code shared across all guests not tied to an individual guest time bound (start and end time) simple to distribute verbally, via signage, or email typical use cases short duration events meetings or training sessions temporary guest access where individual tracking is not required option 2 user specific access code a unique access code per guest , tied to user identity characteristics one access code per guest the administrator has the option to define a custom access code, or nile can automatically generate one associated with the guest's name and email address time bound (start and end time) enables traceability and personalized distribution typical use cases employee hosted visitors contractors or partners conferences and events requiring individual access control integration with helpdesk or registration systems how it works step 1 identify the guest portal admin selects a guest portal of type access code guest portal may be mapped to one or more geo scopes (sites or locations) step 2 create access codes access codes can be created in two ways , regardless of whether they are generic or user specific option a nile portal (manual) admins can manually create a generic access code shared by all guests, or user specific access codes with name and email admins configure access code value (optional auto generation) start and end time guest name and email (user specific option only) option b nile apis (automated) external systems can programmatically create access codes using nile apis the api supports both access models generic access codes (no guest identity) user specific access codes (name and email included) api payloads can include access code (or allow auto generation) start and end time optional guest name and email this enables automation, bulk provisioning, and integration with existing workflows step 3 guest authentication guest connects to the ssid associated with the guest portal guest is redirected to the captive portal guest enters the access code access is granted based on validity and portal policy example use cases use case 1 short event with shared access admin → nile portal or api → generic access code → all guests single access code created code shared with all attendees access expires automatically after the event use case 2 employee hosted guests employee → helpdesk (servicenow) → approval → nile api → guest wi fi ↓ user specific access codes emailed unique access code per guest guest name and email captured codes automatically distributed use case 3 conference attendees registration system → \[api / csv upload] → nile platform → guest wi fi ↓ badge number = user specific access code badge number used as access code identity captured per attendee supports large scale, automated provisioning summary access code options capability generic access code user specific access code shared across guests ✅ ❌ guest name & email ❌ ✅ time bound access ✅ ✅ manual creation (portal) ✅ ✅ api based automation ✅ ✅ best for events ✅ ✅ (large / managed events) faq q what is the default session time of guest? a the default session timeout is 24hrs and it can be changed q as an admin, can i customize the branding of the page? a nile offers the ability to brand the page using background images, colors, and logos nile secure guest service the nile secure guest service is an optional component of the nile access service that provides secure internet access for guest devices, including those belonging to customers, partners, and employees, while isolating them from the organization's internal network resources for more information on the nile secure guest service, please refer to the docid\ keb2 g8r6plmyhmtpwbsa documentation