Fortinet white logo
Fortinet white logo

Administration Guide

7.4.0

Guest self registration

Guest self registration

Use the self registration feature to allow a guest to create a request for access to your network from their own device. When the guest opens a browser he is redirected to the registration page in the captive portal. From that page he can either login with previously assigned credentials or request access. Requests are forwarded to a sponsor or to a request pool to be approved or denied. When a request is approved, the guest receives his credentials in the browser on the login page, in an email or in an SMS message sent to his mobile telephone. All guest accounts are configured to expire after a user specified amount of time based on the template with which they are created.

End user workflow

Steps

  1. Connect to the network.
  2. Open a browser. The Isolation message is displayed briefly.
  3. The browser is redirected to the Registration page.
  4. On the Registration page, click the Self Registration option. A request form is displayed.
  5. Fill in the form and click Request Guest Access. Depending on the configuration of the web page, you may be required to enter the email address of a sponsor. A sponsor is a person who has access to the FortiNAC administration program and can approve or deny your access request.
  6. The browser displays a welcome message and asks you to wait. You can click Cancel if you wish to cancel the request.
  7. The request expires if it is not responded to within the number of minutes configured in the portal. The default is 20 minutes.
  8. When the sponsor approves the request, you are taken to the Login screen. Depending on the portal configuration, credentials are filled in automatically, they are sent to the guest via email and in an SMS message.
  9. Click Login on the Welcome page. The Success page is displayed.
  10. A message is displayed indicating that your network is being reconfigured and to close and reopen the browser. Close the browser and reopen it. You are now on the Production network and should be able to access the internet freely.
  11. If you shut down your computer and access the network again later, you must open a browser and login again. If cookies are enabled on your computer, the login screen is displayed and the User Name and Password fields may be pre-populated.

Implementation

It is recommended that you review the Implementation process for guest manager for general setup details. This section covers only those configuration details that are specifically required for Guest self registration.

  • All guest accounts are created based on a template. For guest self registration you must create a template with Visitor Type set to Self-Registered Guest and it must have an account duration to indicate when the account should expire. There is a default template, GuestSelfRegistration, that can be used or you can create a new one. All Self-Registered guests are configured with the same template. The template used is selected in the Portal content editor under Registration > Self Registration Login.
  • Create an administrator profile specifically for administrators that will respond to Guest self registration requests these users could also have permission for guest/contractor accounts or other parts of FortiNAC that you deem appropriate for their job. See Add a guest self registration profile.
  • Create one or more administrator that will be responsible for processing Guest self registration requests and apply the Guest self registration profile. Administrators must have an e-mail address if they are to receive and respond to requests for guest accounts. Note that administrators can be created based on groups in your directory and permissions or profiles can be automatically assigned based on those groups. This can be useful if many people in your organization will be responsible for processing Guest self registration requests. See Set privileges based on directory groups.
  • Configure your portal pages for Guest self registration in the portal content editor. See Portal page setup.
    • Within the Portal you can specify the sponsor or sponsors to which the request should go or you can enable the Sponsor field for the guest to fill in when creating the request. The guest must enter the sponsor's email address.
    • If you do not enable the Require Sponsor Approval option for guest accounts, guests simply create their own accounts using the template specified in the portal.
  • If you require sponsors and other administrators to connect to the admin UI using https or if you are in a high availability environment where redundant servers do not share an IP address because those servers are on different subnets you must configure settings to generate the correct links in the emails sent to sponsors.

Guest self registration

Guest self registration

Use the self registration feature to allow a guest to create a request for access to your network from their own device. When the guest opens a browser he is redirected to the registration page in the captive portal. From that page he can either login with previously assigned credentials or request access. Requests are forwarded to a sponsor or to a request pool to be approved or denied. When a request is approved, the guest receives his credentials in the browser on the login page, in an email or in an SMS message sent to his mobile telephone. All guest accounts are configured to expire after a user specified amount of time based on the template with which they are created.

End user workflow

Steps

  1. Connect to the network.
  2. Open a browser. The Isolation message is displayed briefly.
  3. The browser is redirected to the Registration page.
  4. On the Registration page, click the Self Registration option. A request form is displayed.
  5. Fill in the form and click Request Guest Access. Depending on the configuration of the web page, you may be required to enter the email address of a sponsor. A sponsor is a person who has access to the FortiNAC administration program and can approve or deny your access request.
  6. The browser displays a welcome message and asks you to wait. You can click Cancel if you wish to cancel the request.
  7. The request expires if it is not responded to within the number of minutes configured in the portal. The default is 20 minutes.
  8. When the sponsor approves the request, you are taken to the Login screen. Depending on the portal configuration, credentials are filled in automatically, they are sent to the guest via email and in an SMS message.
  9. Click Login on the Welcome page. The Success page is displayed.
  10. A message is displayed indicating that your network is being reconfigured and to close and reopen the browser. Close the browser and reopen it. You are now on the Production network and should be able to access the internet freely.
  11. If you shut down your computer and access the network again later, you must open a browser and login again. If cookies are enabled on your computer, the login screen is displayed and the User Name and Password fields may be pre-populated.

Implementation

It is recommended that you review the Implementation process for guest manager for general setup details. This section covers only those configuration details that are specifically required for Guest self registration.

  • All guest accounts are created based on a template. For guest self registration you must create a template with Visitor Type set to Self-Registered Guest and it must have an account duration to indicate when the account should expire. There is a default template, GuestSelfRegistration, that can be used or you can create a new one. All Self-Registered guests are configured with the same template. The template used is selected in the Portal content editor under Registration > Self Registration Login.
  • Create an administrator profile specifically for administrators that will respond to Guest self registration requests these users could also have permission for guest/contractor accounts or other parts of FortiNAC that you deem appropriate for their job. See Add a guest self registration profile.
  • Create one or more administrator that will be responsible for processing Guest self registration requests and apply the Guest self registration profile. Administrators must have an e-mail address if they are to receive and respond to requests for guest accounts. Note that administrators can be created based on groups in your directory and permissions or profiles can be automatically assigned based on those groups. This can be useful if many people in your organization will be responsible for processing Guest self registration requests. See Set privileges based on directory groups.
  • Configure your portal pages for Guest self registration in the portal content editor. See Portal page setup.
    • Within the Portal you can specify the sponsor or sponsors to which the request should go or you can enable the Sponsor field for the guest to fill in when creating the request. The guest must enter the sponsor's email address.
    • If you do not enable the Require Sponsor Approval option for guest accounts, guests simply create their own accounts using the template specified in the portal.
  • If you require sponsors and other administrators to connect to the admin UI using https or if you are in a high availability environment where redundant servers do not share an IP address because those servers are on different subnets you must configure settings to generate the correct links in the emails sent to sponsors.