Fortinet black logo

Administration Guide

Guest self-registration

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:687558
Download PDF

Guest self-registration

Use the Self-Registration feature to allow a guest to create a request for access to your network from their own device. When the guest opens a browser he is redirected to the registration page in the captive portal. From that page he can either login with previously assigned credentials or request access. Requests are forwarded to a Sponsor or to a request pool to be approved or denied. When a request is approved, the guest receives his credentials in the browser on the login page, in an email or in an SMS message sent to his mobile telephone. All guest accounts are configured to expire after a user specified amount of time based on the template with which they are created.

Implementation

It is recommended that you review the Implementation process for Guest Manager for general setup details. This section covers only those configuration details that are specifically required for Guest Self-Registration.

  • All guest accounts are created based on a template. For Guest Self-Registration you must create a template with Visitor Type set to Self-Registered Guest and it must have an Account Duration to indicate when the account should expire. There is a default template, GuestSelfRegistration, that can be used or you can create a new one. See Guest/contractor templates. All Self-Registered guests are configured with the same template. The template used is selected in the Portal Content Editor under Registration > Self-Registration Login.
  • Create an Admin Profile specifically for Administrative users that will respond to Guest Self-Registration requests these users could also have permission for Guest/Contractor Accounts or other parts of FortiNAC that you deem appropriate for their job. See Add a guest self registration profile.
  • Create one or more Administrative users that will be responsible for processing Guest Self-Registration requests and apply the Guest Self-Registration profile. Administrative users must have an e-mail address if they are to receive and respond to requests for guest accounts. Note that Admin users can be created based on groups in your Directory and permissions or profiles can be automatically assigned based on those groups. This can be useful if many people in your organization will be responsible for processing Guest Self-Registration requests. See Set admin privileges based on directory groups.
  • Configure your portal pages for Guest Self-Registration in the Portal Content Editor. See Portal page setup for version 2 and Appendix B: Portal page contents fields.
    • Within the Portal you can specify the sponsor or sponsors to which the request should go or you can enable the Sponsor field for the guest to fill in when creating the request. The guest must enter the sponsor's email address.
    • If you do not enable the Require Sponsor Approval option for guest accounts, guests simply create their own accounts using the template specified in the portal.
  • If you require Sponsors and other Admin Users to connect to the Admin UI using https or if you are in a High Availability environment where redundant servers do not share an IP address because those servers are on different subnets you must configure settings to generate the correct links in the emails sent to Sponsors. See Configure the email link.

Guest self-registration

Use the Self-Registration feature to allow a guest to create a request for access to your network from their own device. When the guest opens a browser he is redirected to the registration page in the captive portal. From that page he can either login with previously assigned credentials or request access. Requests are forwarded to a Sponsor or to a request pool to be approved or denied. When a request is approved, the guest receives his credentials in the browser on the login page, in an email or in an SMS message sent to his mobile telephone. All guest accounts are configured to expire after a user specified amount of time based on the template with which they are created.

Implementation

It is recommended that you review the Implementation process for Guest Manager for general setup details. This section covers only those configuration details that are specifically required for Guest Self-Registration.

  • All guest accounts are created based on a template. For Guest Self-Registration you must create a template with Visitor Type set to Self-Registered Guest and it must have an Account Duration to indicate when the account should expire. There is a default template, GuestSelfRegistration, that can be used or you can create a new one. See Guest/contractor templates. All Self-Registered guests are configured with the same template. The template used is selected in the Portal Content Editor under Registration > Self-Registration Login.
  • Create an Admin Profile specifically for Administrative users that will respond to Guest Self-Registration requests these users could also have permission for Guest/Contractor Accounts or other parts of FortiNAC that you deem appropriate for their job. See Add a guest self registration profile.
  • Create one or more Administrative users that will be responsible for processing Guest Self-Registration requests and apply the Guest Self-Registration profile. Administrative users must have an e-mail address if they are to receive and respond to requests for guest accounts. Note that Admin users can be created based on groups in your Directory and permissions or profiles can be automatically assigned based on those groups. This can be useful if many people in your organization will be responsible for processing Guest Self-Registration requests. See Set admin privileges based on directory groups.
  • Configure your portal pages for Guest Self-Registration in the Portal Content Editor. See Portal page setup for version 2 and Appendix B: Portal page contents fields.
    • Within the Portal you can specify the sponsor or sponsors to which the request should go or you can enable the Sponsor field for the guest to fill in when creating the request. The guest must enter the sponsor's email address.
    • If you do not enable the Require Sponsor Approval option for guest accounts, guests simply create their own accounts using the template specified in the portal.
  • If you require Sponsors and other Admin Users to connect to the Admin UI using https or if you are in a High Availability environment where redundant servers do not share an IP address because those servers are on different subnets you must configure settings to generate the correct links in the emails sent to Sponsors. See Configure the email link.