Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Guest self registration

Use the self registration feature to allow a guest to create a request for access to your network from their own device. When the guest opens a browser he is redirected to the registration page in the captive portal. From that page he can either login with previously assigned credentials or request access. Requests are forwarded to a sponsor or to a request pool to be approved or denied. When a request is approved, the guest receives his credentials in the browser on the login page, in an email or in an SMS message sent to his mobile telephone. All guest accounts are configured to expire after a user specified amount of time based on the template with which they are created.

Implementation

It is recommended that you review the Implementation process for guest manager for general setup details. This section covers only those configuration details that are specifically required for Guest self registration.

  • All guest accounts are created based on a template. For guest self registration you must create a template with Visitor Type set to Self-Registered Guest and it must have an account duration to indicate when the account should expire. There is a default template, GuestSelfRegistration, that can be used or you can create a new one. All Self-Registered guests are configured with the same template. The template used is selected in the Portal content editor under Registration > Self Registration Login.
  • Create an administrator profile specifically for administrators that will respond to Guest self registration requests these users could also have permission for guest/contractor accounts or other parts of FortiNAC that you deem appropriate for their job. See Add a guest self registration profile.
  • Create one or more administrator that will be responsible for processing Guest self registration requests and apply the Guest self registration profile. Administrators must have an e-mail address if they are to receive and respond to requests for guest accounts. Note that administrators can be created based on groups in your directory and permissions or profiles can be automatically assigned based on those groups. This can be useful if many people in your organization will be responsible for processing Guest self registration requests. See Set privileges based on directory groups.
  • Configure your portal pages for Guest self registration in the portal content editor. See Portal page setup.
    • Within the Portal you can specify the sponsor or sponsors to which the request should go or you can enable the Sponsor field for the guest to fill in when creating the request. The guest must enter the sponsor's email address.
    • If you do not enable the Require Sponsor Approval option for guest accounts, guests simply create their own accounts using the template specified in the portal.
  • If you require sponsors and other administrators to connect to the admin UI using https or if you are in a high availability environment where redundant servers do not share an IP address because those servers are on different subnets you must configure settings to generate the correct links in the emails sent to sponsors. See Configure the email link.

Guest self registration

Use the self registration feature to allow a guest to create a request for access to your network from their own device. When the guest opens a browser he is redirected to the registration page in the captive portal. From that page he can either login with previously assigned credentials or request access. Requests are forwarded to a sponsor or to a request pool to be approved or denied. When a request is approved, the guest receives his credentials in the browser on the login page, in an email or in an SMS message sent to his mobile telephone. All guest accounts are configured to expire after a user specified amount of time based on the template with which they are created.

Implementation

It is recommended that you review the Implementation process for guest manager for general setup details. This section covers only those configuration details that are specifically required for Guest self registration.

  • All guest accounts are created based on a template. For guest self registration you must create a template with Visitor Type set to Self-Registered Guest and it must have an account duration to indicate when the account should expire. There is a default template, GuestSelfRegistration, that can be used or you can create a new one. All Self-Registered guests are configured with the same template. The template used is selected in the Portal content editor under Registration > Self Registration Login.
  • Create an administrator profile specifically for administrators that will respond to Guest self registration requests these users could also have permission for guest/contractor accounts or other parts of FortiNAC that you deem appropriate for their job. See Add a guest self registration profile.
  • Create one or more administrator that will be responsible for processing Guest self registration requests and apply the Guest self registration profile. Administrators must have an e-mail address if they are to receive and respond to requests for guest accounts. Note that administrators can be created based on groups in your directory and permissions or profiles can be automatically assigned based on those groups. This can be useful if many people in your organization will be responsible for processing Guest self registration requests. See Set privileges based on directory groups.
  • Configure your portal pages for Guest self registration in the portal content editor. See Portal page setup.
    • Within the Portal you can specify the sponsor or sponsors to which the request should go or you can enable the Sponsor field for the guest to fill in when creating the request. The guest must enter the sponsor's email address.
    • If you do not enable the Require Sponsor Approval option for guest accounts, guests simply create their own accounts using the template specified in the portal.
  • If you require sponsors and other administrators to connect to the admin UI using https or if you are in a high availability environment where redundant servers do not share an IP address because those servers are on different subnets you must configure settings to generate the correct links in the emails sent to sponsors. See Configure the email link.