User PortalΒΆ
During a policy evaluation in case that the user or device is not authenticated or not match with any policy are sent to a captive portal, same captive portal allows to provide network access services for Guest users and Registered users (Those that has a valid credentials):
Can be defined a required patch list as shown by Step1, this means the minimal patches that must be installed in the user device to comply the security policy and access to the network.
For Guest management process sponsored can be used, sponsor is a user that can authorize or deny the access, is required to create a list of user as shown by Step 2 with this role, is as simple as register its name and its email account. This email account will be used for notifications. All sponsored process normally is carry out through an email clicking on an URL to authorize, email server parameters (MTA IP, Ports, credentials must be set) and notification should be configured, please go to the section openNAC Notification at openNAC Deployment Guide -> openNAC Core Deployment -> Server side config -> openNAC notifications.
In the User portal configuration is possible to enable o disable Register User and Guest User form as shown by Step 3 and Step 4. This means that you show or hide it on demand to the users.
Guest user has a 12 hours of session ** and this can be changed as shown by **Step 5
For guest users and registered users is possible to force openNAC Agent installation, if the installation process is not finished the network access is not provided until comply this security policy.
Mobile Connect can be used for guest users and registered users as additional authentication method as shown by Step 7.
Following the initial configuration wizard is possible to define a few user portal parameters, not changes are required but in case User portal IP or Name is required to be change, this can be done as shown by Step 9, IP or FQDN are possible values.
Remember that there is a dependency with DNS Server (DNS Poisoned) and DHCP, please review the section openNAC Core as DNS Server and openNAC Core as DHCP Server for further information.
