Managing guest policies

A guest policy is a set of guest registration parameters that are applied to users based on their registration time, registration location, and endpoint used.

To apply a guest policy to guest registration:

1. Configure a guest policy and assign it to a guest group in UAM.

2. Configure a page push policy. Associate a guest login page and the guest group with specific conditions in the policy. Conditions indicate the location, access time, and endpoint of users.

When an endpoint user attempts to access the network, UAM automatically obtains user access information. If the user attempts to access unauthorized resources, UAM performs the following operations:

• Pushes the login page associated with the matching conditions to the user.

• Determines the guest group for the user according to the matching conditions, and then applies the guest policy of the guest group. If no guest policy is assigned to the guest group, UAM applies the default guest policy to the user.

1. Click the User tab.

2. From the navigation tree, select Guest > Guest Policy.

   The list includes all guest policies.

   Guest policy list contents

   • Policy Name—Name of the guest policy. Click the name to view the guest policy details.

   • Description—Description of the guest policy.

   • Modify—Click the Modify icon to modify the guest policy.

   • Delete—Click the Delete icon to delete the guest policy.

UAM predefines a policy named Default Guest Policy for all guests located in a guest group with no guest policy assigned. The default guest policy must use the default guest service.

If no default guest service is specified, configure the default guest service first. For more information, see "Specifying the default guest service." After the default guest service is specified, it is automatically assigned to the default guest policy and cannot be deleted.

1. Access the guest policy list page.

2. Click the name of the guest policy with the detailed information you want to view. The guest policy details page includes the following parameters:

   Basic Information

   • Policy Name—Name of the guest policy.

   • Description—Description of the guest policy.

   Guest Parameters Settings

   • Guest Auto-Registration—Whether or not preregistered guests can be automatically registered without the approval of a guest manager. The value can be Enable or Disable. This parameter takes effect only when the Guest Auto-Registration parameter is enabled on the Guest Parameters page.

   • Send Guest Password by—This parameter determines the way in which UAM sends the password to a guest that is successfully registered. Options are SMS Message and Email.

     • To send guest passwords by SMS message, configure the SMS message content. For information about configuring SMS system parameters, see HPE Intelligent Management Center v7.3 Enterprise and Standard Platform Administrator Guide. For information about configuring the SMS message content, see "Delivering messages."

     • To send guest passwords by email, make sure the mail server settings are correctly configured in the system configuration of the IMC platform. The email content is predefined by the system and cannot be modified.

     If neither option is selected, UAM does not send passwords to guests.

   • Display QR Code after Guest Preregistration—Whether or not to display a QR code after a guest is preregistered. The guest manager can scan the QR code to approve the guest registration.

   • Validate Guest at—Determines the time when a guest is validated. This parameter applies to all guests except those preregistered on the self-service center. The value can be Specified Time or First Login.

     • Specified Time—After a guest is automatically registered, the guest validity time specified by the guest manager applies to the guest.

     • First Login—A registered guest becomes valid at first login.

   • Default validity period of guests—Default validity period of guests whose expiration time is not configured or cannot be configured. The validity period of those guests are also affected by the Guest Maximum Validity Time parameter of a guest manager. If the two parameters use different values, the parameter with the smaller value applies to the guests. For information about configuring the Guest Maximum Validity Time parameter, see "Adding a guest manager."

   • Guest Password Lifetime—Maximum time in which a guest password is valid. Once the password is expired, the guest cannot access the network. The value 0 indicates the guest password never expires.

   • Password Generation Rule—Rule that defines the type of passwords dynamically generated by UAM. UAM supports the following password generation rules:

     • N Bit Numeric.

     • N Bit Letters.

     • N Bit Alphanumeric.

     N is an integer in the range of 1 to 32. This parameter does not take effect when guests manually enter passwords for registration.

   • Default Online Guests—Default value of Max. Concurrent Logins displayed on the guest preregistration page.

   • Max. Online Guests—Maximum value that can be specified for Max. Concurrent Logins on the guest preregistration page.

   Quick Account Creation

   • Guest Lite Registration Verification—Method of verifying endpoint users for guest registration. The value can be:

     • Verification Code—The user must enter the verification code generated on the SMS guest sign-in and authentication page.

     • License Code[XXX]—The user must enter the correct license code generated in the brackets ([]).

     • No Verification—The user does not need to be verified.

     Use Verification Code or License Code to prevent malicious registration.

   • Name Generation Rule—Rule for UAM to generate guest account names. The value can be Millisecond value for system time, Prefix[XXXX]+millisecond value, or YYMMDDhhmmss+4-digit random number.

     For example, if a guest is registered at 2014-01-01 08:08:08:123 (1388534888123 in milliseconds), UAM generates one of the following account names for the guest:

     • 1388534888123 when Millisecond value for system time is selected.

     • auto1388534888123 when Prefix+millisecond value is selected and the prefix is set to auto.

     • 140101080808ZZZZ when YYMMDDhhmmss+4-digit random number is selected. ZZZZ indicates the 4-digit random number.

   Guest Service List

   The list displays the default guest service to be assigned to guests who use this guest policy. The guest manager can modify the guest service for individual guests when approving the guest registration.

   Guest Group List

   The list displays the guest groups to which this guest policy is assigned.

3. Click Back.

1. Access the guest policy list page.

2. In the Query Guest Policies area, specify one or more of the following query criteria:

   • Policy Name—Enter a partial or complete name of the guest policy.

   • Guest Service—Select a guest service from the list.

   • Guest Group—Click the Select User Group icon . In the Select User Group window, select a user group and click OK.

   The query ignores empty fields.

3. Click Query. The list shows all guest policies that match the query criteria.

4. Click Reset to clear the query criteria. The list shows all guest policies in UAM.

1. Access the guest policy list page.

2. Click Add.

   The Add Guest Policy page opens.

3. Configure the basic parameters:

   • Policy Name—Enter a unique name for the guest policy.

   • Description—Enter a description for the guest policy.

4. Configure the basic functions settings:

   • Guest Auto-Registration—Select whether or not to allow preregistered guests to be automatically registered without the approval of a guest manager. Options are Enable and Disable. This parameter takes effect only when the Guest Auto-Registration parameter is enabled on the Guest Parameters page and the default guest manager and guest service are configured.

   • Send Guest Password by—Select the way in which UAM sends the password to a guest that is successfully registered. Options are SMS Message and Email.

     • To send guest passwords by SMS message, configure the SMS message content. For information about configuring SMS system parameters, see HPE Intelligent Management Center v7.3 Enterprise and Standard Platform Administrator Guide. For information about configuring the SMS message content, see "Delivering messages."

     • To send guest passwords by email, make sure the mail server settings are correctly configured in the system configuration of the IMC platform. The email content is predefined by the system and cannot be modified.

     If neither option is selected, UAM does not send passwords to guests.

   • Display QR Code after Guest Preregistration—Select whether or not to display a QR code after a guest is preregistered. The guest manager can scan the QR code to approve the guest registration.

   • Validate Guest at—Select the time to validate a guest. This parameter applies to all guests except those preregistered on the self-service center. Options are Specified Time or First Login.

     • Specified Time—After a guest is automatically registered, the guest validity time specified by the guest manager applies to the guest.

     • First Login—A registered guest becomes valid at first login.

   • Default validity period of guests—Specify the default validity period of guests whose expiration time is not configured or cannot be configured. The validity period of those guests are also affected by the Guest Maximum Validity Time parameter of a guest manager. If the two parameters use different values, the parameter with the smaller value applies to the guests. For information about configuring the Guest Maximum Validity Time parameter, see "Adding a guest manager."

   • Guest Password Lifetime—Specify the time period in which a guest password is valid. For example, if Guest Password Lifetime is 2 days, a password set on 2014-10-10 10:00 will expire on 2014-10-12 10:00. Once the password is expired, the guest cannot access the network. The value 0 indicates the guest password never expires.

   • Password Generation Rule—Configure the rule to define the type of passwords dynamically generated by UAM. UAM supports the following password generation rules:

     • N Bit Numeric.

     • N Bit Letters.

     • N Bit Alphanumeric.

     N is an integer in the range of 1 to 32. This parameter does not take effect when guests manually enter passwords for registration.

   • Default Online Guests—Enter the default value of Max. Concurrent Logins displayed on the guest preregistration page.

   • Max. Online Guests—Enter the maximum value that can be specified for Max. Concurrent Logins on the guest preregistration page.

5. Configure the quick guest creation settings:

   • Guest Lite Registration Verification—Select the method for verifying endpoint users for guest registration. The value can be:

     • Verification Code—The user must enter the verification code generated on the SMS guest sign-in and authentication page.

     • License Code[XXX]—The user must enter the correct license code generated in the brackets ([ ]).

     • No Verification—The user does not need to be verified.

     Use Verification Code or License Code to prevent malicious registration.

   • Name Generation Rule—Select the rule for UAM to generate guest account names. Options are Millisecond value for system time, Prefix + millisecond value, and YYMMDDhhmmss + 4-digit random number. If Prefix + millisecond value is selected, enter the prefix in the text box next to this field.

     For example, if a guest is registered at 2014-01-01 08:08:08:123 (1388534888123 in milliseconds), UAM generates one of the following account names for the guest:

     • 1388534888123 when Millisecond value for system time is selected.

     • auto1388534888123 when Prefix+millisecond value is selected and the prefix is set to auto.

     • 140101080808ZZZZ when YYMMDDhhmmss + 4-digit random number is selected. ZZZZ indicates the 4-digit random number.

6. On the Guest Service List, select the default guest service for guests to whom this policy is assigned. Only one service can be selected. For information about configuring guest services, see "Adding guest services."

7. On the Guest Group List, select the guest groups to which this guest policy is assigned. Guest groups are unavailable if they are already assigned to other guest policies.

   To automatically select the parent groups and subgroups of the selected guest groups, select the following option: The father and child groups are automatically selected when you select a user group.

8. Click OK.

1. Access the guest policy list page.

2. Click the Modify icon for the guest policy you want to modify.

   The Modify Guest Policy page opens.

3. Modify the guest policy parameters. For information about the parameter descriptions, see "Adding a guest policy."

4. Click OK.

1. Access the guest policy list page.

2. Click the Delete icon for the guest policy you want to delete.

   A confirmation dialog box opens.

3. Click OK.