How to Configure Credential Delivery for Secure Guest Access

---

Secure Guest Access provides secure network access for wireless guests via 802.1x PEAP by sending a unique username, password, and access instructions for the secure SSID to guests via an email address or mobile phone (via SMS text). Use the instructions in this Help topic to configure the method that will be used to send guests their credentials and access instructions for the secure SSID.

Configuration Steps

The Credential Delivery method is configured in your portal configuration. Depending on the method you specify, the appropriate custom fields must be configured for display on the Registration web page, so that end users can enter the required information.

The following table provides a description of each credential delivery method and lists their custom field requirements.

User Verification Method	Description	Custom Field Requirement
Captive Portal	The credential information will be displayed on the Registration web page.	There are no Custom Field requirements.
Email	The end user must enter a valid email address on the Registration web page.	The Email Address Custom Field must be set to Required.
SMS Gateway	The SMS Gateway provider must support SMTP API. The SMS Gateway provider converts the email to an SMS text message. The end user must enter a mobile phone number on the Registration web page.	The Phone Number Custom Field must be set to Required.
SMS Gateway or Email	The SMS Gateway provider must support SMTP API. The SMS Gateway provider converts the email to an SMS text message. The end user must enter a mobile phone number or email address on the Registration web page.	The Phone Number and Email Address Custom Fields must be set to Visible.
SMS Text Message	The mobile provider converts the email to an SMS text message. The end user must enter a valid mobile phone number on the Registration web page.	The Phone Number Custom Field must be set to Required.
SMS Text or Email	The mobile provider converts the email to an SMS text message. The end user must enter a valid mobile phone number or email address on the Registration web page.	The Phone Number and Email Address Custom Fields must be set to Visible.

Use the following steps to configure credential delivery for Secure Guest Access in your portal configuration.

1. In NAC Manager, access the Portal Configuration. Click on the Secure Guest Access selection in the Portal Configuration tree. (If you don't see this selection, click Features in the tree and enable the Secure Guest Access feature.)
2. In the Secure Guest Access panel, use the drop-down menu to select the desired Credential Delivery Method (refer to the table above).
   
   
3. If you selected the "SMS Text Message" or the "SMS Text or Email" Credential Delivery method, click the Service Providers "change" link to configure the list of mobile service providers from which end users can select on the Registration web page. The Mobile Service Provider List provides a default list of providers that can be edited to include the appropriate service providers for your geographic location.
   
   
   
   You can comment out entries by preceding each line with either a # or // to allow temporary editing of the file without removing the text.
   
   The list requires one service provider entry per line, using the following format: <Provider>:phonenumber@<specificdomain>.
   
   When the end user registers, they will see only the <Provider> portion in the drop-down list of providers on the Registration web page.
   
   Click OK to close the window.
4. If you have selected the "SMS Gateway" or "SMS Gateway or Email" method, enter the SMS Gateway Email address provided by the SMS Gateway provider.
   
   

5. For all methods, click on the Message Strings "change" link to open the Message Strings Editor where you can customize the text displayed on the Registration web page and the messages sent to the end user.
   
   
   
   

   You will need to modify different message strings sent to the end user, depending on the delivery method or methods you selected. Double-click on the message to open a window where you can edit the message text.

   NOTE:

   When customizing message strings for text messaging (SMS Gateway or SMS Text Message) it is best to keep the message length as short as possible (under the maximum 160 characters limit). Some providers will break long messages into multiple messages and other providers will truncate the message, which could cause important information to be missing from the text message the guest receives.

   • Email - This method uses the following strings:
     • secureGuestAccessEmailMsgBody - the default message shouldn't need to be changed.
     • secureGuestAccessEmailSentFromAddress - you will need to change the default message to the appropriate email address for your company.
     • secureGuestAccessEmailSentFromName - the default message shouldn't need to be changed.
     • secureGuestAccessEmailSubject - the default message shouldn't need to be changed.
   • SMS Gateway - Depending on your SMS Gateway provider and their required format, modify the following message strings using appropriate variables to customize the dynamic data such as phone number.
     • secureGuestAccessSMSMsgBody
     • secureGuestAccessSMSSubject
   • SMS Text Message - This method uses the following strings. The default messages shouldn't need to be changed.
     • secureGuestAccessSMSMsgBody
     • secureGuestAccessSMSSubject

   Click OK to close the window.

6. In the Web Page Customizations (Shared) section, click the Customize Fields "change" link to open the Manage Custom Fields window.
   
   
7. Set the appropriate custom fields to display on the Registration web page, depending on the delivery method you selected (refer to the table above). If you do not set these fields, NAC will automatically set them for you based on your delivery method.
   
   These settings are shared by Guest Web Access, Guest Registration, and Secure Guest Access. Changing them for one access type will also change them for the others. For more information, see the Manage Custom Fields Window.
   
   
   Click OK to close the window.
8. Back in the Portal Configuration, click Save to save your changes. Close the NAC Configuration window. Enforce the new portal configuration to your appliance(s). Credential delivery is now configured for your secure guest access.

How Secure Guest Access Works

When a guest attempts to access the network, the Registration web page asks for their email address and/or phone number, and any other required/configured information.

 

When they click the Complete Registration button, they see the following screen that notifies them to check their email or phone for instructions on how to gain access to the network.

 

They are sent a username, password, and access instructions via an email or a phone text message.

 

When they connect to the Secure Wireless network, they will enter their username and password in this screen to gain access to the network.

---

Related Information

For information on related help topics:

• Portal Configuration