This article explains how the Cisco ISE integration works with VisitorOS and how to configure your Cisco ISE environment for the integration.
Who can use this feature?
How the integration works
When a visitor signs in or pre-registers, VisitorOS requests guest Wi-Fi credentials from Cisco ISE and prints the credentials on the visitor badge. This allows VisitorOS to:
- Generate visitor Wi-Fi credentials based on your Cisco ISE guest access configurations.
- Print the visitor's Wi-Fi username and password on their badge.
Configure your Cisco ISE environment
Follow the instructions below to set up your Cisco ISE environment for the integration.
Note:
To set up your Cisco ISE environment to integrate through OAuth 2.0, contact FacilityOS support for more information.
Set up a sponsor user
VisitorOS requires a Cisco ISE sponsor account to authenticate with your Cisco ISE instance and request guest Wi-Fi credentials for visitors.
- In Cisco ISE, click the Menu icon, then select the Administration tab.
- Under "Identity Administration", click Identities.
- Click Add.
- Enter a name for the user, then set up the password. Copy the name and password and save them in a safe location.
- In "User Groups", select ALL_ACCOUNTS or a custom user group that you have already set up for VisitorOS.
- Click Submit.
Set up guest types
Guest types control settings for Wi-Fi credentials, such as how long they remain valid.
By default, Cisco ISE provides the following guest types:
- Contractor: Guests who need access to the network for up to 1 year. The default duration is 90 days.
- Weekly: Guests who need access to the network for up to 2 weeks. The default duration is 5 days.
- Daily: Guests who need access to the network for up to 5 days. The default duration is 1 day.
If you want to create a new guest type for VisitorOS or edit the defaults, see Create or Edit Guest Types.
Make note of the names of the guest types you want to use and save them in a safe location.
Find your sponsor portal ID
The sponsor portal ID identifies the Cisco ISE guest portal configuration associated with the Wi-Fi network.
Cisco ISE provides a default Sponsor Portal, "Sponsor Portal (default)", that you can use to obtain your sponsor portal ID. If you need to create a sponsor portal for VisitorOS, see Create a Sponsor Portal.
- In Cisco ISE, click the Menu icon, then select the Work Centers tab.
- Under "Guest Access", click Portals & Components.
- From the left sidebar, click Sponsor Portals, then choose the portal you want to use.
- Find "Portal Test URL". Copy the portal test URL and save it in a safe location.
Find your location names
The location names tell VisitorOS which sites to create Wi-Fi credentials for.
- In Cisco ISE, click the Menu icon, then select the Work Centers tab.
- Under "Guest Access", click Settings.
-
From the left sidebar, click Guest Locations and SSID. Copy the location names you want to use and save them in a safe location.
Important:
Make sure to copy the exact spelling and capitalization of the location names.
Service URL
You will need the public IP address or URL that VisitorOS must use to connect to your Cisco ISE environment. If you do not know your public IP address or URL, contact your IT department for assistance.
Network configuration
To ensure secure communication between VisitorOS and your Cisco ISE instance, allow inbound and outbound traffic over port 443 (HTTPS).
Your firewall must also allow traffic from the following DNS entry: egress-us.visitoros.com
This DNS entry resolves to the IP addresses used by VisitorOS. Make sure your firewall supports DNS resolution and permits traffic to this domain over port 443 so the connection can be established and maintained successfully.
Note:
If your organization requires static IP allow listing, contact FacilityOS support for the corresponding IP addresses.
Provide your Cisco ISE details to FacilityOS
After configuring your Cisco ISE environment, you will have the following information:
- Cisco ISE sponsor account name
- Cisco ISE sponsor account password
- Guest type name
- Sponsor portal ID (Portal test URL)
- Location name
- Service URL
Send this information to FacilityOS support so they can complete the integration on your behalf.