1. FacilityOS Help Center
  2. VisitorOS
  3. VisitorOS integrations
  4. Microsoft integrations

Integrate Cisco ISE with VisitorOS

Hamzah Ahmad
Updated

This article explains how the Cisco ISE integration works with VisitorOS and how to configure your Cisco ISE environment for the integration.

How the integration works

When a visitor signs in or pre-registers, VisitorOS requests guest Wi-Fi credentials from Cisco ISE and prints the credentials on the visitor badge. This allows VisitorOS to:

  • Generate visitor Wi-Fi credentials based on your Cisco ISE guest access configurations.
  • Print the visitor's Wi-Fi username and password on their badge.

Configure your Cisco ISE environment

Follow the instructions below to set up your Cisco ISE environment for the integration.

Note:

To set up your Cisco ISE environment to integrate through OAuth 2.0, contact your FacilityOS Customer Success Manager (CSM) for more information.

Set up a sponsor user

VisitorOS requires a Cisco ISE sponsor account to authenticate with your Cisco ISE instance and request guest Wi-Fi credentials for visitors.

  1. In Cisco ISE, click the Menu icon, then select the Administration tab.
  2. Under "Identity Administration", click Identities.
  3. Click Add.
  4. Enter a name for the user, then set up the password. Note down the name and password. You will send them to your CSM later.
  5. In "User Groups", select ALL_ACCOUNTS or a custom user group that you have already set up for VisitorOS.
  6. Click Submit.

Set up guest types

Guest types control settings for Wi-Fi credentials, such as how long they remain valid.

By default, Cisco ISE provides the following guest types:

  • Contractor: Guests who need access to the network for up to 1 year. The default duration is 90 days.
  • Weekly: Guests who need access to the network for up to 2 weeks. The default duration is 5 days.
  • Daily: Guests who need access to the network for up to 5 days. The default duration is 1 day.

If you want to create a new guest type for VisitorOS or edit the defaults, see Create or Edit Guest Types.

Make note of the names of the guest types you want to use. You will send them to your CSM later.

Find your sponsor portal ID

The sponsor portal ID identifies the Cisco ISE guest portal configuration associated with the Wi-Fi network.

Cisco ISE provides a default Sponsor Portal, "Sponsor Portal (default)", that you can use to obtain your sponsor portal ID. If you need to create a sponsor portal for VisitorOS, see Create a Sponsor Portal.

  1. In Cisco ISE, click the Menu icon, then select the Work Centers tab.
  2. Under "Guest Access", click Portals & Components.
  3. From the left sidebar, click Sponsor Portals, then choose the portal you want to use.
  4. Find Portal Test URL, then make note of the URL. The URL contains your portal ID. You will send the URL to your CSM later.

Find your location names

The location names tell VisitorOS which sites to create Wi-Fi credentials for.

  1. In Cisco ISE, click the Menu icon, then select the Work Centers tab.
  2. Under "Guest Access", click Settings.

  3. From the left sidebar, click Guest Locations and SSID, and make note of the location names you want to use. You will send them to your CSM later.

    Important:

    Make sure to note the exact spelling and capitalization of the location names.

Service URL

You will need to send your CSM the public IP address or URL that VisitorOS must use to connect to your Cisco ISE environment. If you do not know your public IP address or URL, contact your IT department for assistance.

Network configuration

To ensure secure communication between VisitorOS and your Cisco ISE instance, allow inbound and outbound traffic over port 443 (HTTPS).

Your firewall must also allow traffic to the following DNS entry: egress-us.visitoros.com

This DNS entry resolves to the IP addresses used by VisitorOS. Make sure your firewall supports DNS resolution and permits traffic over port 443 to this domain so the connection can be established and maintained successfully.

Note:

If your organization requires static IP allow listing, the corresponding IP addresses can be provided by your CSM.

Provide your Cisco ISE details to your CSM

After configuring your Cisco ISE environment, you will have the following information:

  • Cisco ISE sponsor account name
  • Cisco ISE sponsor account password
  • Guest type name
  • Sponsor portal ID (Portal test URL)
  • Location name
  • Service URL

Send this information to your CSM, and they will complete the integration on your behalf.

Was this article helpful?
0 out of 0 found this helpful