Cloud Identity/Social Media Authentication Service Template

You can use this service template to authenticate guest users who log in to the network via captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. with their social media accounts. Guests must reauthenticate after their session ends. You can limit the network access for guest devices that do not have a user directly associated with them for a specific duration in days or by a bandwidth limit. Services created using the Cloud Identity / Social Media Authentication template now have single sign-on (SSO Single Sign-On. SSO is an access-control property that allows the users to log in once to access multiple related, but independent applications or systems to which they have privileges. The process authenticates the user across all allowed resources during their session, eliminating additional login prompts.) as the authentication method Instead of CHAP Challenge Handshake Authentication Protocol. CHAP is an authentication scheme used by PPP servers to validate the identity of remote clients., MSCHAP, or PAP Password Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure..

To access the Cloud Identity/Social Media Authentication service template:

1. Navigate to Configuration > Service Templates & Wizards.

2. From the Service Templates & Wizards page, select Cloud Identity/Social Media Authentication.

The Service Templates - Cloud Identity/Social Media Authentication page opens to the General tab.

Figure 1  Cloud Identity/Social Media Authentication Service Template

3. Specify the parameters in the Service Templates - Cloud Identity/Social Media Authentication service template as described in the following table:

Table 1: Cloud Identity/Social Media Authentication Service Template Parameters

Parameter

Description
General

Name Prefix

Enter a prefix that you want to append to services using this template. Use this to identify services that use this service templates.

Wireless Network Settings

Select Wireless Controller

From the drop-down, select the IP address of the wireless controller.

Wireless Controller Name

When you select the Wireless controller, Policy Manager automatically populates this field..

Controller IP Address

When you select the Wireless controller, Policy Manager automatically populates this field...

Vendor Name

When you select the Wireless controller, Policy Manager automatically populates this field.

RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Shared Secret

When you select the Wireless controller, Policy Manager automatically populates the shared secret that is configured on the controller and in Policy Manager to send and receive RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  requests.

Enable RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions.

When you select the wireless controller, Policy Manager automatically enables RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. -initiated CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. (Change of Authorization) on the network device.

RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. Port

Specifies the default port 3799 when RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. is enabled.

NOTE: Change this value only if you defined a custom port on the network device.

Guest Access Restrictions

Social Login Provider

Select the social media network provider(s): Google, Facebook, LinkedIn, and X.

Days allowed for access

Deselect the days of the week that the guest users are not allowed network access.

By default, all seven days of the week are enabled for guest access.

Maximum bandwidth allowed per user

Specify the maximum amount of data in Megabytes a user is allowed per day. A value of 0 (zero) means no limit is set (the default).

4. Click Add Service.

You return to the Service page where the new service created by the service template has been added and enabled. A message like the following is also displayed:

Added 6 Enforcement Profile(s)

Added 1 Enforcement Policies

Added 1 service(s)