Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Adding a Guest Splash Page Profile
To create a splash page profile, complete the following steps:
- In the WebUI, set the filter to a group.
The dashboard context for the group is displayed.
- Under
The
> page is displayed.
, click . - To create a new splash page, click the + icon.
The
pane is displayed. - On the tab, configure the parameters described in the following table.
- Enable .
- Set the to if the guest user account must be verified.
- Enable the CNA Captive Network Assistant. CNA is a popup page shown when joining a network that has a captive portal. on the iOS devices.
Enabling CNA bypass allows users to bypass the Apple Captive Network Assistant pop-up on their iOS devices. However, users still need to verify their credentials with a browser. When the CNA bypass is disabled, the iOS clients have to enter the credentials in the CNA pop-up on their devices. The toggle button is displayed only when is enabled. Users can either enable or disable CNA bypass based on their requirement.
to bypass the - Specify a verification criteria to allow the self-registered users to verify through email or phone.
- If email-based verification is enabled and the is selected, a verification link is sent to the email address of the user. The guest users can click the link to obtain access to the Internet.
- If phone-based verification is enabled, the guest users will receive an SMS. The administrators can also customize the content of the SMS by clicking on .
- Specify the duration within the range of 1-60 minutes, during which the users can access free Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. to verify the link.
The users can log in to the network for the specified duration and click the verification link to obtain access to the Internet. - Create an App in the Facebook documentation portal.
Enter details obtained during creation of Facebook app for the following parameters:
Client ID—Enter the app ID obtained from Facebook.
- Client Secret—Enter the secret key obtained from Facebook.
—Allows guest users to use their Facebook credentials to log on to the splash page. To enable Facebook integration, you must create a Facebook app and obtain the app ID and secret key. For more information on app creation, see - Developer Apps in the Twitter documentation portal.
Enter details obtained during creation of the Twitter app for the following parameters:
Client ID—Enter the app ID obtained from Twitter.
- Client Secret—Enter the secret key obtained from Twitter.
—Allows guest users to use their Twitter credentials to log on to the splash page. To enable Twitter integration, you must create a Twitter app and obtain the app ID and secret key. For more information, see - Creating your Project in the Google documentation portal.
Enter details obtained during creation of the Google app for the following parameters:
Client ID—Enter the app ID obtained from Google.
- Client Secret—Enter the secret key obtained from Google.
- Gmail for Work Domain—Enter the domain name to restrict authentication attempts to only the members of a Google hosted domain. Ensure that you have a valid domain account licensed by Google Domains or Google Apps.
- Sign-in Button Test—Specify a text for the sign-in button.
—Allows guest users to use their Google credentials to log on to the splash page. To enable Google integration, you must create a Google app and obtain the app ID and secret key. For more information, see - Creating an App and Sign In with LinkedIn in the LinkedIn documentation portal.
Enter details obtained during creation of the LinkedIn app for the following parameters:
Client ID—Enter the app ID obtained from LinkedIn.
- Client Secret—Enter the secret key obtained from LinkedIn.
—Allows guest user to use their LinkedIn credentials to log on to the splash page. To enable LinkedIn integration, you must create a LinkedIn app and obtain the app ID and secret key. For more information, see - Run the Instant AP command prompt. command at the
- Note the common name or the internal captive portal domain name.
- Add this domain name in the field on the configuration page.
- Save the changes.
- — When selected, upon successful authentication, the user is redirected to the URL that was originally requested.
- — Specify a redirect URL if you want to override the original request of users and redirect them to another URL.
- — Specify the time limit in hours and minutes for data usage during a day. When a user exceeds the configured time limit, the device is disconnected from the network until the next day begins; that is, until 00.00 hours in the specified time zone.
- — This option applies the data usage limit based on authenticated user credentials.
- —This option applies the data usage limit based on user sessions.
- —This option applies the data usage limit based on the MAC address of the client device connected to the network.
— Specify a limit for data usage in MB. You can set this limit to either , , or . When the data usage exceeds the configured limit, the user device is disconnected from the network until the next day begins; that is, until 00.00 hours in the specified time zone. - The values configured for this feature do not serve as hard limits. There might be a slight delay in enforcing daily usage limits due to the time required for processing information.
- For anonymous and Facebook Wi-Fi logins, the daily usage limit is applied per MAC address of the client device connected to the network.
Data Pane Content |
Description |
|
Enter a unique name to identify the splash profile. If you attempt to enter an existing splash profile's name, HPE Aruba Networking Central displays a message stating that . |
|
Configure one of the following authentication methods to provide a secure network access to the guest users and visitors:
|
|
Configure the login method if you want to allow guest users to log in to the Splash page without providing any credentials.For anonymous user authentication, you can also enable a pre-shared key to allow access. To enable a pre-shared key based authentication, set the to ON and specify a password. |
|
Configure authentication and authorization attributes, and login credentials that enable users to access the Internet as guests. You can configure an authentication method based on sponsored access and social networking login profiles. The authenticated options available for configuring the guest splash page are described in the following rows. |
|
The SMS Short Message Service. SMS refers to short text messages (up to 140 characters) sent and received through mobile phones. or email depending on the options selected during registration. based authentication method allows pre-configured visitors to obtain access to wireless connection and the Internet. The visitors or guest users can register themselves by using the splash page when trying to access the network. The password is delivered to the users through print,To allow the guest users to register by themselves: By default, the expiration date for the accounts of self-registered guest users is set to infinite during registration. The administrator or the guest operator can set the expiration date after registration. |
|
Enable Social Login to allow guest users to use their existing login credentials from social networking profiles such as Facebook, Twitter, Google, or LinkedIn and sign on to a third-party website. When a social login based profile is configured, a new login account to access the guest network or third-party websites is not required. When configuring the OAuth Open Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. for the social login, specify the cloud guest URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. provided in the HPE Aruba Networking Central as the Redirect URI Uniform Resource Identifier. URI identifies the name and the location of a resource in a uniform format.. For information about how to obtain the guest URL, see Obtaining the Redirect URL for OAuth. The following social logins are available: |
|
To allow users access the Internet when the external captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. server is not available, click the toggle switch. By default, this option is disabled. |
|
To override the default common name, click the |
|
To set password for anonymous users, enable the Guest Key and enter a password. |
|
Enable the option to provide authorization control to a guest sponsor for allowing and denying a guest from accessing the network. |
|
Enter accepted company domain names. The domain name must match the suffix of the sponsor's email address. The domain names must be company names and not any public domain names such as Gmail, Yahoo, and so on. To add more domain names, click the add icon and enter the domain name. This is a mandatory field. |
|
Enter the allowed email addresses. If you leave this field empty, all emails that correspond to the allowed domains list are permitted to sponsor guests. To add more sponsor emails, click the add icon and enter the sponsor's email address. This is an optional field. |
|
If or option is selected as the guest user authentication method, specify a method for redirecting the users after a successful authentication. Select one of the following options: |
|
If the option is selected as the guest user authentication method, enter the authentication failure message text string returned by the server when the user authentication fails. |
|
Enter the maximum time in Day(s): Hour(s): Minute(s) format for which a client session remains active. The default value is 0:8:00. When the session expires, the users must re-authenticate. If MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. caching is enabled, the users are allowed or denied access based on the MAC address of the connective device. |
|
Select this check box if you want to allow the users to share the Splash Page profile. The Splash Page profiles under All Devices can be shared across all the groups. When you clone an existing group, the unshared splash page profile in the existing group is not cloned to the new group. In the existing group, if an unshared splash page is associated with a guest network, then the splash page value is empty in the guest network of the new group. |
|
Use this option to set a data usage limit for authenticated guest users, anonymous profiles, and Facebook Wi-Fi logins. By default, no daily usage limit is applied. To set a daily usage limit, use one of the following options:
|
|
To allow a URL, click + and add the URL to the allowlist. For example, if the terms and conditions configured for the guest portal include URLs, you can add these URLs to the allowlist, so that the users can access the required web pages. |
Obtaining the Redirect URL for OAuth
When creating social login apps for the splash page, the configuration of OAuth requires a Redirect URL. Use the server URL provided in the splash page configuration in HPE Aruba Networking Central with /oauth/reply suffix. Ensure that the URL is an HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. URL with a domain name and not the IP address. For example, https://example1.cloudguest.arubanetworks.com/oauth/reply.
To get the cloud guest URL, complete the following steps:
- In the WebUI, set the filter to a group.
The dashboard context for the group is displayed.
- Under
The
> page is displayed.Ensure that the pop-up blocker of the browser is disabled.
, click . - Hover over the splash page profile for which you want to view the cloud guest URL and click the
settings icon.
The Splash Page Configuration window is displayed.
Figure 1 Cloud Guest URL
- Copy the cloud guest URL from the Splash Page Configuration window and use it to specify as the Redirect URI in the social login app configuration for OAuth.
- Alternatively, you can also click the
preview icon.
The Splash page is displayed in the browser.
This is the page the guest user will see and use it to sign on to the application.
- Copy the URL from the address bar on the browser and use it to specify as the Redirect URI in the social login app configuration for OAuth.