Skip to main content
Ronald
Ronald
New Member
March 16, 2016
Solved

Guest Social Login with Administrator Approval

  • March 16, 2016
  • 1 reply
  • 9198 views

Hi,

 

  Does anyone know if I can user social login guest registration along with administration approval? I mean, the guest user register itself using social login (FB, Linkedin, etc) then some administrators receives an email to allow the user to navigate ?

  I am using a FortiAuthenticator v4.00-build0019-20151007-patch00.

 

  PS: I have "Require administrator approval" on Self-service portal -> self-registration ENABLED but only works in the regular form.

 

Thanks in advanced.

 

Ronald

    Best answer by Carl_Windsor_FTNT

    This sounds like a perfect use case for the self registration portal.  This would be the workflow:

    [ul]
  • User connects to wireless network (open access) and browses to internet
  • User hits the FGT which is configured to block the user with the standard firewall block page but you edit it with instructions to "Click here to register" which points to the FAC self reg page https://<FAC_IP>/auth/register
  • User registers, creating their own login but if "Require administrator approval" is set, and email will be sent to the chosen admins to approve before the user can log in.[/ul]

    One other common usage scenario is to pre-create a list of time limited user accounts and print the list out for distribution to users (as often happens in hotels).  There are some major changes planned in the 5.0 release around this guest management area.

    • 1 reply

    Carl_Windsor_FTNT
    Staff
    Carl_Windsor_FTNT
    Staff
    March 17, 2016

    I already replied to this question posed via the techdocs alias but will add it here for others.

     

    The purpose of the Social Authentication is simple guest wireless access e.g. in a public space, coffee shop etc.  In this case there is requirement to provide free open access but at the same time a legal necessity to know who is using the network.  

    The Admin Approval feature is for the self-registration portal which is not connected to the Social Auth feature therefore it is not possible to achieve your goal.

     

    I am curious as to your use case though as we are making major changes in the Guest Managemnt side in future releases and it would be good to see if they would meet your needs.  Why would you need the administrator to approve the Social access and why not use the self-reg portal using e.g. email or SMS instead.

    Ronald
    RonaldAuthor
    New Member
    March 17, 2016

    Hi Carl,

     

    First of all, thank you very much for the answer. I had tried to find this information at Fortinet website but I couldn't. I even read the "FortiAuthenticator - Administration Guide" but there it wasn't clear. I really apreciate if you could provide me the link for your metioned previous post, so it will be ore more place to look next time :)

    I got your point and I will try to explain our need. We are a WebStore company and we have some offices where we regularly have partners or suppliers coming and go. The drive of our IT staff is offer GUEST access in a "easy way" without be necessary to fill forms. We thought Social Login it was very nice way.

     

    On the flip side I can't let this access open to anyone for security reasons. We have another buildings/companys very close (neighbors) or even someone in the street or at Cultural Center, across the street could discover the SSID and use it without our concern, even for short time. I also want to avoid any of our own employees from use this network.

     

    One more question, this e-mail or sms, you mean, inside Social Portal/social_login context ? Or are you talking about the regular form Credentials Portal/caplogin ? I am saying both under Captive Portal.

     

    Thank you, again.

     

    Sincerely,

     

    Ronald

    Carl_Windsor_FTNT
    Staff
    Carl_Windsor_FTNTAnswer
    Staff
    March 17, 2016

    This sounds like a perfect use case for the self registration portal.  This would be the workflow:

    [ul]
  • User connects to wireless network (open access) and browses to internet
  • User hits the FGT which is configured to block the user with the standard firewall block page but you edit it with instructions to "Click here to register" which points to the FAC self reg page https://<FAC_IP>/auth/register
  • User registers, creating their own login but if "Require administrator approval" is set, and email will be sent to the chosen admins to approve before the user can log in.[/ul]

    One other common usage scenario is to pre-create a list of time limited user accounts and print the list out for distribution to users (as often happens in hotels).  There are some major changes planned in the 5.0 release around this guest management area.

    • Terms & ConditionsAccessibility statement