Business Logic for Account Creation

When guest Someone who is permitted to access the enterprise network or Internet through your Network Access Server. Also, as ClearPass Guest, a configurable ClearPass module for secure guest network access management. Access permissions are controlled through an operator profile that can be integrated with an LDAP server or Active Directory login. accounts are created, there are certain rules that must be followed in order to create a valid account. These rules apply to all accounts, regardless of how the account was created.

The business logic rules that control all guest account creation are described below. To see the display name corresponding to a field In a database or a user interface, a single item of information; attribute. name, go to Configuration > Pages > Fields and scroll to the field name. Display names are shown in the Column Title column.

For information on customizing fields, see Customizing Fields.

Verification Properties

The following table describes the verification properties fields for guest account creation at Configuration > Pages > Fields.

Verification Properties Fields

Field

Description

creator_accept_terms

This field must be set to 1, indicating the creator has accepted the terms of use for creating the account. If the field is not present or is not set to 1, the guest account is not created.

password2

If this field is specified, its value must be equal to the “password” field, or else the guest account is not created.

auto_update_account

If this field is present and set to a non-zero value, account creation will not fail if the username already exists – any changes will be merged into the existing account using an update instead.

Basic User Properties

The following table describes the basic user properties fields for guest account creation at Configuration > Pages > Fields.

Basic User Properties Fields

Field

Description

username

This field is the name for the guest account and may be provided directly. If this field is not specified, then use the email address from the email field, and if that is also not specified, then randomly generate a username (according to the value of the random_username_method and random_username_length fields).

modify_password

This field controls password modification for the guest account. It may be set to one of these values:

“reset” to randomly generate a new password according to the values of the random_password_method and random_password_length fields

“password” to use the password specified in the password field

“random_password” to use the password specified in the random_password field

If blank or unset, the default password behavior is used, which is to use any available value from the random_password field and the password field, or assume that “reset” was specified otherwise.

password

This field is the password for the guest account and may be provided directly. If this field is not specified, then randomly generate a password (according to the values of the random_password_method and random_password_length fields).

role_id

This field is the role Type of access being granted. ClearPass lets you define multiple roles. Such roles could include employee, guest, team member, or press. Roles are used for both guest access (user role) and operator access to ClearPass. to assign to the guest account and may be specified directly. If this field is not specified, then determine the role ID from the role_name field. If no valid role ID is able to be determined, the guest account is not created.

simultaneous_use

This field determines the maximum number of concurrent sessions allowed for the guest account. If this field is not specified, the default value from the GuestManager configuration is used.

random_username_method

The method used to generate a random account username. If not specified, the default value from the GuestManager configuration is used.

random_username_length

The length in characters of random account usernames. If not specified, the default value from the GuestManager configuration is used.

random_password_method

The method used to generate a random account password. If not specified, the default value from the GuestManager configuration is used.

random_password_length

The length in characters of random account passwords. If not specified, the default value from the GuestManager configuration is used. The default password length is six characters.

Guest Account Activation Properties

The following table describes the guest account activation properties fields for guest account creation at Configuration > Pages > Fields.

Guest Account Activation Properties Fields

Field

Description

enabled

This field determines whether the account is enabled or disabled; if not specified, the default is 1 (account is enabled).

do_schedule

These fields are used to determine the time at which the guest account will be activated.

If modify_schedule_time is “none”, then the account is disabled and has no activation time set.

If modify_schedule_time is “now”, then the account is enabled and has no activation time set.

If modify_schedule_time is a value that specifies a relative time change, for example “+1h”, then the guest account’s activation time is modified accordingly.

If modify_schedule_time is a value that specifies an absolute time, for example “2010-12-31 17:00”, then the guest account’s activation time is set to that value.

If modify_schedule_time is “schedule_after” or “schedule_time”, then the activation time is determined according to the schedule_after or schedule_time fields as explained below.

If schedule_after is set and not zero, then add that time in hours to the current time and use it as the activation time (setting do_schedule to 1); enabled will be set to zero.

Otherwise, if schedule_after is zero, negative or unset, and schedule_time has been specified, use that activation time (set do_schedule to 1 and enabled to 0). If the schedule_time specified is in the past, set do_schedule to 0 and enabled to 1.

Otherwise, if schedule_time if not specified, then the guest account has no activation time and do_schedule will default to zero.

modify_schedule_time

schedule_after

schedule_time

Guest Account Expiration Properties

The following table describes the guest account expiration properties fields for guest account creation at Configuration > Pages > Fields.

Guest Account Expiration Properties Fields

Field

Description

do_expire

These fields are used to determine the time at which the guest account will expire.

If modify_expire_time is “none”, then the account has no expiration time set.

If modify_expire_time is “now”, then the account is disabled and has no expiration time set.

If modify_expire_time is a value that specifies a relative time change, for example “+1h”, then the guest account’s expiration time is modified accordingly.

If modify_expire_time is a value that specifies an absolute time, for example “2010-12-31 17:00”, then the guest account’s expiration time is set to that value.

If modify_expire_time is “expire_after” or “expire_time”, then the expiration time is determined according to the expire_after or expire_time fields as explained below.

If expire_after is set and not zero and the account will be activated immediately, then add the value in hours to the current time to determine the expiration time.

If expire_after is set and not zero and account activation is set for a future time (schedule_time) instead of the current time, then the expiration time is calculated relative to the activation time instead of the current time.

Otherwise, if expire_after is zero, negative or unset, and expire_time has been specified, use that expiration time. If the expire_time specified is in the past, set do_expire to 0 and ignore the specified expiration time.

If the expire_timezone field is used in conjunction with expire_time and a time zone and date are selected, the date calculation is adjusted relative to the time zone.

Otherwise, if expire_time is not specified, then the expire_time is not set and do_expire will always be set to zero.

If the do_expire field is not included in the form Interactive page in the application where users can provide or modify data., the default expiration action is 4, Logout and Delete. This can be configured on the Customize Guest Manager page.

modify_expire_time

expire_after

expire_time

expire_postlogin

This field determines the amount of time after the initial login for which the guest account will remain valid. If this field is not specified, the default value is 0 (account lifetime not set).

expire_usage

This field determines the total amount of login time permitted for the guest account. If this field is not specified, the default value is 0 (account usage is unlimited).

Other Properties

All other properties specified at creation time are stored with the guest account (for example, email, visitor_name, visitor_company, visitor_phone, sponsor_name as well as any custom fields that have been defined).