Configuring a Guest Splash Page Profile

The Guest app allows MSP administrators to configure Splash Page profiles for tenant accounts. If the tenant account is mapped to a group and the Guest service is enabled on the tenant account, the tenant account users inherit the splash page profiles configured in the MSP. If the group associated to a tenant account is locked for editing on the MSP mode, the tenant account users cannot edit the Splash Page profiles inherited from the MSP. The guest MSP administrator users can delete only those Splash Pages that are not linked to any tenant account.

This topic describes the following procedures:

Meta will terminate Facebook Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. service soon. With this, existing visitor deployments within Aruba Central Guest and Aruba ClearPass Guest ClearPass Guest is a configurable ClearPass application for secure visitor network access management. that use Facebook Wi-Fi will stop working. This only impacts the Facebook Wi-Fi functionality offered through Meta. Customers using Facebook authentication as a remote identity source are not affected. Customers are advised to read and complete the recommended configuration changes explained in the Aruba Central and ClearPass Policy Manager - Guest Access after Facebook Wi-Fi Service Ends support advisory at Aruba Support Portal at the earliest to ensure guest network authentication remains functional after the termination of Facebook Wi-Fi.

Adding a Guest Splash Page Profile

To create a splash page profile, complete the following steps:

  1. In the Aruba Central app, set the filter to a group.

    The dashboard context for the group is displayed.

  2. Under Manage, click Guests.

    The Guest Access > Splash Pages page is displayed.

  3. To create a new splash page, click the + icon.

    The New Splash Page pane is displayed.

  4. On the Configuration tab, configure the parameters described in the following table:

    5. Table 1: Splash Page Configuration

    Data Pane Content

    Description

    Name

    Enter a unique name to identify the splash profile.

    NOTE: If you attempt to enter an existing splash profile's name, Aruba Central displays a message stating that Splash page with this name already exists.

    Type

    Configure any of the following authentication methods to provide a secure network access to the guest users and visitors.

    Anonymous

    Authenticated

    Facebook Wi-Fi

    Anonymous

    Configure the Anonymous login method if you want to allow guest users to log in to the Splash page without providing any credentials.

    For anonymous user authentication, you can also enable a pre-shared key to allow access. To enable a pre-shared key based authentication, set the Guest Key to ON and specify a password.

    Authenticated

    Configure authentication and authorization attributes, and login credentials that enable users to access the Internet as guests. You can configure an authentication method based on sponsored access and social networking login profiles.

    The authenticated options available for configuring the guest splash page are described in the following rows.

    Username/Password

    The Username/Password based authentication method allows pre-configured visitors to obtain access to wireless connection and the Internet. The visitors or guest users can register themselves by using the splash page when trying to access the network. The password is delivered to the users through print, SMS Short Message Service. SMS refers to short text messages (up to 140 characters) sent and received through mobile phones. or email depending on the options selected during registration.

    To allow the guest users to register by themselves:

    1. Enable Self-Registration.
    2. Set the Verification Required to ON if the guest user account must be verified.
    3. Enable the Bypass Apple Captive Network Assistant (CNA) to bypass the CNA Captive Network Assistant. CNA is a popup page shown when joining a network that has a captive portal. on the iOS devices. Enabling CNA bypass allows users to bypass the Apple Captive Network Assistant pop-up on their iOS devices. However, users still need to verify their credentials with a browser. When the CNA bypass is disabled, the iOS clients have to enter the credentials in the CNA pop-up on their devices. The Bypass Apple Captive Network Assistant (CNA) toggle button is displayed only when Verification Required is enabled. Users can either enable or disable CNA bypass based on their requirement.
    4. Specify a verification criteria to allow the self-registered users to verify through email or phone.
      • If email-based verification is enabled and the Send Verification Link is selected, a verification link is sent to the email address of the user. The guest users can click the link to obtain access to the Internet.
      • If phone-based verification is enabled, the guest users will receive an SMS. The administrators can also customize the content of the SMS by clicking on Customize SMS.
    5. Specify the duration within the range of 1-60 minutes, during which the users can access free Wi-Fi to verify the link. The users can log in to the network for the specified duration and click the verification link to obtain access to the Internet.

    By default, the expiration date for the accounts of self-registered guest users is set to infinite during registration. The administrator or the guest operator can set the expiration date after registration.

    Social Login

    Enable Social Login to allow guest users to use their existing login credentials from social networking profiles such as Facebook, Twitter, Google, or LinkedIn and sign on to a third-party website. When a social login based profile is configured, a new login account to access the guest network or third-party websites is not required.

    NOTE: When configuring the OAuth Open Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. for the social login, specify the cloud guest URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. provided in the Aruba Central as the Redirect URI Uniform Resource Identifier. URI identifies the name and the location of a resource in a uniform format.. For information about how to obtain the guest URL, see Obtaining the Redirect URI for OAuth.

    The following social logins are available:

    • Facebook—Allows guest users to use their Facebook credentials to log on to the splash page. To enable Facebook integration, you must create a Facebook app and obtain the app ID and secret key. For more information on app creation, see Create an App in the Facebook documentation portal.

      Enter details obtained during creation of Facebook app for the following parameters:

      • Client ID—Enter the app ID obtained from Facebook.

      • Client Secret—Enter the secret key obtained from Facebook.
    • Twitter—Allows guest users to use their Twitter credentials to log on to the splash page. To enable Twitter integration, you must create a Twitter app and obtain the app ID and secret key. For more information, see Developer Apps in the Twitter documentation portal.

      Enter details obtained during creation of the Twitter app for the following parameters:

      • Client ID—Enter the app ID obtained from Twitter.

      • Client Secret—Enter the secret key obtained from Twitter.
    • Google—Allows guest users to use their Google credentials to log on to the splash page. To enable Google integration, you must create a Google app and obtain the app ID and secret key. For more information, see Creating your Project in the Google documentation portal.

      Enter details obtained during creation of the Google app for the following parameters:

      • Client ID—Enter the app ID obtained from Google.

      • Client Secret—Enter the secret key obtained from Google.
      • Gmail for Work Domain—Enter the domain name to restrict authentication attempts to only the members of a Google hosted domain. Ensure that you have a valid domain account licensed by Google Domains or Google Apps.
      • Sign-in Button Test—Specify a text for the sign-in button.
    • LinkedIn—Allows guest user to use their LinkedIn credentials to log on to the splash page. To enable LinkedIn integration, you must create a LinkedIn app and obtain the app ID and secret key. For more information, see Creating an App and Sign In with LinkedIn in the LinkedIn documentation portal.

      Enter details obtained during creation of the LinkedIn app for the following parameters:

      • Client ID—Enter the app ID obtained from LinkedIn.

      • Client Secret—Enter the secret key obtained from LinkedIn.

    Facebook Wi-Fi

    If you want to enable network access through the free Wi-Fi service offered by Facebook. Select the Facebook Wi-Fi option. The Facebook Wi-Fi feature allows you to pair your network with a Facebook business page, thereby allowing the guest users to log in from Wi-Fi hotspots Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. using their Facebook credentials.

    If the Facebook Wi-Fi business page is set up, when the users try to access the Internet, the browser redirects the user to the Facebook page. The user can log in with their Facebook account credentials and can either check in to access free Internet or skip checking in and then continue.

    Facebook Wifi Configuration

    After selecting the Facebook Wi-Fi option, complete the following steps to continue with the Facebook Wi-Fi configuration.

    1. Click the Configure Now link.
    2. Sign in to your Facebook account.
    3. If you do not have a business page, click Create Page. For more information on setting Facebook Wi-Fi service, see Facebook Wi-Fi in the Facebook documentation portal.

    NOTE: Instant AP devices support Facebook Wi-Fi services on their own, without Aruba Central. However, for enabling social login based authentication, the guest splash pages must be configured in Aruba Central. For more information on Facebook Wi-Fi configuration on an Instant AP, see the Aruba Instant User Guide.

    Allow Internet In Failure

    To allow users access the Internet when the external captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. server is not available, click the Allow Internet In Failure toggle switch. By default, this option is disabled.

    Override Common Name

    To override the default common name, click the Override Common Name toggle switch and specify a common name. The common name is the web page URL of the guest portal. By default, the common name is set to securelogin.arubanetworks.com. The guest users can override this default name by adding their own common name.

    If your devices are managed by AirWave and you want to use your own certificate for the captive portal service, ensure that the captive portal certificate is pushed to the Instant AP from the AirWave management system. When the appropriate certificate is loaded on the AP, perform the following actions:

    1. Run the show captive-portal-domains command at the Instant AP command prompt.
    2. Note the common name or the internal captive portal domain name.
    3. Add this domain name in the Override Common Name field on the Splash Page configuration page.
    4. Save the changes.

    Guest Key

    To set password for anonymous users, enable the Guest Key and enter a password.

    Sponsored Guest

    Enable the Sponsored Guest option to provide authorization control to a guest sponsor for allowing and denying a guest from accessing the network.

    Allowed Sponsor Domains

    Enter accepted company domain names. The domain name must match the suffix of the sponsor's email address. The domain names must be company names and not any public domain names such as Gmail, Yahoo, and so on. To add more domain names, click the add icon and enter the domain name. This is a mandatory field.

    Allowed Sponsor Emails

    Enter the allowed email addresses. If you leave this field empty, all emails that correspond to the allowed domains list are permitted to sponsor guests. To add more sponsor emails, click the add icon and enter the sponsor's email address. This is an optional field.

    Authentication Success Behavior

    If Anonymous or Authenticated option is selected as the guest user authentication method, specify a method for redirecting the users after a successful authentication. Select one of the following options:

    • Redirect to Original URL— When selected, upon successful authentication, the user is redirected to the URL that was originally requested.
    • Redirect URL— Specify a redirect URL if you want to override the original request of users and redirect them to another URL.

    Authentication Failure Message

    If the Authenticated option is selected as the guest user authentication method, enter the authentication failure message text string returned by the server when the user authentication fails.

    Session Timeout

    Enter the maximum time in Day(s): Hour(s): Minute(s) format for which a client session remains active. The default value is 0:8:00. When the session expires, the users must re-authenticate.

    If MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. caching is enabled, the users are allowed or denied access based on the MAC address of the connective device.

    Share This Profile

    Select this check box if you want to allow the users to share the Splash Page profile. The Splash Page profiles under All Devices can be shared across all the groups.

    NOTE: When you clone an existing group, the unshared splash page profile in the existing group is not cloned to the new group. In the existing group, if an unshared splash page is associated with a guest network, then the splash page value is empty in the guest network of the new group.

    Daily Usage Limit

    Use this option to set a data usage limit for authenticated guest users, anonymous profiles, and Facebook Wi-Fi logins. By default, no daily usage limit is applied.

    To set a daily usage limit, use one of the following options:

    • By Time— Specify the time limit in hours and minutes for data usage during a day. When a user exceeds the configured time limit, the device is disconnected from the network until the next day begins; that is, until 00.00 hours in the specified time zone.
    • By Data— Specify a limit for data usage in MB. You can set this limit to either Per User, Per Session, or Per Device. When the data usage exceeds the configured limit, the user device is disconnected from the network until the next day begins; that is, until 00.00 hours in the specified time zone.
      • Per User— This option applies the data usage limit based on authenticated user credentials.
      • Per Session—This option applies the data usage limit based on user sessions.
      • Per Device—This option applies the data usage limit based on the MAC address of the client device connected to the network.

    Important Points to Note

    • The values configured for this feature do not serve as hard limits. There might be a slight delay in enforcing daily usage limits due to the time required for processing information.
    • For anonymous and Facebook Wi-Fi logins, the daily usage limit is applied per MAC address of the client device connected to the network.

    Allowlist URL

    To allow a URL, click + and add the URL to the allowlist. For example, if the terms and conditions configured for the guest portal include URLs, you can add these URLs to the allowlist, so that the users can access the required web pages.

The following animation shows how to add a guest splash page profile using Anonymous authentication method:

The following animation shows how to add a guest splash page profile using Authenticated authentication method:

The following animation shows how to add a guest splash page profile using Facebook Wi-Fi authentication method:

Obtaining the Redirect URI for OAuth

When creating social login apps for the splash page, the configuration of OAuth requires a Redirect URI. Use the server URL provided in the splash page configuration in Aruba Central with /oauth/reply suffix. Ensure that the URL is an HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. URL with a domain name and not the IP address. For example, https://example1.cloudguest.arubanetworks.com/oauth/reply.

To get the cloud guest URL, complete the following steps:

  1. In the Aruba Central app, set the filter to a group.

    The dashboard context for the group is displayed.

  2. Under Manage, click Guests.

    The Guest Access > Splash Pages page is displayed.

    Ensure that the pop-up blocker of the browser is disabled.

  3. Hover over the splash page profile for which you want to view the cloud guest URL and click the settings icon.

    The Splash Page Configuration window is displayed.

    Figure 1  Cloud Guest URL

  4. Copy the cloud guest URL from the Splash Page Configuration window and use it to specify as the Redirect URI in the social login app configuration for OAuth.
  5. Alternatively, you can also click the preview icon.

    The Splash page is displayed in the browser.

    This is the page the guest user will see and use it to sign on to the application.

  6. Copy the URL from the address bar on the browser and use it to specify as the Redirect URI in the social login app configuration for OAuth.

Customizing a Splash Page Design

To customize a splash page design, complete the following steps:

  1. In the Aruba Central app, set the filter to a group.

    The dashboard context for the group is displayed.

  2. Under Manage, click Guests.

    The Guest Access > Splash Pages page is displayed.

  3. To create a new splash page, click the + icon.

    The New Splash Page pane is displayed.

  4. To customize a splash page design, on the Guest > Splash Page > New Splash Page > Customization pane, configure the parameters described in the following table:

    5. Table 2: Splash Page Customization

    Data Pane Content

    Description

    Layout

    To customize the page layout based on the device type. Specify a layout by selecting one of the following options:

    • Horizontal, better for computers
    • Vertical, better for phones

    The horizontal layout is selected by default. To change the layout, click the drop-down list and select the required layout type.

    Background color

    To change the color of the splash page, select a color from the Background Color palette.

    Button color

    To change the color of the sign in button, select a color from the Button Color palette.

    Header fill color

    Select the fill color for the splash page header from the Header fill color palette.

    Page font color

    To change the font color of the text on the splash page, select a color from the Page font color palette.

    Logo

    To upload a logo, click Browse, and browse the image file. Ensure that the image file size does not exceed 256 KB.

    Background Image

    Click Browse to upload a background image. Ensure that the background image file size does not exceed 512 KB.

    Page Title

    Add a suitable title for the splash page.

    Welcome Text

    Enter the welcome text to be displayed on the splash page. Ensure that the welcome text does not exceed 20,000 characters.

    Terms & Conditions

    Enter the terms and conditions to be displayed on the splash page. Ensure that the terms and conditions text does not exceed 20000 characters.

    The text box also allows you to use HTML tags for formatting text. For example, to highlight text with italics, you can wrap the text with the <i> </i> HTML tag.

    Specify an acceptance criteria for terms and condition by selecting any of the following options from the Display "I Accept" check box:

    • No, Accept by default
    • Yes, Display check box

    If the I ACCEPT check box must be displayed on the Splash page, select the display format for terms and conditions.

    Ensure that Display Option For Terms & Conditions has the Inline Text option auto-selected and displayed as an uneditable text.

    Ad Settings

    If you want to display advertisements on the splash page, enter the URL in the Advertisement URL.

    For Advertisement Image, click Browse and upload the image.

The following animation shows how to customize a guest splash page profile:

Localizing a Guest Portal

To localize a guest portal, complete the following steps:

  1. In the Aruba Central app, set the filter to a group.

    The dashboard context for the group is displayed.

  2. Under Manage, click Guests.

    The Guest Access > Splash Pages page is displayed.

  3. To create a new splash page, click the + icon.

    The New Splash Page pane is displayed.

  4. To localize or translate the Guest portal content, on the Guest > Splash Page > New Splash Page > Localization pane, configure the parameters described in the following table:

    These are optional settings unless specified as a required parameter explicitly.

    5. Table 3: Guest Portal Localization

    Data Pane Content

    Description

    Allowed Length of Text

    Login Section

    Login button title

    Enter the custom label text to be localized for the Login button.

    1–255 characters

    Network login title

    Enter the custom title text that you want to localize for the Network Login page.

    1–255 characters

    Login page title

    Enter the custom text for title in the Login page.

    1–255 characters

    Access denied page title

    Enter the custom title text for the Access Denied page.

    1–255 characters

    Logged in title

    Enter the custom Logged in title text for the page that allows access.

    1–255 characters

    Username label

    Enter the custom text for Username lable.

    1–255 characters

    Username placeholder

    Enter the custom text to show in in the Username placeholder.

    1–255 characters

    Password placeholder

    Enter the custom text to show in in the Password placeholder.

    1–255 characters

    Email address placeholder

    Enter the custom text to show in in the Email Address placeholder.

    1–255 characters

    Register button title

    Enter the custom title text for Register button.

    1–255 characters

    Network login button title

    Enter the custom title text for Network Login button.

    1–255 characters

    Terms and Conditions title

    Enter the custom text to show in the Terms and Conditions title.

    1–255 characters

    I accept the Terms and Conditions' text

    Enter the custom text to show for the 'I accept the Terms and Conditions' text adjacent to the check box.

    Up to 20000 characters

    Welcome Text

    Enter a custom Welcome text to the guest portal user.

    Up to 20000 characters

    Login failed message

    Enter a custom text to show for the Login Failed message when a user's login attempt gets denied or fails.

    Up to 20000 characters

    Logged in message

    Enter a custom text to show for the Logged in message in the access allowed page.

    Up to 20000 characters

    Register Section

    Phone help message

    Enter a custom help message to show for the Phone help field.

    Up to 20000 characters

    Phone number placeholder

    Enter the custom placeholder text for the Phone Number input UI control.

    1–255 characters

    'Back' button text

    Enter the custom text label to show for the Back button control.

    1–255 characters

    'Continue' button text

    Enter the custom text label toshow for the Continue button control.

    1–255 characters

    Email radio button

    Enter a custom text label for the Email option.

    Phone radio button

    Enter a custom label text for the Phone option.

    Register page title

    Enter a custom title text for the Register page.

    1–255 characters

    Accept button title

    Enter a custom title text for the Accept button.

    1–255 characters

    Register Page instructions

    Enter a custom message to show in the Register page.

    Up to 20000 characters

    Verification Section

    Verification code label

    Enter a custom text to show for the Verification code label.

    1–255 characters

    Verification code placeholder

    Enter a custom text to show for the Verification code placeholder.

    1–255 characters

    Verification email check message

    Enter a custom text for the Verification Email Check message. This is shown in the verification pending page.

    Up to 20000 characters

    Verification email notice message

    Enter a custom text for the Verification Email Notice message. This is the message notifying the user when the email will be sent.

    Up to 20000 characters

    Verification email sent message

    Enter a custom text for the Verification Email Sent message.

    Up to 20000 characters

    Verification phone notice message

    Enter a custom text for the Verification Phone Notice message. This is the message notifying the user that an SMS has been sent.

    Up to 20000 characters

    Verified account message

    Enter a custom text for the Verified Account message. This is the message that will be shown in the Verified page.

    Up to 20000 characters

    Verify account message

    Enter a custom text for the Verify Account message. This is the message that will be shown in the Verify page.

    Up to 20000 characters

    Verify button title

    Enter a custom label text for the Verify button.

    1–255 characters

    Verify title

    Enter a custom text for Verify title.

    1–255 characters

    Network login message

    Enter a custom text message to show in the Network Login page.

    Up to 20000 characters
  5. Click Preview to preview the localized guest portal page or click Finish

Previewing and Modifying a Splash Page Profile

To preview a splash page profile, complete the following steps:

  1. In the Aruba Central app, set the filter to a group.

    The dashboard context for the group is displayed.

  2. Under Manage, click Guests.

    The Guest Access > Splash Pages page is displayed.

  3. Ensure that the pop-up blocker on your browser window is disabled.
  4. Hover over the splash profile you want to preview and click the preview icon. The Splash Page is displayed in a new window.

Figure 2  Splash Pages Tab

The Splash Pages page also allows you to perform any of the following actions:

  • To view the Splash Page configuration text in an overlay window, click the settings icon next to the profile. You can copy the configuration text and apply it to AirWave managed APs using configuration templates.
  • To modify a splash page profile, click the edit icon ext to the profile form list of profiles displayed in the Splash Page Profiles pane.
  • To delete a profile, select the profile and click the delete icon next to the profile.

Associating a Splash Page Profile to an SSID

To associate a splash page profile with an SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., complete the following steps:

  1. In the Aruba Central app, set the filter to a group.

    The dashboard context for the group is displayed.

  2. Under Manage, click Device > Access Points.
  3. Click the Config icon.
  4. Under WLANs, click +Add SSID.
  5. The Create a New Network pane is displayed.
  6. Refer to the AP configuration page for Aruba Central Online Help for more detailed information on how to create the network at Configuring Wireless Network Profiles on IAPs.