Configuring a Guest Splash Page Profile
The Guest app allows MSP administrators to configure Splash Page profiles for tenant accounts. If the tenant account is mapped to a group and the Guest service is enabled on the tenant account, the tenant account users inherit the splash page profiles configured in the MSP. If the group associated to a tenant account is locked for editing on the MSP mode, the tenant account users cannot edit the Splash Page profiles inherited from the MSP. The guest MSP administrator users can delete only those Splash Pages that are not linked to any tenant account.
This topic describes the following procedures:
- Adding a Guest Splash Page Profile
- Customizing a Splash Page Design
- Previewing and Modifying a Splash Page Profile
- Localizing a Guest Portal
- Associating a Splash Page Profile to an SSID
Meta will terminate Facebook Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. service soon. With this, existing visitor deployments within Aruba Central Guest and Aruba ClearPass Guest ClearPass Guest is a configurable ClearPass application for secure visitor network access management. that use Facebook Wi-Fi will stop working. This only impacts the Facebook Wi-Fi functionality offered through Meta. Customers using Facebook authentication as a remote identity source are not affected. Customers are advised to read and complete the recommended configuration changes explained in the Aruba Central and ClearPass Policy Manager - Guest Access after Facebook Wi-Fi Service Ends support advisory at Aruba Support Portal at the earliest to ensure guest network authentication remains functional after the termination of Facebook Wi-Fi.
Adding a Guest Splash Page Profile
To create a splash page profile, complete the following steps:
- In the Aruba Central app, set the filter to a group.
The dashboard context for the group is displayed.
- Under
The
> page is displayed.
, click . - To create a new splash page, click the + icon.
The
pane is displayed. - On the tab, configure the parameters described in the following table:
- Enable .
- Set the to if the guest user account must be verified.
- Enable the CNA Captive Network Assistant. CNA is a popup page shown when joining a network that has a captive portal. on the iOS devices. Enabling CNA bypass allows users to bypass the Apple Captive Network Assistant pop-up on their iOS devices. However, users still need to verify their credentials with a browser. When the CNA bypass is disabled, the iOS clients have to enter the credentials in the CNA pop-up on their devices. The toggle button is displayed only when is enabled. Users can either enable or disable CNA bypass based on their requirement. to bypass the
- Specify a verification criteria to allow the self-registered users to verify through email or phone.
- If email-based verification is enabled and the is selected, a verification link is sent to the email address of the user. The guest users can click the link to obtain access to the Internet.
- If phone-based verification is enabled, the guest users will receive an SMS. The administrators can also customize the content of the SMS by clicking on .
- Specify the duration within the range of 1-60 minutes, during which the users can access free Wi-Fi to verify the link. The users can log in to the network for the specified duration and click the verification link to obtain access to the Internet.
- Create an App in the Facebook documentation portal.
Enter details obtained during creation of Facebook app for the following parameters:
Client ID—Enter the app ID obtained from Facebook.
- Client Secret—Enter the secret key obtained from Facebook.
—Allows guest users to use their Facebook credentials to log on to the splash page. To enable Facebook integration, you must create a Facebook app and obtain the app ID and secret key. For more information on app creation, see - Developer Apps in the Twitter documentation portal.
Enter details obtained during creation of the Twitter app for the following parameters:
Client ID—Enter the app ID obtained from Twitter.
- Client Secret—Enter the secret key obtained from Twitter.
—Allows guest users to use their Twitter credentials to log on to the splash page. To enable Twitter integration, you must create a Twitter app and obtain the app ID and secret key. For more information, see - Creating your Project in the Google documentation portal.
Enter details obtained during creation of the Google app for the following parameters:
Client ID—Enter the app ID obtained from Google.
- Client Secret—Enter the secret key obtained from Google.
- Gmail for Work Domain—Enter the domain name to restrict authentication attempts to only the members of a Google hosted domain. Ensure that you have a valid domain account licensed by Google Domains or Google Apps.
- Sign-in Button Test—Specify a text for the sign-in button.
—Allows guest users to use their Google credentials to log on to the splash page. To enable Google integration, you must create a Google app and obtain the app ID and secret key. For more information, see - Creating an App and Sign In with LinkedIn in the LinkedIn documentation portal.
Enter details obtained during creation of the LinkedIn app for the following parameters:
Client ID—Enter the app ID obtained from LinkedIn.
- Client Secret—Enter the secret key obtained from LinkedIn.
—Allows guest user to use their LinkedIn credentials to log on to the splash page. To enable LinkedIn integration, you must create a LinkedIn app and obtain the app ID and secret key. For more information, see - Click the link.
- Sign in to your Facebook account.
- If you do not have a business page, click Facebook Wi-Fi in the Facebook documentation portal. . For more information on setting Facebook Wi-Fi service, see
- Run the Instant AP command prompt. command at the
- Note the common name or the internal captive portal domain name.
- Add this domain name in the field on the configuration page.
- Save the changes.
- — When selected, upon successful authentication, the user is redirected to the URL that was originally requested.
- — Specify a redirect URL if you want to override the original request of users and redirect them to another URL.
- — Specify the time limit in hours and minutes for data usage during a day. When a user exceeds the configured time limit, the device is disconnected from the network until the next day begins; that is, until 00.00 hours in the specified time zone.
- — This option applies the data usage limit based on authenticated user credentials.
- —This option applies the data usage limit based on user sessions.
- —This option applies the data usage limit based on the MAC address of the client device connected to the network.
— Specify a limit for data usage in MB. You can set this limit to either , , or . When the data usage exceeds the configured limit, the user device is disconnected from the network until the next day begins; that is, until 00.00 hours in the specified time zone. - The values configured for this feature do not serve as hard limits. There might be a slight delay in enforcing daily usage limits due to the time required for processing information.
- For anonymous and Facebook Wi-Fi logins, the daily usage limit is applied per MAC address of the client device connected to the network.
Data Pane Content |
Description |
|
Enter a unique name to identify the splash profile. If you attempt to enter an existing splash profile's name, Aruba Central displays a message stating that . |
|
Configure any of the following authentication methods to provide a secure network access to the guest users and visitors.
|
|
Configure the login method if you want to allow guest users to log in to the Splash page without providing any credentials.For anonymous user authentication, you can also enable a pre-shared key to allow access. To enable a pre-shared key based authentication, set the to ON and specify a password. |
|
Configure authentication and authorization attributes, and login credentials that enable users to access the Internet as guests. You can configure an authentication method based on sponsored access and social networking login profiles. The authenticated options available for configuring the guest splash page are described in the following rows. |
|
The SMS Short Message Service. SMS refers to short text messages (up to 140 characters) sent and received through mobile phones. or email depending on the options selected during registration. based authentication method allows pre-configured visitors to obtain access to wireless connection and the Internet. The visitors or guest users can register themselves by using the splash page when trying to access the network. The password is delivered to the users through print,To allow the guest users to register by themselves: By default, the expiration date for the accounts of self-registered guest users is set to infinite during registration. The administrator or the guest operator can set the expiration date after registration. |
|
Enable Social Login to allow guest users to use their existing login credentials from social networking profiles such as Facebook, Twitter, Google, or LinkedIn and sign on to a third-party website. When a social login based profile is configured, a new login account to access the guest network or third-party websites is not required. When configuring the OAuth Open Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. for the social login, specify the cloud guest URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. provided in the Aruba Central as the Redirect URI Uniform Resource Identifier. URI identifies the name and the location of a resource in a uniform format.. For information about how to obtain the guest URL, see Obtaining the Redirect URI for OAuth. The following social logins are available: |
|
If you want to enable network access through the free Wi-Fi service offered by Facebook. Select the hotspots Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. using their Facebook credentials. option. The Facebook Wi-Fi feature allows you to pair your network with a Facebook business page, thereby allowing the guest users to log in from Wi-FiIf the Facebook Wi-Fi business page is set up, when the users try to access the Internet, the browser redirects the user to the Facebook page. The user can log in with their Facebook account credentials and can either check in to access free Internet or skip checking in and then continue. |
|
After selecting the Facebook Wi-Fi option, complete the following steps to continue with the Facebook Wi-Fi configuration. Instant AP devices support Facebook Wi-Fi services on their own, without Aruba Central. However, for enabling social login based authentication, the guest splash pages must be configured in Aruba Central. For more information on Facebook Wi-Fi configuration on an Instant AP, see the Aruba Instant User Guide. |
|
To allow users access the Internet when the external captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. server is not available, click the toggle switch. By default, this option is disabled. |
|
To override the default common name, click the toggle switch and specify a common name. The common name is the web page URL of the guest portal. By default, the common name is set to . The guest users can override this default name by adding their own common name.If your devices are managed by AirWave and you want to use your own certificate for the captive portal service, ensure that the captive portal certificate is pushed to the Instant AP from the AirWave management system. When the appropriate certificate is loaded on the AP, perform the following actions: |
|
To set password for anonymous users, enable the Guest Key and enter a password. |
|
Enable the option to provide authorization control to a guest sponsor for allowing and denying a guest from accessing the network. |
|
Enter accepted company domain names. The domain name must match the suffix of the sponsor's email address. The domain names must be company names and not any public domain names such as Gmail, Yahoo, and so on. To add more domain names, click the add icon and enter the domain name. This is a mandatory field. |
|
Enter the allowed email addresses. If you leave this field empty, all emails that correspond to the allowed domains list are permitted to sponsor guests. To add more sponsor emails, click the add icon and enter the sponsor's email address. This is an optional field. |
|
If or option is selected as the guest user authentication method, specify a method for redirecting the users after a successful authentication. Select one of the following options: |
|
If the option is selected as the guest user authentication method, enter the authentication failure message text string returned by the server when the user authentication fails. |
|
Enter the maximum time in Day(s): Hour(s): Minute(s) format for which a client session remains active. The default value is 0:8:00. When the session expires, the users must re-authenticate. If MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. caching is enabled, the users are allowed or denied access based on the MAC address of the connective device. |
|
Select this check box if you want to allow the users to share the Splash Page profile. The Splash Page profiles under All Devices can be shared across all the groups. When you clone an existing group, the unshared splash page profile in the existing group is not cloned to the new group. In the existing group, if an unshared splash page is associated with a guest network, then the splash page value is empty in the guest network of the new group. |
|
Use this option to set a data usage limit for authenticated guest users, anonymous profiles, and Facebook Wi-Fi logins. By default, no daily usage limit is applied. To set a daily usage limit, use one of the following options:
|
|
To allow a URL, click + and add the URL to the allowlist. For example, if the terms and conditions configured for the guest portal include URLs, you can add these URLs to the allowlist, so that the users can access the required web pages. |
The following animation shows how to add a guest splash page profile using
authentication method:
The following animation shows how to add a guest splash page profile using Authenticated authentication method:
The following animation shows how to add a guest splash page profile using
authentication method:
Obtaining the Redirect URI for OAuth
When creating social login apps for the splash page, the configuration of OAuth requires a Redirect URI. Use the server URL provided in the splash page configuration in Aruba Central with /oauth/reply suffix. Ensure that the URL is an HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. URL with a domain name and not the IP address. For example, https://example1.cloudguest.arubanetworks.com/oauth/reply.
To get the cloud guest URL, complete the following steps:
- In the Aruba Central app, set the filter to a group.
The dashboard context for the group is displayed.
- Under
The
> page is displayed.Ensure that the pop-up blocker of the browser is disabled.
, click . - Hover over the splash page profile for which you want to view the cloud guest URL and click the
settings icon.
The Splash Page Configuration window is displayed.
Figure 1 Cloud Guest URL
- Copy the cloud guest URL from the Splash Page Configuration window and use it to specify as the Redirect URI in the social login app configuration for OAuth.
- Alternatively, you can also click the
preview icon.
The Splash page is displayed in the browser.
This is the page the guest user will see and use it to sign on to the application.
- Copy the URL from the address bar on the browser and use it to specify as the Redirect URI in the social login app configuration for OAuth.
Customizing a Splash Page Design
To customize a splash page design, complete the following steps:
- In the Aruba Central app, set the filter to a group.
The dashboard context for the group is displayed.
- Under
The
> page is displayed.
, click . - To create a new splash page, click the + icon.
The
pane is displayed. - To customize a splash page design, on the pane, configure the parameters described in the following table:
Data Pane Content |
Description |
|
To customize the page layout based on the device type. Specify a layout by selecting one of the following options: The horizontal layout is selected by default. To change the layout, click the drop-down list and select the required layout type. |
|
To change the color of the splash page, select a color from the palette. |
|
To change the color of the sign in button, select a color from the palette. |
|
Select the fill color for the splash page header from the palette. |
|
To change the font color of the text on the splash page, select a color from the palette. |
|
To upload a logo, click , and browse the image file. Ensure that the image file size does not exceed 256 KB. |
|
Click to upload a background image. Ensure that the background image file size does not exceed 512 KB. |
|
Add a suitable title for the splash page. |
|
Enter the welcome text to be displayed on the splash page. Ensure that the welcome text does not exceed 20,000 characters. |
|
Enter the terms and conditions to be displayed on the splash page. Ensure that the terms and conditions text does not exceed 20000 characters. The text box also allows you to use HTML tags for formatting text. For example, to highlight text with italics, you can wrap the text with the <i> </i> HTML tag. Specify an acceptance criteria for terms and condition by selecting any of the following options from the :If the check box must be displayed on the Splash page, select the display format for terms and conditions.Ensure that has the Inline Text option auto-selected and displayed as an uneditable text. |
|
If you want to display advertisements on the splash page, enter the URL in the .For , click and upload the image. |
The following animation shows how to customize a guest splash page profile:
Localizing a Guest Portal
To localize a guest portal, complete the following steps:
- In the Aruba Central app, set the filter to a group.
The dashboard context for the group is displayed.
- Under
The
> page is displayed.
, click . - To create a new splash page, click the + icon.
The
pane is displayed. - To localize or translate the Guest portal content, on the
These are optional settings unless specified as a required parameter explicitly.
pane, configure the parameters described in the following table: - Click to preview the localized guest portal page or click
Data Pane Content |
Description |
Allowed Length of Text |
---|---|---|
|
||
|
Enter the custom label text to be localized for the button. |
1–255 characters |
|
Enter the custom title text that you want to localize for the page. |
1–255 characters |
|
Enter the custom text for title in the page. |
1–255 characters |
|
Enter the custom title text for the page. |
1–255 characters |
|
Enter the custom title text for the page that allows access. |
1–255 characters |
|
Enter the custom text for lable. |
1–255 characters |
|
Enter the custom text to show in in the placeholder. |
1–255 characters |
|
Enter the custom text to show in in the placeholder. |
1–255 characters |
|
Enter the custom text to show in in the placeholder. |
1–255 characters |
|
Enter the custom title text for button. |
1–255 characters |
|
Enter the custom title text for button. |
1–255 characters |
|
Enter the custom text to show in the title. |
1–255 characters |
|
Enter the custom text to show for the text adjacent to the check box. |
Up to 20000 characters |
|
Enter a custom Welcome text to the guest portal user. |
Up to 20000 characters |
|
Enter a custom text to show for the message when a user's login attempt gets denied or fails. |
Up to 20000 characters |
|
Enter a custom text to show for the message in the access allowed page. |
Up to 20000 characters |
|
||
|
Enter a custom help message to show for the help field. |
Up to 20000 characters |
|
Enter the custom placeholder text for the input UI control. |
1–255 characters |
|
Enter the custom text label to show for the button control. |
1–255 characters |
|
Enter the custom text label toshow for the button control. |
1–255 characters |
|
Enter a custom text label for the option. |
— |
|
Enter a custom label text for the option. |
— |
|
Enter a custom title text for the page. |
1–255 characters |
|
Enter a custom title text for the button. |
1–255 characters |
|
Enter a custom message to show in the page. |
Up to 20000 characters |
|
||
|
Enter a custom text to show for the label. |
1–255 characters |
|
Enter a custom text to show for the placeholder. |
1–255 characters |
|
Enter a custom text for the message. This is shown in the verification pending page. |
Up to 20000 characters |
|
Enter a custom text for the message. This is the message notifying the user when the email will be sent. |
Up to 20000 characters |
|
Enter a custom text for the message. |
Up to 20000 characters |
|
Enter a custom text for the message. This is the message notifying the user that an SMS has been sent. |
Up to 20000 characters |
|
Enter a custom text for the message. This is the message that will be shown in the Verified page. |
Up to 20000 characters |
|
Enter a custom text for the message. This is the message that will be shown in the Verify page. |
Up to 20000 characters |
|
Enter a custom label text for the button. |
1–255 characters |
|
Enter a custom text for title. |
1–255 characters |
|
Enter a custom text message to show in the page. |
Up to 20000 characters |
Previewing and Modifying a Splash Page Profile
To preview a splash page profile, complete the following steps:
- In the Aruba Central app, set the filter to a group.
The dashboard context for the group is displayed.
- Under
The
> page is displayed.
, click . - Ensure that the pop-up blocker on your browser window is disabled.
- Hover over the splash profile you want to preview and click the preview icon. The Splash Page is displayed in a new window.
Figure 2 Splash Pages Tab
The
page also allows you to perform any of the following actions:- To view the Splash Page configuration text in an overlay window, click the settings icon next to the profile. You can copy the configuration text and apply it to AirWave managed APs using configuration templates.
- To modify a splash page profile, click the edit icon ext to the profile form list of profiles displayed in the Splash Page Profiles pane.
- To delete a profile, select the profile and click the delete icon next to the profile.
Associating a Splash Page Profile to an SSID
To associate a splash page profile with an SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., complete the following steps:
- In the Aruba Central app, set the filter to a group.
The dashboard context for the group is displayed.
- Under , click > .
- Click the icon.
- Under , click .
- The Create a New Network pane is displayed.
- Refer to the AP configuration page for Aruba Central Online Help for more detailed information on how to create the network at Configuring Wireless Network Profiles on IAPs.