Network admins usually want to create a separate wireless network to support guests to connect to a wireless network for access to the internet. Guest Access can provide network admins a simple way to provide temporary restricted access to the guests on their wireless networks. The goal should be to create a guest or a secondary WLAN that isolates your primary network from the guest network, so that users onboarding the guest WLAN do not have access to the restricted devices and resources in your network.
There are several methods to configure guest portal in Mist. Let’s look at them-
Start by creating a WLAN either as a template or under a specific site. Name the WLAN and select the “Open Access” tab under security to expose all the Guest Access options.
The options are broken down into 4 ways of providing guest access –
No Portal: This is the default selection and the simplest workflow for providing guest access. Wireless clients can scan for open SSIDs and connect to the guest WLAN without any additional steps. This is the quickest and the recommended way to provide guest access unless the business need calls for additional security or collecting additional data from their WiFi users.
Custom guest portal: Powered by Mist, this option provides network admin to use the captive portal workflow and design splash page in the Mist Cloud. Admins can use this option to fully customize pages, terms and condition, sponsored guest access and a lot more within the Mist portal. Given the ease of configuration in comparison to external portal providers, this is the most used option for guest access. Please visit Mist Guest Portal to learn more about configuring using this option.
Visit Sponsored Guest page for more information.
Forward to external portal: Mist supports integrating with an externally hosted captive portal, to create your own guest portal page with custom options for your personalized network instead of using the default portal. To learn more about configuring external portal with Mist please visit External Guest Portal.
SSO with Identity Provider: Mist supports SAML2.0 based SSO for guest access. We integrate with most of the 3rd party IDPs. Popular ones are Okta, Azure, Google, Ping etc. Please visit the SSO section for integration and FAQ content.
Guest Access with MAC Authentication Bypass
Guest Access with Mac Authentication Bypass can be enabled to leverage RADIUS based guest portals.
Bypass portal
Check the option to bypass portal if the portals are unreachable. This option is disabled by default. When enabled, guests will be able to join the network without satisfying any portal conditions. Each Access point will try and reach out to the portal page configured on the WLAN to see if there is connectivity to the page. If the Redirection page is not reachable then the AP will automatically authorize the clients associating with the SSID to bypass the Guest SSID.
