How to Implement Microsoft Registration


This Help topic describes the steps for implementing guest registration using Microsoft as a way to obtain end user information.

In this scenario, the Guest Registration portal provides the option to register as a guest or log into Microsoft in order to complete the registration process. If the end user selects the Microsoft option, ExtremeCloud IQ Site Engine OAuth to securely access the end user's Microsoft account, obtain public end user data, and use that data to complete the registration process.

  NOTE: Guest OAuth (for example, Google, Yahoo) may not support native mobile browsers and display a “user agent” error. To access the network, use a standard browser application (e.g. Google Chrome).

Guest Registration using Microsoft has two main advantages:

  • It provides ExtremeCloud IQ Site Engine with a higher level of user information by obtaining information from the end user's Microsoft account instead of relying on information entered by the end user.
  • It provides an easier registration process for the end user. ExtremeCloud IQ Site Engine retrieves the public information from the end user's Microsoft account and uses that information to populate the name and email registration fields.

This topic includes information and instructions on:

Requirements

These are the configuration requirements for Microsoft Registration.

  • The ExtremeControl engine must have Internet access in order to retrieve user information from Microsoft.
  • The ExtremeControl Unregistered access policy must provide access to the Microsoft site (either enable all SSL or make allowances for Microsoft servers).
  • The ExtremeControl Unregistered access policy must provide access to HTTPS traffic to the Microsoft OAuth servers.
  • A Unique Microsoft application must be created on the Microsoft Developers page (see instructions below).
  • The Portal Configuration must have Microsoft Registration enabled and include the Microsoft Application ID and Secret (see instructions below).

Creating a Microsoft Application

When implementing guest registration using Microsoft, you must first create a Microsoft application. This generates an Application ID and Application Secret that are required as part of the ExtremeCloud IQ Site Engine OAuth process. Use the following steps to create a Microsoft application.

  1. Access the Microsoft Developers page at https://apps.dev.microsoft.com/#/appList.
  2. Log into your existing account or create a new account by selecting the Sign in link in the top-right corner of the window.

  3. Select the Add an app button.


    The New Application Registration window opens.
  4. Enter a Name for the application. Use a name that clearly indicates it's purpose (e.g. Extreme Networks Guest Registration) and select Create application.

    The Application Registration window opens.

  5. Select Add Platforms under Platforms.

    The Add Platform window opens.

  6. Select Web.

    Additional fields display under Platforms enabling you to configure a web platform.

  7. Enter a Redirect URI in the following format https://<AccessControlengineFQDN>/ms_oauth. Microsoft uses the Redirect URI to redirect the user back to the engine with an Access Token.
     NOTE:Microsoft applications can only use a limited set of redirect URI values.
  8. Select Add Url to enter the Redirect URI for any additional ExtremeControl engines registering end-users via Microsoft.
  9. Copy the Application Id under Properties.

  10. Select Generate New Password under Application Secrets.



    The New password generated window displays.
  11. Copy the application password.

     IMPORTANT:Ensure you copy the password accurately. After the window is closed, you cannot access the password again.

  12. Select Save.

    Your application is created and ready to use.

    You need to add the Application Id and application password to your portal configuration.

Portal Configuration

The Application Id and application password assigned during the creation of the Microsoft application must be provided in the Portal Configuration in order for the entire process to complete properly.

  1. Open the Control > Access Control tab.
  2. In the left-panel tree, expand the ExtremeControl Configurations > Portal tree and select Guest Registration.

  3. In the Customize Fields section, select the Open Editor button to open the Manage Custom Fields window where you can change registration portal fields. Microsoft registration uses only the First Name, Last Name, and Email Address fields, and the Display Acceptable Use Policy (AUP) option. All other fields only apply to regular guest registration. If the Display AUP option is selected, the captive portal verifies that the AUP has been acknowledged before redirecting the user to Microsoft.
  4. Select the Microsoft Registration checkbox.
  5. Select Edit.
  6. Enter the Application Id in the Microsoft App ID field and the application password in the Microsoft App Secret field.
  7. Select Save. Warning messages display stating that Verification Method and Sponsorship are not used for Microsoft registration, and that an FDQN is required and will be enabled.
  8. Enforce the new configuration to your engines.

How Microsoft Registration Works

After you have configured Microsoft registration using the steps above, this is how the registration process works:

  1. The end user attempts to access an external Web site. Their HTTP traffic is redirected to the captive portal.
  2. In the Guest Registration Portal, the end user selects the option to register using Microsoft.
  3. The end user is redirected to the Microsoft login. If Acceptable Use Policy option is configured, the captive portal verifies that the AUP has been acknowledged before redirecting the user to Microsoft.
  4. When logged in, the end user is presented with the information that ExtremeCloud IQ Site Engine receives from Microsoft.
  5. The end user grants ExtremeCloud IQ Site Engine access to the Microsoft information and is redirected back to the captive portal where they see a "Registration in Progress" message.
  6. Microsoft provides the requested information to ExtremeCloud IQ Site Engine, which uses it to populate the user registration fields.
  7. The registration process completes and network access is granted.
  8. The word "Microsoft" is added to the user name so you can easily search for Microsoft registration via the Registration Administration web page.

Special Deployment Considerations

Read the following deployment consideration prior to configuring Microsoft Registration.

To provide access to your network via a wireless connection, create an L7 host record for the Unregistered Role on your Wireless Controller for login.live.com and auth.gfx.ms. These domains are subject to change and can vary based on location.

Networks using DNS Proxy

Microsoft Registration for networks redirecting HTTP traffic to the captive portal using DNS Proxy requires additional configuration.

In order for Microsoft Registration to work properly with DNS Proxy, all domains/URLs necessary to properly load the Microsoft web page must be added to the Allowed URLs/Allowed Domains section of the captive portal configuration. Otherwise, the ExtremeControl engine resolves DNS queries for these components to the ExtremeControl engine IP causing the page to not load properly.

As of February 2017, you must add the following domains in order for Microsoft registration to work with DNS Proxy. These domains are subject to change and can vary based on location.

Login.live.com


For information on related help topics: