> ## Documentation Index
> Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Configure Captive Portals

> Create captive portal auth integrations, instances, site assignments, and coupon workflows.

This guide covers the standard captive portal setup path: configure authentication, create an instance, apply it to a site subnet, and operate sessions or coupons.

## Prerequisites

Before you begin, make sure you have:

* Permission to manage captive portal instances.
* An adopted SDX site with the guest subnet you want to control.
* For OAuth2, an application created in your identity provider.
* For coupon access, a process for generating and distributing codes.
* A session lifetime policy for guests.

## Create An OAuth2 Auth Integration

Skip this section if your portal will use coupons only.

<Steps>
  <Step title="Open identity providers">
    In the portal, go to **Captive Portal**, then open **Identity Providers** or **Auth Integrations**.
  </Step>

  <Step title="Create the integration">
    Add an integration and choose the provider type: Google, GitHub, or Azure.
  </Step>

  <Step title="Enter provider credentials">
    Provide the OAuth2 client ID and client secret. For Azure, also provide the tenant value.
  </Step>

  <Step title="Save and test">
    Save the integration, then test the sign-in flow before attaching it to a production portal instance.
  </Step>
</Steps>

<Warning>
  OAuth2 portals must allow unauthenticated users to reach the identity-provider flow. If your guest subnet blocks the provider domains before login, users will not be able to complete authentication.
</Warning>

## Create A Portal Instance

<Steps>
  <Step title="Create the instance">
    Open **Captive Portal**, go to **Instances**, and create a new instance.
  </Step>

  <Step title="Choose the strategy">
    Select **OAuth2** or **Coupon**. OAuth2 instances require an auth integration.
  </Step>

  <Step title="Set session lifetime">
    Set the session TTL. Supported values range from 1,200 seconds to 604,800 seconds, which is 20 minutes to 7 days.
  </Step>

  <Step title="Customize the portal">
    Configure theme colors, logo or icon assets where available, locale, and terms text. Keep terms concise enough that guests can make an informed decision on a phone.
  </Step>

  <Step title="Attach sites">
    Add the site and the exact subnet or subnets the portal should control.
  </Step>
</Steps>

## Generate Coupons

For coupon-based portals, you can generate access codes on demand or through schedules.

### On-Demand Coupons

1. Open the captive portal instance.
2. Go to **Coupons**.
3. Generate between 1 and 200 coupons.
4. Set how long the coupons remain valid.
5. Export or share the generated codes through your approved process.

### Scheduled Coupons

Use schedules when your team needs a repeatable batch, such as daily front-desk codes or weekly event access.

1. Open the instance and go to **Coupon Schedules**.
2. Create a schedule with the desired count and validity period.
3. Add the notification group or delivery process your operators use.
4. Use **Run now** when you need an immediate batch outside the normal schedule.

## Monitor Sessions

Use captive portal user views to check who has connected, when their session expires, and whether a session should be terminated manually.

When investigating a guest access issue, check these in order:

1. The site is online in SDX.
2. The portal instance is attached to the correct subnet.
3. The authentication strategy matches the guest's login method.
4. OAuth2 provider access is reachable before login, if applicable.
5. The user's coupon is valid, unexpired, and not already redeemed.

## Related Pages

<CardGroup cols={2}>
  <Card title="Troubleshooting" icon="wrench" href="../../resources/troubleshooting" arrow="true">
    Follow a general SDX troubleshooting path before escalating.
  </Card>

  <Card title="Notifications" icon="bell" href="../../monitoring/notifications" arrow="true">
    Route operational events to the right team.
  </Card>
</CardGroup>