XiQ Guest Essentials: Enhancing Sponsor Auditing for Greater Accountability

Guest network access is a critical component of enterprise security, ensuring that visitors can connect to the internet while maintaining strict access controls. XIQ Guest Essentials simplifies this process by allowing guest users to request access from nominated sponsors within an organisation. However, a key accountability gap exists: there is no built-in mechanism to track which sponsors approve guest requests.

At Toranet, we specialise in finding smart solutions to complex challenges. We engineered an auditing mechanism for XIQ Guest Essentials that allows businesses to track and verify sponsor approvals, enhancing security, accountability, and compliance.

The Problem: No Visibility into Sponsor Approvals

When using XIQ Guest Essentials in Sponsor Mode, guests must enter the email address of an authorised sponsor (e.g., anyone with an @CompanyName.com email). The sponsor then receives an email containing two links:

• Approve Guest Access
• Reject Guest Access

Once the sponsor clicks the approval link, the guest is granted access to the network. However, XIQ provides no mechanism to track which sponsor approved which guest request, leading to:

• Lack of Auditing - No way to trace approvals for review.
• Limited Accountability - No way to verify which sponsor approved a request.
• Security & Compliance Risks - No audit logs for guest access approvals.

The Toranet Solution: Transparent Sponsor Auditing via Cloud Logging

To address this accountability gap, we implemented an invisible tracking system that records sponsor approvals without altering the user experience.

How It Works:

1. Intercepting the Sponsor Email Links
   • Guest Essentials emails sponsors with approval and rejection links.
   • We modify the email template to replace the default links with custom links pointing to an AWS Cloud Function.
2. Capturing Sponsor Actions via Cloud Logging
   • The AWS Cloud Function logs sponsor actions before redirecting them to XIQ.
   • Metadata collected includes Sponsor Email, Guest Email, Timestamp, and the original XIQ approval link.
3. Seamless Redirection to XiQ
   • Sponsors are instantly redirected to XIQ's original approval link, ensuring a smooth experience.
4. Data Storage & Cross-Referencing
   • Captured data is logged into a database and cross-referenced with XIQ's database for auditing.

The Benefits: Enhanced Security & Accountability

• Complete Visibility - Track exactly which sponsor approved each guest request.
• Seamless User Experience - No changes to the approval process.
• Improved Security & Compliance - Meet auditing requirements with detailed approval logs.
• Cross-Platform Compatibility - Works without modifying XIQ's core functionality.

Conclusion: Smarter Guest Access with Transparent Auditing

While XIQ Guest Essentials offers a sponsored access model, it lacks built-in tracking for guest approvals, leading to potential security risks. Toranet's custom auditing solution bridges this gap, ensuring full visibility while preserving a seamless sponsor experience.

Our approach, integrating AWS Cloud Functions and cross-referenced logging, allows businesses to improve security compliance and maintain clear audit trails for guest access requests.