Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
0
Helpful
1
Replies

API to perform CRUD Operations on endpoints and groups of endpoints

Go to solution
Richard Lucht
Level 1
Level 1

‎02-26-2018 09:46 AM

Hello,  I am looking for a way to leverage ISE ERS so that the desktop support team could add mac addresses to various groups in ISE without actually logging into ISE as an admin.  We would like to make it as simple as them selecting a group and import a MAC address.  Has anyone tried this and do you have a guide that you are willing to share?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎02-26-2018 02:40 PM

In short, Yes.

We have the IdentityGroup and Endpoint objects.

Get the list of IdentityGroups: GET https://ise.domain.com:9060/ers/config/identitygroup

Then create the Endpoint entry with a POST https://ise.domain.com:9060/ers/config/endpoint

From the ISE ERS SDK:

Endpoint

Create

Method:POST
URI:https://ise.domain.com:9060/ers/config/endpoint
HTTP 'Content-Type' Header:application/xml | application/json
HTTP 'Accept' Header:application/xml | application/json
HTTP 'ERS-Media-Type' Header (Not Mandatory):identity.endpoint.1.2
HTTP 'X-CSRF-TOKEN' Header (Required Only if Enabled from GUI):The Token value from the GET X-CSRF-TOKEN fetch request
Bulk Support:Operation 'Create' can be used within Bulk Request.

Request Content:


XML


<?xml version="1.0" encoding="UTF-8"?> <ns0:endpoint xmlns:ns0="identity.ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" description="description" id="id" name="name"> <customAttributes> <customAttributes> <entry> <key>key1</key> <value>value1</value> </entry> <entry> <key>key2</key> <value>value2</value> </entry> </customAttributes> </customAttributes> <groupId>groupId</groupId> <identityStore>identityStore</identityStore> <identityStoreId>identityStoreId</identityStoreId> <mac>00:01:02:03:04:05</mac> <mdmAttributes> <mdmComplianceStatus>false</mdmComplianceStatus> <mdmEncrypted>false</mdmEncrypted> <mdmEnrolled>false</mdmEnrolled> <mdmIMEI>IMEI</mdmIMEI> <mdmJailBroken>false</mdmJailBroken> <mdmManufacturer>Apple Inc.</mdmManufacturer> <mdmModel>iPad</mdmModel> <mdmOS>iOS</mdmOS> <mdmPhoneNumber>Phone Number</mdmPhoneNumber> <mdmPinlock>false</mdmPinlock> <mdmReachable>true</mdmReachable> <mdmSerial>10000000001</mdmSerial> <mdmServerName>MdmServerName</mdmServerName> </mdmAttributes> <portalUser>portalUser</portalUser> <profileId>profileId</profileId> <staticGroupAssignment>true</staticGroupAssignment> <staticProfileAssignment>false</staticProfileAssignment> </ns0:endpoint>

JSON

{ "ERSEndPoint" : { "id" : "id", "name" : "name", "description" : "description", "mac" : "00:01:02:03:04:05", "profileId" : "profileId", "staticProfileAssignment" : false, "groupId" : "groupId", "staticGroupAssignment" : true, "portalUser" : "portalUser", "identityStore" : "identityStore", "identityStoreId" : "identityStoreId", "customAttributes" : { "customAttributes" : { "key1" : "value1", "key2" : "value2" } }, "mdmAttributes" : { "mdmServerName" : "MdmServerName", "mdmReachable" : true, "mdmEnrolled" : false, "mdmComplianceStatus" : false, "mdmOS" : "iOS", "mdmManufacturer" : "Apple Inc.", "mdmModel" : "iPad", "mdmSerial" : "10000000001", "mdmEncrypted" : false, "mdmPinlock" : false, "mdmJailBroken" : false, "mdmIMEI" : "IMEI", "mdmPhoneNumber" : "Phone Number" } } }

View solution in original post

0 Helpful
1 Reply 1

Go to solution
thomas
Cisco Employee
Cisco Employee

‎02-26-2018 02:40 PM

In short, Yes.

We have the IdentityGroup and Endpoint objects.

Get the list of IdentityGroups: GET https://ise.domain.com:9060/ers/config/identitygroup

Then create the Endpoint entry with a POST https://ise.domain.com:9060/ers/config/endpoint

From the ISE ERS SDK:

Endpoint

Create

Method:POST
URI:https://ise.domain.com:9060/ers/config/endpoint
HTTP 'Content-Type' Header:application/xml | application/json
HTTP 'Accept' Header:application/xml | application/json
HTTP 'ERS-Media-Type' Header (Not Mandatory):identity.endpoint.1.2
HTTP 'X-CSRF-TOKEN' Header (Required Only if Enabled from GUI):The Token value from the GET X-CSRF-TOKEN fetch request
Bulk Support:Operation 'Create' can be used within Bulk Request.

Request Content:


XML


<?xml version="1.0" encoding="UTF-8"?> <ns0:endpoint xmlns:ns0="identity.ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" description="description" id="id" name="name"> <customAttributes> <customAttributes> <entry> <key>key1</key> <value>value1</value> </entry> <entry> <key>key2</key> <value>value2</value> </entry> </customAttributes> </customAttributes> <groupId>groupId</groupId> <identityStore>identityStore</identityStore> <identityStoreId>identityStoreId</identityStoreId> <mac>00:01:02:03:04:05</mac> <mdmAttributes> <mdmComplianceStatus>false</mdmComplianceStatus> <mdmEncrypted>false</mdmEncrypted> <mdmEnrolled>false</mdmEnrolled> <mdmIMEI>IMEI</mdmIMEI> <mdmJailBroken>false</mdmJailBroken> <mdmManufacturer>Apple Inc.</mdmManufacturer> <mdmModel>iPad</mdmModel> <mdmOS>iOS</mdmOS> <mdmPhoneNumber>Phone Number</mdmPhoneNumber> <mdmPinlock>false</mdmPinlock> <mdmReachable>true</mdmReachable> <mdmSerial>10000000001</mdmSerial> <mdmServerName>MdmServerName</mdmServerName> </mdmAttributes> <portalUser>portalUser</portalUser> <profileId>profileId</profileId> <staticGroupAssignment>true</staticGroupAssignment> <staticProfileAssignment>false</staticProfileAssignment> </ns0:endpoint>

JSON

{ "ERSEndPoint" : { "id" : "id", "name" : "name", "description" : "description", "mac" : "00:01:02:03:04:05", "profileId" : "profileId", "staticProfileAssignment" : false, "groupId" : "groupId", "staticGroupAssignment" : true, "portalUser" : "portalUser", "identityStore" : "identityStore", "identityStoreId" : "identityStoreId", "customAttributes" : { "customAttributes" : { "key1" : "value1", "key2" : "value2" } }, "mdmAttributes" : { "mdmServerName" : "MdmServerName", "mdmReachable" : true, "mdmEnrolled" : false, "mdmComplianceStatus" : false, "mdmOS" : "iOS", "mdmManufacturer" : "Apple Inc.", "mdmModel" : "iPad", "mdmSerial" : "10000000001", "mdmEncrypted" : false, "mdmPinlock" : false, "mdmJailBroken" : false, "mdmIMEI" : "IMEI", "mdmPhoneNumber" : "Phone Number" } } }
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents