02-26-2018 09:46 AM
Hello, I am looking for a way to leverage ISE ERS so that the desktop support team could add mac addresses to various groups in ISE without actually logging into ISE as an admin. We would like to make it as simple as them selecting a group and import a MAC address. Has anyone tried this and do you have a guide that you are willing to share?
Solved! Go to Solution.
02-26-2018 02:40 PM
In short, Yes.
We have the IdentityGroup and Endpoint objects.
Get the list of IdentityGroups: GET https://ise.domain.com:9060/ers/config/identitygroup
Then create the Endpoint entry with a POST https://ise.domain.com:9060/ers/config/endpoint
From the ISE ERS SDK:
Method: | POST |
---|---|
URI: | https://ise.domain.com:9060/ers/config/endpoint |
HTTP 'Content-Type' Header: | application/xml | application/json |
HTTP 'Accept' Header: | application/xml | application/json |
HTTP 'ERS-Media-Type' Header (Not Mandatory): | identity.endpoint.1.2 |
HTTP 'X-CSRF-TOKEN' Header (Required Only if Enabled from GUI): | The Token value from the GET X-CSRF-TOKEN fetch request |
Bulk Support: | Operation 'Create' can be used within Bulk Request. |
Request Content:
<?xml version="1.0" encoding="UTF-8"?> <ns0:endpoint xmlns:ns0="identity.ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" description="description" id="id" name="name"> <customAttributes> <customAttributes> <entry> <key>key1</key> <value>value1</value> </entry> <entry> <key>key2</key> <value>value2</value> </entry> </customAttributes> </customAttributes> <groupId>groupId</groupId> <identityStore>identityStore</identityStore> <identityStoreId>identityStoreId</identityStoreId> <mac>00:01:02:03:04:05</mac> <mdmAttributes> <mdmComplianceStatus>false</mdmComplianceStatus> <mdmEncrypted>false</mdmEncrypted> <mdmEnrolled>false</mdmEnrolled> <mdmIMEI>IMEI</mdmIMEI> <mdmJailBroken>false</mdmJailBroken> <mdmManufacturer>Apple Inc.</mdmManufacturer> <mdmModel>iPad</mdmModel> <mdmOS>iOS</mdmOS> <mdmPhoneNumber>Phone Number</mdmPhoneNumber> <mdmPinlock>false</mdmPinlock> <mdmReachable>true</mdmReachable> <mdmSerial>10000000001</mdmSerial> <mdmServerName>MdmServerName</mdmServerName> </mdmAttributes> <portalUser>portalUser</portalUser> <profileId>profileId</profileId> <staticGroupAssignment>true</staticGroupAssignment> <staticProfileAssignment>false</staticProfileAssignment> </ns0:endpoint>
{ "ERSEndPoint" : { "id" : "id", "name" : "name", "description" : "description", "mac" : "00:01:02:03:04:05", "profileId" : "profileId", "staticProfileAssignment" : false, "groupId" : "groupId", "staticGroupAssignment" : true, "portalUser" : "portalUser", "identityStore" : "identityStore", "identityStoreId" : "identityStoreId", "customAttributes" : { "customAttributes" : { "key1" : "value1", "key2" : "value2" } }, "mdmAttributes" : { "mdmServerName" : "MdmServerName", "mdmReachable" : true, "mdmEnrolled" : false, "mdmComplianceStatus" : false, "mdmOS" : "iOS", "mdmManufacturer" : "Apple Inc.", "mdmModel" : "iPad", "mdmSerial" : "10000000001", "mdmEncrypted" : false, "mdmPinlock" : false, "mdmJailBroken" : false, "mdmIMEI" : "IMEI", "mdmPhoneNumber" : "Phone Number" } } }
02-26-2018 02:40 PM
In short, Yes.
We have the IdentityGroup and Endpoint objects.
Get the list of IdentityGroups: GET https://ise.domain.com:9060/ers/config/identitygroup
Then create the Endpoint entry with a POST https://ise.domain.com:9060/ers/config/endpoint
From the ISE ERS SDK:
Method: | POST |
---|---|
URI: | https://ise.domain.com:9060/ers/config/endpoint |
HTTP 'Content-Type' Header: | application/xml | application/json |
HTTP 'Accept' Header: | application/xml | application/json |
HTTP 'ERS-Media-Type' Header (Not Mandatory): | identity.endpoint.1.2 |
HTTP 'X-CSRF-TOKEN' Header (Required Only if Enabled from GUI): | The Token value from the GET X-CSRF-TOKEN fetch request |
Bulk Support: | Operation 'Create' can be used within Bulk Request. |
Request Content:
<?xml version="1.0" encoding="UTF-8"?> <ns0:endpoint xmlns:ns0="identity.ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" description="description" id="id" name="name"> <customAttributes> <customAttributes> <entry> <key>key1</key> <value>value1</value> </entry> <entry> <key>key2</key> <value>value2</value> </entry> </customAttributes> </customAttributes> <groupId>groupId</groupId> <identityStore>identityStore</identityStore> <identityStoreId>identityStoreId</identityStoreId> <mac>00:01:02:03:04:05</mac> <mdmAttributes> <mdmComplianceStatus>false</mdmComplianceStatus> <mdmEncrypted>false</mdmEncrypted> <mdmEnrolled>false</mdmEnrolled> <mdmIMEI>IMEI</mdmIMEI> <mdmJailBroken>false</mdmJailBroken> <mdmManufacturer>Apple Inc.</mdmManufacturer> <mdmModel>iPad</mdmModel> <mdmOS>iOS</mdmOS> <mdmPhoneNumber>Phone Number</mdmPhoneNumber> <mdmPinlock>false</mdmPinlock> <mdmReachable>true</mdmReachable> <mdmSerial>10000000001</mdmSerial> <mdmServerName>MdmServerName</mdmServerName> </mdmAttributes> <portalUser>portalUser</portalUser> <profileId>profileId</profileId> <staticGroupAssignment>true</staticGroupAssignment> <staticProfileAssignment>false</staticProfileAssignment> </ns0:endpoint>
{ "ERSEndPoint" : { "id" : "id", "name" : "name", "description" : "description", "mac" : "00:01:02:03:04:05", "profileId" : "profileId", "staticProfileAssignment" : false, "groupId" : "groupId", "staticGroupAssignment" : true, "portalUser" : "portalUser", "identityStore" : "identityStore", "identityStoreId" : "identityStoreId", "customAttributes" : { "customAttributes" : { "key1" : "value1", "key2" : "value2" } }, "mdmAttributes" : { "mdmServerName" : "MdmServerName", "mdmReachable" : true, "mdmEnrolled" : false, "mdmComplianceStatus" : false, "mdmOS" : "iOS", "mdmManufacturer" : "Apple Inc.", "mdmModel" : "iPad", "mdmSerial" : "10000000001", "mdmEncrypted" : false, "mdmPinlock" : false, "mdmJailBroken" : false, "mdmIMEI" : "IMEI", "mdmPhoneNumber" : "Phone Number" } } }
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: