Solved: Re: Manually adding endpoints to RegisteredDevices

GQ · ‎09-28-2017

Looks like registered BYOD endpoints were purged because of the default 30 day policy for a PoV. Tried to manually put their MACs back into the RegisteredDevices endpoint group (instead of 'profiled') but for some reason they still failed the Authentication because the group didn't match the policy step. Is this method supported?

Other endpoints we had them manually forget the SSID, rejoin via PEAP and kickoff another onboarding flow (acquiring certs). It would be great if we could manually put macs back into the group instead of that.

Thomas Wall · ‎09-28-2017

Gary,

Is your AuthZ rule looking for the endpoint in the RegisteredDevices group or are you trying to match on the BYOD flag for Device Registration? If the latter, can you try a bulk import of those devices and make sure you set the BYODRegistration status to Yes?

During the bulk import, new endpoints are added along with the defined attributes whereas existing endpoints will be updated. When you manually add the endpoint, you are not given the option to set the BYODRegistration field.

-Thomas

View solution in original post

Thomas Wall · ‎09-28-2017

Gary,

Is your AuthZ rule looking for the endpoint in the RegisteredDevices group or are you trying to match on the BYOD flag for Device Registration? If the latter, can you try a bulk import of those devices and make sure you set the BYODRegistration status to Yes?

During the bulk import, new endpoints are added along with the defined attributes whereas existing endpoints will be updated. When you manually add the endpoint, you are not given the option to set the BYODRegistration field.

-Thomas

GQ · ‎09-28-2017

Yes we were matching on the BYOD flag. I'll test that out.

Would the endpoint purge clear this flag? Seems like it would if the endpoint is gone.

Jason Kunst · ‎09-28-2017

Yes it would

GQ · ‎09-28-2017

Thanks all