This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hello, I am looking for a way to leverage ISE ERS so that the desktop support team could add mac addresses to various groups in ISE without actually logging into ISE as an admin. We would like to make it as simple as them selecting a group and import a MAC address. Has anyone tried this and do you have a guide that you are willing to share?
Solved! Go to Solution.
In short, Yes.
We have the IdentityGroup and Endpoint objects.
Get the list of IdentityGroups: GET https://ise.domain.com:9060/ers/config/identitygroup
Then create the Endpoint entry with a POST https://ise.domain.com:9060/ers/config/endpoint
From the ISE ERS SDK:
Method: | POST |
---|---|
URI: | https://ise.domain.com:9060/ers/config/endpoint |
HTTP 'Content-Type' Header: | application/xml | application/json |
HTTP 'Accept' Header: | application/xml | application/json |
HTTP 'ERS-Media-Type' Header (Not Mandatory): | identity.endpoint.1.2 |
HTTP 'X-CSRF-TOKEN' Header (Required Only if Enabled from GUI): | The Token value from the GET X-CSRF-TOKEN fetch request |
Bulk Support: | Operation 'Create' can be used within Bulk Request. |
Request Content:
<?xml version="1.0" encoding="UTF-8"?> <ns0:endpoint xmlns:ns0="identity.ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" description="description" id="id" name="name"> <customAttributes> <customAttributes> <entry> <key>key1</key> <value>value1</value> </entry> <entry> <key>key2</key> <value>value2</value> </entry> </customAttributes> </customAttributes> <groupId>groupId</groupId> <identityStore>identityStore</identityStore> <identityStoreId>identityStoreId</identityStoreId> <mac>00:01:02:03:04:05</mac> <mdmAttributes> <mdmComplianceStatus>false</mdmComplianceStatus> <mdmEncrypted>false</mdmEncrypted> <mdmEnrolled>false</mdmEnrolled> <mdmIMEI>IMEI</mdmIMEI> <mdmJailBroken>false</mdmJailBroken> <mdmManufacturer>Apple Inc.</mdmManufacturer> <mdmModel>iPad</mdmModel> <mdmOS>iOS</mdmOS> <mdmPhoneNumber>Phone Number</mdmPhoneNumber> <mdmPinlock>false</mdmPinlock> <mdmReachable>true</mdmReachable> <mdmSerial>10000000001</mdmSerial> <mdmServerName>MdmServerName</mdmServerName> </mdmAttributes> <portalUser>portalUser</portalUser> <profileId>profileId</profileId> <staticGroupAssignment>true</staticGroupAssignment> <staticProfileAssignment>false</staticProfileAssignment> </ns0:endpoint>
{ "ERSEndPoint" : { "id" : "id", "name" : "name", "description" : "description", "mac" : "00:01:02:03:04:05", "profileId" : "profileId", "staticProfileAssignment" : false, "groupId" : "groupId", "staticGroupAssignment" : true, "portalUser" : "portalUser", "identityStore" : "identityStore", "identityStoreId" : "identityStoreId", "customAttributes" : { "customAttributes" : { "key1" : "value1", "key2" : "value2" } }, "mdmAttributes" : { "mdmServerName" : "MdmServerName", "mdmReachable" : true, "mdmEnrolled" : false, "mdmComplianceStatus" : false, "mdmOS" : "iOS", "mdmManufacturer" : "Apple Inc.", "mdmModel" : "iPad", "mdmSerial" : "10000000001", "mdmEncrypted" : false, "mdmPinlock" : false, "mdmJailBroken" : false, "mdmIMEI" : "IMEI", "mdmPhoneNumber" : "Phone Number" } } }
In short, Yes.
We have the IdentityGroup and Endpoint objects.
Get the list of IdentityGroups: GET https://ise.domain.com:9060/ers/config/identitygroup
Then create the Endpoint entry with a POST https://ise.domain.com:9060/ers/config/endpoint
From the ISE ERS SDK:
Method: | POST |
---|---|
URI: | https://ise.domain.com:9060/ers/config/endpoint |
HTTP 'Content-Type' Header: | application/xml | application/json |
HTTP 'Accept' Header: | application/xml | application/json |
HTTP 'ERS-Media-Type' Header (Not Mandatory): | identity.endpoint.1.2 |
HTTP 'X-CSRF-TOKEN' Header (Required Only if Enabled from GUI): | The Token value from the GET X-CSRF-TOKEN fetch request |
Bulk Support: | Operation 'Create' can be used within Bulk Request. |
Request Content:
<?xml version="1.0" encoding="UTF-8"?> <ns0:endpoint xmlns:ns0="identity.ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" description="description" id="id" name="name"> <customAttributes> <customAttributes> <entry> <key>key1</key> <value>value1</value> </entry> <entry> <key>key2</key> <value>value2</value> </entry> </customAttributes> </customAttributes> <groupId>groupId</groupId> <identityStore>identityStore</identityStore> <identityStoreId>identityStoreId</identityStoreId> <mac>00:01:02:03:04:05</mac> <mdmAttributes> <mdmComplianceStatus>false</mdmComplianceStatus> <mdmEncrypted>false</mdmEncrypted> <mdmEnrolled>false</mdmEnrolled> <mdmIMEI>IMEI</mdmIMEI> <mdmJailBroken>false</mdmJailBroken> <mdmManufacturer>Apple Inc.</mdmManufacturer> <mdmModel>iPad</mdmModel> <mdmOS>iOS</mdmOS> <mdmPhoneNumber>Phone Number</mdmPhoneNumber> <mdmPinlock>false</mdmPinlock> <mdmReachable>true</mdmReachable> <mdmSerial>10000000001</mdmSerial> <mdmServerName>MdmServerName</mdmServerName> </mdmAttributes> <portalUser>portalUser</portalUser> <profileId>profileId</profileId> <staticGroupAssignment>true</staticGroupAssignment> <staticProfileAssignment>false</staticProfileAssignment> </ns0:endpoint>
{ "ERSEndPoint" : { "id" : "id", "name" : "name", "description" : "description", "mac" : "00:01:02:03:04:05", "profileId" : "profileId", "staticProfileAssignment" : false, "groupId" : "groupId", "staticGroupAssignment" : true, "portalUser" : "portalUser", "identityStore" : "identityStore", "identityStoreId" : "identityStoreId", "customAttributes" : { "customAttributes" : { "key1" : "value1", "key2" : "value2" } }, "mdmAttributes" : { "mdmServerName" : "MdmServerName", "mdmReachable" : true, "mdmEnrolled" : false, "mdmComplianceStatus" : false, "mdmOS" : "iOS", "mdmManufacturer" : "Apple Inc.", "mdmModel" : "iPad", "mdmSerial" : "10000000001", "mdmEncrypted" : false, "mdmPinlock" : false, "mdmJailBroken" : false, "mdmIMEI" : "IMEI", "mdmPhoneNumber" : "Phone Number" } } }