cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

559
Views
0
Helpful
1
Replies
Richard Lucht
Beginner

API to perform CRUD Operations on endpoints and groups of endpoints

Hello,  I am looking for a way to leverage ISE ERS so that the desktop support team could add mac addresses to various groups in ISE without actually logging into ISE as an admin.  We would like to make it as simple as them selecting a group and import a MAC address.  Has anyone tried this and do you have a guide that you are willing to share?

1 ACCEPTED SOLUTION

Accepted Solutions
thomas
Cisco Employee

In short, Yes.

We have the IdentityGroup and Endpoint objects.

Get the list of IdentityGroups: GET https://ise.domain.com:9060/ers/config/identitygroup

Then create the Endpoint entry with a POST https://ise.domain.com:9060/ers/config/endpoint

From the ISE ERS SDK:

Endpoint

Create

Method:POST
URI:https://ise.domain.com:9060/ers/config/endpoint
HTTP 'Content-Type' Header:application/xml | application/json
HTTP 'Accept' Header:application/xml | application/json
HTTP 'ERS-Media-Type' Header (Not Mandatory):identity.endpoint.1.2
HTTP 'X-CSRF-TOKEN' Header (Required Only if Enabled from GUI):The Token value from the GET X-CSRF-TOKEN fetch request
Bulk Support:Operation 'Create' can be used within Bulk Request.

Request Content:


XML


<?xml version="1.0" encoding="UTF-8"?> <ns0:endpoint xmlns:ns0="identity.ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" description="description" id="id" name="name"> <customAttributes> <customAttributes> <entry> <key>key1</key> <value>value1</value> </entry> <entry> <key>key2</key> <value>value2</value> </entry> </customAttributes> </customAttributes> <groupId>groupId</groupId> <identityStore>identityStore</identityStore> <identityStoreId>identityStoreId</identityStoreId> <mac>00:01:02:03:04:05</mac> <mdmAttributes> <mdmComplianceStatus>false</mdmComplianceStatus> <mdmEncrypted>false</mdmEncrypted> <mdmEnrolled>false</mdmEnrolled> <mdmIMEI>IMEI</mdmIMEI> <mdmJailBroken>false</mdmJailBroken> <mdmManufacturer>Apple Inc.</mdmManufacturer> <mdmModel>iPad</mdmModel> <mdmOS>iOS</mdmOS> <mdmPhoneNumber>Phone Number</mdmPhoneNumber> <mdmPinlock>false</mdmPinlock> <mdmReachable>true</mdmReachable> <mdmSerial>10000000001</mdmSerial> <mdmServerName>MdmServerName</mdmServerName> </mdmAttributes> <portalUser>portalUser</portalUser> <profileId>profileId</profileId> <staticGroupAssignment>true</staticGroupAssignment> <staticProfileAssignment>false</staticProfileAssignment> </ns0:endpoint>

JSON

{ "ERSEndPoint" : { "id" : "id", "name" : "name", "description" : "description", "mac" : "00:01:02:03:04:05", "profileId" : "profileId", "staticProfileAssignment" : false, "groupId" : "groupId", "staticGroupAssignment" : true, "portalUser" : "portalUser", "identityStore" : "identityStore", "identityStoreId" : "identityStoreId", "customAttributes" : { "customAttributes" : { "key1" : "value1", "key2" : "value2" } }, "mdmAttributes" : { "mdmServerName" : "MdmServerName", "mdmReachable" : true, "mdmEnrolled" : false, "mdmComplianceStatus" : false, "mdmOS" : "iOS", "mdmManufacturer" : "Apple Inc.", "mdmModel" : "iPad", "mdmSerial" : "10000000001", "mdmEncrypted" : false, "mdmPinlock" : false, "mdmJailBroken" : false, "mdmIMEI" : "IMEI", "mdmPhoneNumber" : "Phone Number" } } }

View solution in original post

1 REPLY 1
thomas
Cisco Employee

In short, Yes.

We have the IdentityGroup and Endpoint objects.

Get the list of IdentityGroups: GET https://ise.domain.com:9060/ers/config/identitygroup

Then create the Endpoint entry with a POST https://ise.domain.com:9060/ers/config/endpoint

From the ISE ERS SDK:

Endpoint

Create

Method:POST
URI:https://ise.domain.com:9060/ers/config/endpoint
HTTP 'Content-Type' Header:application/xml | application/json
HTTP 'Accept' Header:application/xml | application/json
HTTP 'ERS-Media-Type' Header (Not Mandatory):identity.endpoint.1.2
HTTP 'X-CSRF-TOKEN' Header (Required Only if Enabled from GUI):The Token value from the GET X-CSRF-TOKEN fetch request
Bulk Support:Operation 'Create' can be used within Bulk Request.

Request Content:


XML


<?xml version="1.0" encoding="UTF-8"?> <ns0:endpoint xmlns:ns0="identity.ers.ise.cisco.com" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns1="ers.ise.cisco.com" xmlns:ers="ers.ise.cisco.com" description="description" id="id" name="name"> <customAttributes> <customAttributes> <entry> <key>key1</key> <value>value1</value> </entry> <entry> <key>key2</key> <value>value2</value> </entry> </customAttributes> </customAttributes> <groupId>groupId</groupId> <identityStore>identityStore</identityStore> <identityStoreId>identityStoreId</identityStoreId> <mac>00:01:02:03:04:05</mac> <mdmAttributes> <mdmComplianceStatus>false</mdmComplianceStatus> <mdmEncrypted>false</mdmEncrypted> <mdmEnrolled>false</mdmEnrolled> <mdmIMEI>IMEI</mdmIMEI> <mdmJailBroken>false</mdmJailBroken> <mdmManufacturer>Apple Inc.</mdmManufacturer> <mdmModel>iPad</mdmModel> <mdmOS>iOS</mdmOS> <mdmPhoneNumber>Phone Number</mdmPhoneNumber> <mdmPinlock>false</mdmPinlock> <mdmReachable>true</mdmReachable> <mdmSerial>10000000001</mdmSerial> <mdmServerName>MdmServerName</mdmServerName> </mdmAttributes> <portalUser>portalUser</portalUser> <profileId>profileId</profileId> <staticGroupAssignment>true</staticGroupAssignment> <staticProfileAssignment>false</staticProfileAssignment> </ns0:endpoint>

JSON

{ "ERSEndPoint" : { "id" : "id", "name" : "name", "description" : "description", "mac" : "00:01:02:03:04:05", "profileId" : "profileId", "staticProfileAssignment" : false, "groupId" : "groupId", "staticGroupAssignment" : true, "portalUser" : "portalUser", "identityStore" : "identityStore", "identityStoreId" : "identityStoreId", "customAttributes" : { "customAttributes" : { "key1" : "value1", "key2" : "value2" } }, "mdmAttributes" : { "mdmServerName" : "MdmServerName", "mdmReachable" : true, "mdmEnrolled" : false, "mdmComplianceStatus" : false, "mdmOS" : "iOS", "mdmManufacturer" : "Apple Inc.", "mdmModel" : "iPad", "mdmSerial" : "10000000001", "mdmEncrypted" : false, "mdmPinlock" : false, "mdmJailBroken" : false, "mdmIMEI" : "IMEI", "mdmPhoneNumber" : "Phone Number" } } }
Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube