09-03-2018 04:56 AM
Hi all
customer has a requirement to use certificates to trust BYOD devices on their network with ISE - Contractors bring in there own machines and have AD accounts for Auth ..
They have tested "device on-boarding" workflows with ISE However have hit a few stumbling blocks
1) they don't believe that using a username/password to then use SCEP to issue a cert is secure enough ...
2) We have tested using temporal agent to validate some checks for the BYOD devices to add a further level of validation however one of the checks they need to validate is disk encryption check - and temporal agent doesn't support this ....
3) they need to support , Windows , Mac and Linux machines
4) they know we have workflows in Guest for Sponsor approval and have asked if we can do something similar for BYOD validation .. ie allow the byod machine to auth with AD credentials , BUT then only get a cert issued once "approved"
Any ideas guys ?
Solved! Go to Solution.
09-04-2018 09:54 AM
Please refer to the BYOD deployment guide.
https://community.cisco.com/t5/security-documents/cisco-ise-byod-deployment-guide/ta-p/3641867
Any other flow that is different from what is documented above needs to be addressed by our PM team as new feature.
- Krish
09-04-2018 09:54 AM
Please refer to the BYOD deployment guide.
https://community.cisco.com/t5/security-documents/cisco-ise-byod-deployment-guide/ta-p/3641867
Any other flow that is different from what is documented above needs to be addressed by our PM team as new feature.
- Krish
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide