Solved: Re: Certificate Provisioning with Workflow

iurikura · ‎12-24-2017

Hi Team,

Customer wants to distribute BYOD certificate from ISE to endpoints (mainly windows10) with sponsor's approval workflow.

I came up with two scenarios.

Could you please let me know they are supported or is there any recommendation?

Pattern1: Manual EndPoint Group Assign scenario

1. A new device connect to network

2. Network Setup Assistance

3. After NSP finished, device firstly added to "PreApproval" endpoint group

4. Than, managers manually assign the device from "PreApproval" to "Approved" endpoint group.

Pattern2: Sponsored BYOD scenario

1. A new device connect to Guest network (guest network which is only used for NSP onboarding)

2. Using Guest Approval flow, Managers approve the device.

3. The device will redirected to DeviceRegistration and NSP process.

Thank you,

Itaru

Jason Kunst · ‎12-25-2017

You’re looking for a sponsored byod flow

Please start by navigating to our ISE Community dashboard

Http://cs.co/ise-community

Go to byod section

look for sponsor byod

Jason Kunst · ‎12-25-2017

You’re looking for a sponsored byod flow

Please start by navigating to our ISE Community dashboard

Http://cs.co/ise-community

Go to byod section

look for sponsor byod

iurikura · ‎12-25-2017

Hi Jason,

Thank you for the reply.

I read below.

I understood this scenario was assumed that a guest account for employee be made by sponsor.

Can we do the same thing with self-sponsored-guest scenario ?

Firstly, an employee create a guest account.

Secondly, a manager approve it.

Then, the employee can proceed to device registration and provisioning flow.

Thank you,

Itaru

Jason Kunst · ‎12-26-2017

Yes I believe should work but would need to test the flow in lab