Customer use case:
We were able to retrieve certificates from our Microsoft Certificate Authority to our ChromeOS devices. This satisfies one of the conditions to permit a Chrome OS device to access our Cisco ISE wifi access point.
However, we need some assistance in fulfilling another condition where the device is part of an inventory like Active Directory, AirWatch or Jamf.
For instance:
- when Windows devices access the ISE wifi the conditions are: CA Certificate + Hostname is in AD
- when IOS devices access the ISE wifi the conditions are: CA Certificate + Device is in AirWatch
- when OSX devices access the ISE wifi the conditions are: CA Certificate + Device is in Jamf
If you have any insight on how we could fulfill this 2nd condition we would really appreciate it.
Since Cisco ISE does not have a connector for the Chrome Enterprise Console like it does with AD, Airwatch and Jamf we were considering creating a computer account in AD that matches the hostname of the Chrome OS device. And have Cisco ISE check a group for the object we created. This condition did not work.
We would appreciate it if you had any suggestions or information on how other organizations allow Chrome Enterprise shared managed devices access Wifi using Cisco ISE. Are there best practices for our use case?
Regarding the 2nd condition where we attempted creating a computer account in AD that matches the hostname of the Chrome OS device and we had Cisco ISE check a group for the object we created but the condition failed. We tried to mimic the condition that we use for Windows devices. Is there something in particular(like an attribute) that the Cisco Condition checks for?
