IMO you have a few options to accomplish what you are looking for. Here are a few: -From a context visibility perspective identify unique attributes that you can target to profile the devices and auto-add their MAC to your desired endpoint group. -Use Rest APIs to perform one-by-one or bulk endpoint updates/adds into the respective group. -Manually add them via ISE PAN gui. Depending on size (how many clients) this would be rather tedious. Note that in order for a few of these options to work we are under the assumption ISE is aware of the endpoints. HTH!
We have a requirements, A wireless guest user has to disconnect from the self registered session after two hours and after disconnection the user should not connect back and go to black list end points back
You have the ability to setup a unique Guest Type where you can setup max account duration for 2 hours, and you can set the timer to start upon first login. Then you could utilize auto endpoint purging to purge devices if you wish from your respective group. Endpoint purge can be found and tweaked under Administration->Identity Management->Settings->Endpoint purge. As far as Guest setup see here more for info: https://www.cisco.com/c/en/us/td/docs/security/ise/2-6/admin_guide/b_ise_admin_guide_26/b_ise_admin_guide_26_chapter_01111.html
