10-14-2024 07:40 AM
Hi colleagues,
This question is part of a M&A integration were their Identity Store for authentication and authorization is Entra ID, but we don't have Advanced licenses to connect with InTune so need a manual workaround to deny machines with revoked certificates. (Allowed machines' authorization is done via a policy to match hostnames pattern. (Not secure but enough during the merge)
I am using a custom Policy element named "Deny Machine Names" where I'm placing all machine names that I don't want to connect to the wireless. (We are using EAP-TLS so need to look for revoked certs), as ISE cannot consult their private CRL/OCSP URL on the on-premises CA, so the only way that I have found is to manually exclude the hostnames of the machines with revoked certificates.
This element is then used in an Authorization Policy - Global Exceptions:
Now the problem that I have found is that I cannot find how to edit that custom Policy Element via API.
Is there any way to do that?
Solved! Go to Solution.
10-14-2024 02:02 PM
You should be able to use the Policy (OpenAPI) calls to create and update conditions as documented here:
https://developer.cisco.com/docs/identity-services-engine/latest/policy-openapi/
The following PUT API call should allow you to update that custom condition:
/api/v1/policy/network-access/condition/condition-by-name/{conditionName}
10-14-2024 02:02 PM
You should be able to use the Policy (OpenAPI) calls to create and update conditions as documented here:
https://developer.cisco.com/docs/identity-services-engine/latest/policy-openapi/
The following PUT API call should allow you to update that custom condition:
/api/v1/policy/network-access/condition/condition-by-name/{conditionName}
10-14-2024 11:05 PM
Thanks for that, I was only looking into ERS APIs
10-15-2024 12:55 AM
But how can I import the Open API schemas to be used in Postman?
https://<ise>/api/swagger-ui/index.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide