cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
205
Views
1
Helpful
3
Replies

ISE 3.3 change custom name Policy Element via API

JPavonM
VIP
VIP

Hi colleagues,

This question is part of a M&A integration were their Identity Store for authentication and authorization is Entra ID, but we don't have Advanced licenses to connect with InTune so need a manual workaround to deny machines with revoked certificates. (Allowed machines' authorization is done via a policy to match hostnames pattern. (Not secure but enough during the merge)

I am using a custom Policy element named "Deny Machine Names" where I'm placing all machine names that I don't want to connect to the wireless. (We are using EAP-TLS so need to look for revoked certs), as ISE cannot consult their private CRL/OCSP URL on the on-premises CA, so the only way that I have found is to manually exclude the hostnames of the machines with revoked certificates. 

JPavonM_1-1728916442941.png

JPavonM_0-1728916395135.png

This element is then used in an Authorization Policy - Global Exceptions:

JPavonM_4-1728916570239.png

Now the problem that I have found is that I cannot find how to edit that custom Policy Element via API.

Is there any way to do that?

1 Accepted Solution

Accepted Solutions

Greg Gibbs
Cisco Employee
Cisco Employee

You should be able to use the Policy (OpenAPI) calls to create and update conditions as documented here:
https://developer.cisco.com/docs/identity-services-engine/latest/policy-openapi/

The following PUT API call should allow you to update that custom condition:

/api/v1/policy/network-access/condition/condition-by-name/{conditionName}

View solution in original post

3 Replies 3

Greg Gibbs
Cisco Employee
Cisco Employee

You should be able to use the Policy (OpenAPI) calls to create and update conditions as documented here:
https://developer.cisco.com/docs/identity-services-engine/latest/policy-openapi/

The following PUT API call should allow you to update that custom condition:

/api/v1/policy/network-access/condition/condition-by-name/{conditionName}

JPavonM
VIP
VIP

Thanks for that, I was only looking into ERS APIs

JPavonM
VIP
VIP

But how can I import the Open API schemas to be used in Postman?
https://<ise>/api/swagger-ui/index.html