Showing results for 
Search instead for 
Did you mean: 

ISE APIs - Policy manipulation

Cisco Employee
Cisco Employee

I have a customer trying to leverage the APIs to manipulate policies.  They are using ISE for their authentication and policy associated with MDU WiFi. Speaking with Stephen Colby, he mentioned that some functionality is coming with policy authoring in the API in the 2.7 release.  Will the customer's scenario be addressed and is that committed?



From our customer:


Now that we’ve gone through the process manually, I have a much better idea of what we would need to automate. Hopefully I can explain it below! (screenshot attached)


We would need to be able to automate the following: (which, at a glance, I don’t think can be done via the existing API endpoints)


  1. Given a Policy Set name, be able to look up and identify that Policy Set
  2. Given an Authorization Policy’s Rule name, be able to look up and identify that Rule in the Authorization Policy within the Policy Set identified in Step 1
  3. Add a new Rule beneath the existing Rule identified in Step 2, either by “Insert new row below” or “Duplicate below”
  4. If Duplicate, be able to change the EndPoint: Portal User in the Conditions of the duplicated rule *and* change the Security Group
  5. If Insert, be able to set the Conditions of the newly created rule *and* set the Security Group


There’s some complexity involved in the logic involved in setting Conditions associated with a Rule, so I wouldn’t be too surprised if you weren’t able to do that via API calls…


Is there a way to view and/or set Rules via the CLI that we could interact with?Capture.PNG

1 Reply 1

Cisco Employee
Cisco Employee

Such is only possible via ISE admin web UI. I would suggest you to discuss it with our PM teams.