Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
272
Views
0
Helpful
1
Replies

ISE BYOD implementation without Device Registration, endpoint cert

prathibha kota
Level 1
Level 1

‎07-29-2023 02:31 AM

Hello, we are looking to implement BYOD for our organization through ISE:

1) our intention is to basically allow only internet access for employees from their personal devices.

2) With the ISE BYOD flow, I understand that we could register and push endpoint certs to personal devices. However, since we do not want to manage nor provide any internal access to our network, can we still use ISE   BYOD Flow with dedicated Captive Portal authentication but don't want to register the device nor push the certificates?

3) Can we use same interface on the PSN to host both GUEST and BYOD Portals?

0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎07-29-2023 02:37 AM

@prathibha kota so you want BYOD for employee personal devices but without requiring a certificate? In which case create a CWA portal that uses AD authentication, the users connect to the SSID and authenticate using their AD credentials, if you wish to restrict access to the internal network apply a Downloadable ACL (DACL).

Yes you can use the same interface or use a dedicated interface.

0 Helpful
Customers Also Viewed These Support Documents