Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3391
Views
0
Helpful
3
Replies

Multiple MDM solutions and a single ISE cluster

ben.posner
Level 1
Level 1

‎02-10-2017 11:26 AM - edited ‎03-11-2019 12:27 AM

Hey all,

What the heck is the point of being able to configure multiple MDM solutions in ISE if you can only use ONE at a time?!?

I’m working on an upgrade to ISE 2.1 and for years now we’ve had an issue where we can only use a single MDM for phones/tablets for ISE authentication. We need to upgrade from our old GOOD solution to BES12 and while I can configure BOTH in ISE at the same time I can only have one of them active at any given time. What is the point of this. I was told that ISE 2.X would support multiple MDM and I guess if you want to be pedantic about it it does but come on!!! these are all from this document: ISE 2-1 Admin Guide

You can run multiple active MDM servers on your network, including ones from different vendors. This allows you to route different endpoints to different MDM servers based on device factors such as location or device type.

and


You can configure Cisco ISE to interoperate with one or more external Mobile Device Manager (MDM) servers. By setting up this type of third-party connection, you can leverage the detailed information available in the MDM database.

This sure sounds like I should be able to do what I’m trying to do… but further down the ISE 2.1 admin guide you find this:

Define Mobile Device Management Servers in ISE
You can create one or more Mobile Device Management (MDM) definitions for external MDM servers. Although you can configure multiple MDM server definitions, you can activate only one MDM server with which Cisco ISE interoperates at a time.

What is the POINT?!?

2 people had this problem
Labels:
0 Helpful
3 Replies 3

nspasov
Cisco Employee
Cisco Employee

‎02-16-2017 01:25 PM

Hi Ben-

You are correct with your findings. While you can define multiple MDM providers only one of them can be active at a time. I also share your frustration as this is something that has been requested from many customers. AFIK it is on the road map of ISE but it has not been committed to an actual version. 

Here is also a post from one of the former TMEs for ISE:

https://communities.cisco.com/thread/61932?start=0&tstart=0

The best thing to do here is to reach out to your local Cisco team and ask them to file a defect/enhancement request (One might be out there already) and see if they can actually provide you with ETA/version release of when this feature will be available. 

I know this is not the answer you were looking for but I figured I would share what I know :)

Thank you for rating helpful posts!

0 Helpful

mstraessle
Level 4
Level 4
In response to nspasov

‎05-23-2017 12:44 AM

We have the same setup and tried different solutions. But unfortunatly none if them was working as expected (with attributes and multiple AuthZ Policies etc. see also Attachment).

So for my understanding so far, there is no working solutions when try to integrate multple Versions of an MDM System unless the feature will be commited and implemented. True?

Preview file
221 KB
0 Helpful

Craig Hyps
Level 10
Level 10
In response to mstraessle

‎07-07-2017 01:05 PM

See updated reply here: https://communities.cisco.com/message/261796

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents