Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
3
Replies

Portal/REST API for adding network devices in ISE

manoj.k@pwc.com
Level 1
Level 1

‎03-05-2018 10:36 PM - edited ‎02-21-2020 10:47 AM

We are deploying ISE for Device Administration(TACACS+) for various network devices like routers, firewalls, switches etc. Now we need a portal (something like using REST API) to add these network devices where device owners can add their devices instead of login to ISE and adding those. We know that ACS support this kind of functionality but we are unable to find similar details for Cisco ISE.

 

Is it even possible to have a portal like this in ISE? If yes, can you please provide the details/documentation which can help us in achieving the same.

 

Thanks in advance!!

Labels:
0 Helpful
3 Replies 3

marce1000
VIP
VIP

‎03-05-2018 10:44 PM

 

 - Isn't that 'doubling the problem' ; I mean I think it's possible in ISE to define restricted operator roles so that users can add and delete devices too.

M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

manoj.k@pwc.com
Level 1
Level 1
In response to marce1000

‎03-05-2018 11:23 PM - edited ‎03-05-2018 11:26 PM

 
0 Helpful

manoj.k@pwc.com
Level 1
Level 1
In response to marce1000

‎03-05-2018 11:28 PM

I agree to your point... But the client is asking for that. And they are using a similar functionality with ACS and they really want to continue with that.

Below is the situation which the client needs to avoid:

Lets say that we use the the existing functionality of ISE to add/delete/modify devices. But then the client only wants them to add devices, not to remove devices. In the past, some incidents have happened where devices were deleted accidentally and the client doesn't want such incident to happen again. So they are looking for a portal where they have access just to add devices, not to remove.

For removing of devices, they want separate decommissioning process.



I guess this is not possible with the ISE admin roles as far as I checked in ISE.
0 Helpful
Customers Also Viewed These Support Documents