Thank you for the response. Given your reputation, I'm confident that's the right answer. But is there any documentation you can point me to which confirms this? To me, it certainly seems like an obvious detail one needs to know to use this feature, so I'm confused why I can't find a clear answer.

Scott,

I misspoke earlier and corrected my post. Sorry about that. I was remembering a recent deployment I did that had combined persona nodes (2-node ISE deployment).

I checked one of my production deployments where the personas are completely separate. It turns out we use the M&T node(s) in Prime when adding ISE servers.

It's not specified anywhere in the documentation (for either ISE or Prime Infrastructure) that I could find; but the system the screenshot below (open in new tab to zoom) is taken from is working as expected.

I would like to ask a follow-up, if you don't mind. I was asked to enable this integration by a colleague who manages our WLCs through PI. Is this PI/ISE integration only for AAA? Or is there data-sharing that goes on (such as viewing auth logs from ISE in the PI interface) that happens when this integration is enabled? My colleague claimed that he would be able to view ISE logs from PI, but after reading some doc, I wonder if he /assumed/ that and the integration is only for AAA into PI...

ISE will send Accounting information to Prime Infrastructure. It is then available through Monitor > Users and Computers. Further detail can be seen in the User / Device 360 and detail views.

I've included below a details view screen shot that shows what you see in an integrated setup. I've redacted some of the info but you get the gist (open in new tab to zoom):

Thanks very much. I guess that explains why you point it at the M&T node.

Thanks again.

Just wanted to confirm that we pulled the trigger on this last evening, pointed at the primary and secondary M&T nodes, and everything works as expected. Thanks very much.

Excellent - thanks for the follow up.

That particular integration is one of the more useful ones in my opinion. I try to set it up whenever I have a customer with both products even if it isn't specifically requested. My thought is that it enhances the value of the overall set of solutions.

Hi Marvin,

Eventhough this is a very old post, I hope you will be able to see this message. I integrated two MNT nodes (ISE 2.6 - patch6) using a user account that has MNTAdmin privileges with PI 3.7 today and found that I am able to see only few details related to an endpoint. I am not able to see the below.

- Domain name 

- Posture status

- Authorization policy detail

- EAP Type

Have you faced this issue before?. Kindly help.

Thanks