Group or condition for registred devices from "Device Registration Portal" (Guest Portal) ?
We use Cisco ISE 184.108.40.2069 on our network.
We've already set the Domain devices rules (AD), and it works correctly. Now we work on the BYOD rules, and I've a question about the "Device Registration Portal" processes.
Can I create a group (Endpoint Identity Groups or others) or a condition (Simple/Compound Conditions or others), which will be automatically attribuated to all registred devices from "Device Registration Portal" (Guest Portal)? Our objective is to created a basic rules inside Authorization Policy for all BYOD without OS distinction.
Currently, we've created a rule with the (built-in) Workstation group: Identity Management > Groups > Endpoint Identity Groups > Profiled > Workstation
But I'm not sure that all registred devices are going to obtain the "Profiled" group or one of these sub-groups (Cisco-IP-Phone or Workstation)? Can I choose and set the group or the condition that will be automatically attribuated to registred devices, or I have to use built-in groups inside "Endpoint Identity Groups"?
For information, currently when I registe a new device from "Device Registration Portal" (Guest Portal), by adding its MAC Address, this device is registred with the attributes:
I might be missing something or not fully understanding your question/requirements but you can definitely create a rule that is matching against the "registered" devices rather than the "profiled workstation" group. In your authorization policy you would just pick the "RegisteredDevices" group instead of the profiled one.
Keep in mind that if you are using ISE 1.2 you can sort of combine both the "Registered Group" and profiling data. You can do that by creating a "Logical Profile" under Policy>Profiling > Logical Profiles. Then you can reference this in your authorization policy by choosing "Endpoints > LogicalProfile" = name_of_the_logical_profile. That way you can have different rules that are all based on "RegisteredDevices" but different based on the logical profile group.
Cisco Privacy Survey highlights the emergence of “Privacy Active” consumers. People care about privacy, but to what extent does it guide their consumer behavior and their actions to protect their personal information? In our new Cisco Customer Privac...
Threat Response integrates with Cisco Email Security in one of two ways: Directly from the ESA, or via an SMA. Each has its own module, but either will bring email visibility into your investigations performed in Threat Response.
Via an SMA:
Earlier this year, we released Cisco Identity Services Engine (ISE) 2.6. It delivered a broad new set of features and greater scale - a big stride for both better NAC services that ISE delivers and better Software-Defined Access. Today, we’re thril...
Integrating Cisco Identity Services Engine with Cisco Meraki Systems Manager
Technical Marketing Engineer, Cisco Systems, Inc.
Cisco Meraki Systems Manager is a cloud base endpoint management solu...
Existing customers may download the Cisco Identity Services Engine (ISE) 2.7 which was released on November 18, 2019. For 90-day evaluations of ISE, please see How to Get ISE Evaluation Software & Licenses.