There are 3 main services that need to be enabled and running in order to complete a successful Integrations:
Just before you begin check to make sure ISE and Cisco DNA Center can ping each other, This may sound trivial, but many times is overseen and can save some headaches.
SSH enables the exchange of certificates to establish a trust relationship between ISE and Cisco DNA Center.
Verify that SSH is enabled on ISE. The following entry can be seen on the CLI Note: Both CLI and GUI Account must have identical passwords.
Validate by performing SSH from Cisco DNA Center to ISE , as well use the same username and password to access ISE GUI ( http://<ISE-Node> )
Various ERS API calls are used for the following:
Cisco DNA Center requires knowledge of the ISE deployment infrastructure in order to subscribe to the pxGrid Persona
pxGrid - subscription to ISE publisher to retrieve contextual date and SGTs
Update ISE with Cisco DNA Center Orchestrated Group Based Policies (SGTs,Contracts)
In ISE, navigate to Administration > System > Settings > ERS Settings and verify the "Enable ERS for Read/Write" check box is marked.
Cisco DNA Center will subscribe to the pxGrid publisher in order to retrieve contextual data as well as the SGTs.When integration is complete the Scalable Groups on the Policy Dashboard in Cisco DNA Center will be updated reflecting the existing list of SGTs on ISE.
Navigate to Administration > System > Deployment and click the node on the right hand side.
Navigate on Cisco DNA Center dashboard to the top right and click on the cog icon and select "System Settings"
Select "Settings" tab and choose "Authentication and Policy Servers"
Click on the plus icon and enter the ISE settings
Once complete click "Apply"
Note: To complete the integration process you may need to log onto your ISE instance and navigate to Administration > pxGrid Services to approve "dnac" Subscriber at which stage the "Pending" Status will change to "Online".
When Integration is completed you will notice on the Cisco DNA Center Policy Dashboard that the "Scalable Groups" value has incremented to the value of the number of SGTs currently on your ISE deployment (the value was null before the integration).What you are witnessing is Cisco DNA Center retrieving the ISE SGTs over API call.
As a sanity check, create an SGT on ISE and see how it increments on the Cisco DNA Center Policy dashboard.