Integrate with Cisco ISE

Created: Modified: Documentation

NOTE: This article applies to Android and iOS devices.

Mobile Access Management 6.1 and later supports the integration with Cisco Identity Services Engine (ISE) to pre-register iOS and Android devices for Wi-Fi.

Mobile Access Management integrates with Cisco ISE to allow administrators to automate allow-listing mobile devices for secure Wi-Fi networks. Mobile Access Management can add device MAC addresses to an ISE device group specified in the Register with Cisco ISE Workflow action. Mobile Access Management communication to the Cisco ISE server originates from the Launchpad running the Workflow action, not from the MAM server in the cloud.

Prerequisites

Take note of the following prerequisites:

  • Enable External RESTful Services (ERS) in the Cisco ISE environment for this integration.
  • In Cisco ISE, create a group to manage the MAM devices. Take note of the Group Name for later use when configuring the Register with Cisco ISE Workflow action in GroundControl.
Mobile Access Management Configuration

To configure the Cisco ISE integration in MAM:

  1. In the MAM console, navigate to the Admin > Cisco ISE tab and switch to ON.
  2. Click Configure.
  3. In the Cisco ISE hostname box, type the hostname of the Cisco ISE server.
  4. In the Port number box, type the port number for the Cisco ISE server. By default, the port number is 9060.
  5. In the Username box, type the username for an admin user for the Cisco ISE server.
  6. In the Password box, type the password for the user.
  7. By default, SSL checks are enabled.
  8. Click Test to test the connection between the Launchpad and Cisco ISE.
  9. Click Save.

NOTE: If you make changes to the Cisco ISE configuration, you must restart the Launchpads to pick up the changes.

Add a Workflow Action — Register with Cisco ISE

This action allows you to register devices with Cisco ISE. The Workflow action is run at the Launchpad. In case of a multi-phase deployment, it is run in the first phase.

  1. Create or edit a Workflow. From the Add an action menu, select Advanced > Register with Cisco ISE.
  2. In the Cisco ISE device group name box, type the name of the device group in Cisco ISE to which you would like to register devices. This action will succeed regardless of whether a device is already a member of an existing group.
  3. Optional. Click Errors in this Workflow action will fail the deployment. Click Save.
  4. Deploy the Workflow to your devices.