Cisco Identity Services Engine (ISE)
  • 1 minute to read
  • Print
  • Share
  • Dark
    Light

Cisco Identity Services Engine (ISE)

  • Print
  • Share
  • Dark
    Light

The Cisco Identity Services Engine (ISE) adapter connects to the Cisco ISE management interface in order to enable the creation and enforcement of security and access policies for endpoint devices connected to managed routers and switches.

The Cisco ISE adapter connection requires the following parameters:

  1. Cisco ISE Domain – The hostname for Cisco ISE.
  2. User Name – The username of the service account used to interact with Cisco ISE (see following section)
  3. Password – The password for the service account used to interact with Cisco ISE (see following section)
  4. Verify SSL – Choose whether to verify the SSL certificate of the server.
  5. HTTPS Proxy (optional) – Connect the adapter to a proxy instead of directly connecting it to the domain.
  6. Choose Instance - If you are using multi-nodes, choose the Axonius node that is integrated with the adapter. By default, the 'Master' Axonius node (instance) is used. For details, see Connecting Additional Axonius Nodes

image.png

Create a Service Account for Axonius in Cisco ISE

In order to create a service account for Axonius with the sufficient permissions for calling the Cisco ISE API, do as follows:

  1. Navigate to Administration > Admin Access > Administrators > Admin Users and click on Add:

    ise-account-step-1

  2. Assign an access type. Select ReadOnly. You can choose between Read/Write or ReadOnly.

  3. Add the user to one of the following Admin Groups: ERS Admin or ERS Operator.

  4. Enable ERS (External RESTful Services) to allow REST calls. To do this navigate to Administration > System > Settings > ERS Settings then select Enable ERS for Read/Write under the Primary Administration Node:

    ise-account-step-3

    NOTE
    The ERS setting must be enabled after each upgrade as it is reset to "disabled" during each upgrade. If you plan on utilizing this adapter, we recommend adding a note to your Cisco ISE upgrade process documentation that the REST API should be enabled at the end of each upgrade.
Was this article helpful?