Scribd
Upload
297 views

API - Practical Deployment of Cisco Identity Services Engine (ISE)

API

Uploaded by

Maruthi Halavi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
297 views

API - Practical Deployment of Cisco Identity Services Engine (ISE)

API

Uploaded by

Maruthi Halavi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

4/11/2018 API - Practical Deployment of Cisco Identity Services Engine (ISE)

 Practical Deployment of Cisco Identity Services Engine (ISE)

PREV NEXT
⏮ ⏭
RBAC Monitoring REST API
 +/−

API 275

Save it and then go to the Policy area. Here we will map Admin Groups to their respective
menu/data/both access permissions. The default policies show off the built-in RBAC poli-
cies as well as different ways to use menu/data permissions; looking at the External RESTful
Services (ERS) examples you can see that it’s possible to even just assign data permissions
with no access to menu items. Like the access side of ISE where we build components and
then join them into a policy to provide access, we need to do that same thing with the RBAC
components we just created. We’ll insert a new policy into the existing ones and then start
lling in our values. Name can be anything you want, the Admin Groups will be one or more
Admin Groups you want to grant access, and Permissions will be the menu and data permis-
3
sions we customized.
Your resulting policy line should look something like this:

Now when users in the WG Helpdesk Admin group log in, they will have access to EPS ac-
tions as well as endpoint identity information. Since administrative policy’s gets aggregated
there is another way we could have gone about this; create an EPS group and an endpoint iden-
tity group, assign our users to those groups, create EPS and endpoint identity specic menu/
data permissions, and then assign the EPS menu access/endpoint group the endpoint data/
menu access. Technically that ts a little bit better into the RBAC way of thinking but it has a
disadvantage in that it’s hard to tell at a glance what access a single user would have. Add to
that possibly nested groups within your external identity source and you can get a pretty com-
plicated setup going on. Our recommendation would be to keep things role based like we ini-
tially designed for most deployments unless you have good reason too or if you have some sort
of Identity and Access Management (IAM) system that can easily tell you who has what access.

API

ISE has three APIs available for you to use—Representational State Transfer (REST), ERS,
and pxGrid. Programming with them is out of scope for the book, and probably could be a
book in and of itself, but we’ll hit on each one so you are better prepared to deal with them.
There are some similarities between each one but overall each API specializes in a specic
type of action so it would be worthwhile to align your API choice with your goal. For in-

depth descriptions and examples check out the ISE API Reference Guide.

3
RBAC policies are not rst matched but instead built on each other so users in multiple groups will see their access
match the total of what those groups have. Full access takes precedence over no access.

https://www.safaribooksonline.com/library/view/practical-deployment-of/9780128045046/chapter-100.html 1/3
4/11/2018 API - Practical Deployment of Cisco Identity Services Engine (ISE)

https://www.safaribooksonline.com/library/view/practical-deployment-of/9780128045046/chapter-100.html 2/3
4/11/2018 API - Practical Deployment of Cisco Identity Services Engine (ISE)

Recommended / Playlists / History / Topics / Tutorials / Settings / Get the App / Sign Out
© 2018 Safari. Terms of Service / Privacy Policy

https://www.safaribooksonline.com/library/view/practical-deployment-of/9780128045046/chapter-100.html 3/3

You might also like