What is Cisco Identity Services Engine?

Cisco Identity Services Engine (ISE), is an identity and access control policy platform enables enterprises to enforce compliance, enhance infrastructure security, and streamline their user network access operations. Cisco ISE allows enterprises to gather real-time contextual information from networks, users, and devices to facilitate network user access operations and to make proactive governance decisions by tying identity to various network elements including access switches, wireless LAN controllers (WLCs), virtual private network (VPN) gateways, and data center switches. Primary use cases for Cisco ISE:

  • Allows enterprises to authenticate and authorize users and endpoints via wired, wireless, and VPN with consistent policy throughout the enterprise
  • Enables BYOD user self-enrollment and policy compliance management
  • Provides complete guest user lifecycle management by empowering sponsors to on-board guests
  • Offers comprehensive visibility of the network by automatically discovering, classifying and controlling of endpoints connecting the network to enable the appropriate services per endpoint
  • Addresses vulnerabilities on user machines through periodic evaluation and remediation to help proactively mitigate network threats such as viruses, worms, and spyware
  • Enforces security policies by blocking, isolating, and repairing noncompliant machines in a quarantine area without requiring administrator attention
  • Offers a built-in monitoring, reporting, and troubleshooting console to assist help-desk operators and administrators streamline operations
  • Allows you to get finer granularity while identifying devices on your network with Active Endpoint Scanning. Augments network-based profiling by targeting specific endpoints (based on policy) for specific attribute device scans, resulting in better accuracy and comprehensive visibility of what is on your network

 

Brief Intro

APIs resident on Cisco ISE enable CDN technology partners to gain access to or to supplement user, device and posture contextual information available from Cisco ISE. This contextual information may be used to simplify management workflows by providing a single screen containing the technology partner's native information supplemented by user, device or posture information accessed via an API on Cisco ISE. Additionally, partners may pass relevant information to Cisco ISE to be utilized in user or device policy decisions. 
 

  • Combine partners contextual information, such as end device software inventory, with context from Cisco ISE to drive new and more granular user network access policy decisions
  • Partner accesses user, device or network access status from Cisco ISE to present more information in their management interface thus enhancing network or application visibility for their end customers.

 Benifits

  • User/device context for network management
  • Enhance network troubleshooting applications with user, device and AAA information
  • Share mobile user information from MDM systems with Cisco ISE to drive access policy and session visibility
  • Utilize Cisco ISE as a method of making enforcement actions in the network

 

Core Overview Documentation

Integration with Cisco ISE requires the express consent of Cisco. The engagement model involves direct consultation with developers on the Cisco ISE product team. As such, public documentation is limited to the "Cisco Identity Services Engine API Reference Guide".

 

Architecture Diagram


The Cisco ISE API calls are used by supported client types: remote Java, browser-based, or PHP (hypertext preprocessor), and for the purpose of accessing the Cisco Monitoring ISE node and retrieving important session-based information that is stored in the Cisco ISE deployment endpoints.

Cisco ISE Distributed Deployment and REST APIs

As shown in the figure below, the REST (HTTPS) API calls are used by supported client types: remote Java, browser-based, or PHP (hypertext preprocessor), and for the purpose of accessing the Cisco Monitoring ISE node and retrieving important session-based information that is stored in the Cisco ISE deployment endpoints.
 

Cisco ISE Distributed Deployment and REST APIs