Cisco ISE - JAMF
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-04-2018 01:03 AM
We are moving to Cisco ISE in near future. Is there any known API etc, where Cisco Ise can get info from JAMF in authenticating devices. I am thinking about EAP-TLS WIfi, there Cisco Ise could verify devices in Jamf, but somehow a link between the 2 systems must be made.
Today the issue is that mac´s are not bound to AD, and EAP-TLS is authenticated to AD groups with computer objects. But with Cisco Ise there should be better option available as far I am informed
Don´t know if anyone has some knowledge on Cisco ISE and Jamf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-04-2018 05:01 AM
An older document, but this might help: http://docs.jamf.com/9.9/casper-suite/administrator-guide/Network_Integration.html
Basically ISE makes use of a Jamf Pro Advanced Search and a URL to plug into ISE. ISE will require some read access to the Jamf Pro instance...an auditor account is sufficient.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-04-2018 11:57 AM
@jameson We use it. The integration allows for ISE to look into the Jamf Pro Server and looks for machines contained in an Advanced Search. The advanced search in our case has a criteria of "Last Enrollment" after "1900-01-01" for both Computers and Devices. This should give you all enrolled computers and devices (if you want any enrolled device included in the ISE lookup).
ISE then looks up all clients in the Jamf Pro Server, if they are in one of the Advanced Searches, then it will apply a policy of your choosing to that device.
Here is the ISE documentation: https://www.cisco.com/c/en/us/td/docs/security/ise/2-1/admin_guide/b_ise_admin_guide_21/b_ise_admin_...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-04-2018 02:52 PM
@ryan.ball As terrible a design decision it is on JAMFs part, you can actually get a search of all computers simply by having no criteria at all on the search.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2018 07:51 AM
@Look I use that all the time through the GUI to view all systems, but never considered actually saving a search with no criteria for some reason. Good call.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 12-05-2018 08:09 AM
We use a saved search with no criteria for ISE integration. Works fine!
