Hi
A customers servicedesk needs to easily add MAC Addresses from end user computers to an ISE Endpoint Group to allow them access to Pxeboot, AD, PKI etc.
New PC's are enrolled from a staging switch that does not run 802.1X, so this is not a problem. Only concern is existing machines that needs to be re-enrolled, and this would typically happen as part of an ongoing troubleshooting process with the servicedesk.
We want to avoid teaching the servicedesk how to operate ISE, and have to collect the end users MAC address manually, so the ideal situation would be to tell the end user to go to a specific URL (Example: enroll.domain.com) Log in using AD Credentials and then have the clients MAC Address shown along with an "Add" Button that would create an API call and add the MAC Address to an EndPoint Group.
This EndPoint group would then have a Purge Policy that would wipe the MAC Address 24 hours later.
Does anyone know if there is a system for this already, or know any integrations that could potentially support this? I had a look at the Mydevices portal, but you have to manually enter the MAC Address of the device you want to add which makes it too complicated for the end user.
No comments:
Post a Comment