Table of Contents
BYOD by Cisco Identity Services Engine
Bring your own device (BYOD) is a solution to increase productivity and lower costs in working environment by leveraging the devices that end-user has and providing guest-like access or internal access for these devices. However, when it comes to BYOD, security and maintenance problems should be considered and it’s vital to make sure that these devices are meeting the organization’s security standards.
Obviously, the popularity of mobile devices has truly changed the way we work and play. With features such as MDM integration, internal CA and device provisioning, Cisco ISE allows you to enable your employees to participate in BYOD securely. Cisco ISE can also enable employees to manage their own devices taking the weight off your IT staff. What’s more, it’s easy to set up.
Set up Bring Your Own Device (BYOD) to handle and enforce policies that identify, authenticate, and authorize personal devices on an organization network. Enabling this feature Requires Cisco ISE Advantage smart license.
When supporting personal devices on a corporate network, you must protect network services and enterprise data by authenticating and authorizing users (employees, contractors, and guests) and their devices. Cisco ISE provides the tools you need to allow employees to securely use personal devices on a corporate network.
Guests can automatically register their devices when logging in to the Guest portals. Guests can register additional devices up to the maximum limit that you define in their guest type. These devices are registered into endpoint identity groups based on the portal configuration.
Guests can add their personal devices to the network by running the native supplicant provisioning (Network Setup Assistant), or by adding their devices to the My Devices portal. You can create native supplicant profiles, which determine the proper native supplicant provisioning wizard to use, based on the operating system.
BYOD Personal Device Portals
Cisco ISE enables several web-based portals to assist employee-owned personal devices. These device portals do not participate in the guest or sponsor portal flows.
- Blocked List Portal: Gathers information about personal devices that are block listed
- BYOD Portals: Enables Native supplicant provisioning to register employees
- Certificate Provisioning Portal: Provides administrators and employees to request for user or device certificate(s) for devices that cannot go through the BYOD flow.
- Client Provisioning Portals: Forces employees to download a posture agent on their devices that checks for compliance.
- MDM Portals: Enables employees to enroll their mobile devices with an external Mobile Device Management (MDM) system.
- My Devices Portals: Enables employees to add and register personal devices, including those that do not support native supplicant provisioning, and then manage them.
Cisco ISE provides you with the ability to host multiple device portals on the Cisco ISE server, including a predefined set of default portals. The default portal themes have standard Cisco branding that you can customize through the Administrators portal (Administration > Device Portal Management). You can also choose to further customize a portal by uploading images, logos, and cascading style sheets (CSS) files that are specific to your organization.