Figure 13 Cloud Extender AD Configuration
Active Directory/LDAP Integration
Integrating ISE and the MDM to a common directory is important for overall operations. One benefit is the ability to set a requirement that a user periodically change their directory password. If the MDM were using a local directory, it would be nearly impossible to keep the accounts in synchronization. But with a centralized directory structure, password management can be simplified. The main advantage is the ability to establish complementary network and device policy base on group membership. The CVD provides examples of how groups can be used to establish a user’s entitlement to network resources. Likewise, the same group membership can be used to differentiate access to device resources and mobile applications.
AD Group Memberships
Three possible AD groups are presented in the CVD to illustrate their
BYOD_Partial_Access, and BYOD_ Full_Access. ISE establishes the device’s network access based on the associated user’s membership.
Figure 14 shows the policies presented in the CVD.
20Integrating Fiberlink MaaS360 with Cisco Identity Services Engine