Cisco Cisco Identity Services Engine 1.0.4 Leaflet
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
Page 2 of 4
Securing Confidential Information
Network access by mobile devices is often critical for productivity as individuals move within a facility. Yet
protecting confidential assets is equally important. Take for example the need to grant executives access to
confidential information only in the boardroom, or or denying access to healthcare professionals trying to access
patient records while in the hospital cafeteria. Location-based network access allows you to give users access to
certain files and data only while they’re in the board room, the lab, or whatever the classified area may be. When
certain files and data only while they’re in the board room, the lab, or whatever the classified area may be. When
an individual leaves the designated area, access to specific information is automatically denied, protecting
corporate secrets and other confidential data.
Components
The location-based authorization enabled by the integration of the Cisco Mobility Services Engine with Cisco ISE
2.0 increases the granular control administrators have and their ability to be more sensitive in their access
authorization. MSE will also help administrators enforce location-based policies by periodically checking for
location change and automatically reauthorizing the user if a location change is detected. Finally, ISE 2.0 with MSE
streamlines the configuration of location-based policies. You can define user access policies using the same
management tools already available through ISE.
Main Features
The integration of Cisco MSE with Cisco ISE 2.0:
●
Enables you to configure location hierarchy across all location entities
●
Applies MSE location attributes to access requests to be used in your authorization policy
●
Checks the MSE periodically (every 5 minutes) for location changes
●
Reauthorizes access or updates the policy based on the new location
How It Works
A network administrator defines the location hierarchy and grants users specific access rights to specific data
based on their location (Figure 1). These rights can vary by room, floor, or building as needed.