Cisco Cisco Identity Services Engine 1.3
Create SGTs for WSA Clients
To initiate the integration, you need to create a new identity group, (for example, IDGroup3) for the users and link this identity group
to an SGT, (for example, SGTGroup3). Finally, you need to create a policy set that uses IEE 802.1X authentication for users belonging
to the identity group that you created earlier.
to an SGT, (for example, SGTGroup3). Finally, you need to create a policy set that uses IEE 802.1X authentication for users belonging
to the identity group that you created earlier.
Before You Begin
• Ensure that you delete all existing WSA clients from ISE server (Administration > pxGrid Services > Clients).
• Ensure that the WSA client IP addresses are populated in ISE to process requests from WSA.
• Ensure that the pxGrid services are enabled. Verify that the Connected to pxGrid message is displayed in the pxGrid services
page. (Administration > pxGrid Services)
• Ensure that you have generated the CA-signed certificates.
• Ensure that you restart the ISE server whenever you change the certificates on the ISE server.
• Choose Administration > Certificates > Trusted Certificates > Import to import the pxGrid certificate, ISE server admin
certificate and WSA certificate and keys, to enable two-way communication between ISE and WSA.
• Choose the Administration > System > Deployment > General Settings page in the Personas section and check the pxGrid
check box to facilitate communication between ISE and WSA.
• Choose Administration > pxGrid Services and select the Enable Auto-Registration option. If the Auto-Registration option
is disabled, the ISE server admin has to manually allow WSA client registration when the WSA pxGrid client tries to connect
to the pxGrid server on ISE.
to the pxGrid server on ISE.
• Choose Administration > Certificates > Trusted Certificates > Edit page to edit the WSA certificate. Check all the check
boxes under the Trusted For option in the Usage section.
• Choose the Administration > System > Settings > Protocols > ERS Settings page and enable the Enable ERS for Read/Write
option in the ERS Setting for Primary Administration Node section to enable the REST server to communicate with the
WSA.
WSA.
Procedure
Step 1
Choose Administration > Identity Management > Groups > Add to create WSA user identity groups.
4