How to Configure a pxGrid Cloud Identity Source (Cisco ISE 3.3 or Earlier)

Before you begin, create a Cisco Account.

Important

This topic applies to Cisco ISE version 3.3 or earlier. If you are using a later version, see How to Configure a pxGrid Cloud Identity Source (Cisco ISE 3.4 or Later) instead.

The following figure shows the steps to configure a pxGrid cloud identity source using Cisco ISE, the Catalyst Cloud Portal, and Cloud-Delivered Firewall Management Center.

Click an area in the figure to learn more about it or click one of the links following the figure.

Enable the pxGrid Cloud Service in Cisco ISERegister Cisco ISE with the Catalyst Cloud PortalRegister the pxGrid Cloud Connection with Cisco ISECreate an App InstanceCreate the Identity SourceActivate the App InstanceActivate the App Instance
Configure a pxGrid cloud identity source

Cisco ISE

Enable the pxGrid Cloud in Cisco ISE.

pxGrid Cloud enables you to subscribe to offers and to register apps (in this case, the Cloud-Delivered Firewall Management Center) for secure data exchange in a cloud environment.

For more information, see Enable the pxGrid Cloud Service in Cisco ISE.

Catalyst Cloud Portal

Register Cisco ISE in the Catalyst Cloud Portal and authenticate communication between Cisco ISE and the Catalyst Cloud Portal.

For more information, see Register Cisco ISE with the Catalyst Cloud Portal.

,

Cisco ISE, Catalyst Cloud Portal

Register the pxGrid Cloud with Cisco ISE and verify the registration.

For more information, see Register the pxGrid Cloud Connection with Cisco ISE.

,

Catalyst Cloud Portal, Cloud-Delivered Firewall Management Center

Create an application instance in the Catalyst Cloud Portal and get the one-time password (OTP).

The application instance enables the Cloud-Delivered Firewall Management Center to authenticate with Cisco ISE using the pxGrid Cloud service.

The OTP, required for the next step, expires in 60 minutes.

Cloud-Delivered Firewall Management Center

Create the pxGrid cloud identity source using the OTP you got in the previous step.

Linking the app enables the Cloud-Delivered Firewall Management Center to authenticate with Cisco ISE and the Catalyst Cloud Portal so it can receive user data from Cisco ISE.

For more information, see Create the Identity Source.

Catalyst Cloud Portal

Activate the app instance.

For more information, see Activate the App Instance.

Cloud-Delivered Firewall Management Center

Activate the pxGrid cloud identity source.

For more information, see

Activate the pxGrid Cloud Identity Source.

After you have completed all the preceding tasks, you can:

  • Test the pxGrid cloud identity source to make sure it's working properly.

    For more information, see Test the pxGrid Cloud Identity Source.

  • Create dynamic attributes filters, which define what dynamic objects are sent to the Cloud-Delivered Firewall Management Center.

    For more information, see Create Dynamic Attributes Filters.

  • After you configure the pxGrid cloud identity source, you can use any of the following in access control rules:

    • Dynamic objects

    • Microsoft AD user and groups

    • Azure AD users and groups