How to Configure a pxGrid Cloud Identity Source (Cisco ISE 3.4 or Later)

Before you begin, create a Cisco Account.

Important

This topic applies to Cisco ISE version 3.4 or later. If you are using an earlier version, see How to Configure a pxGrid Cloud Identity Source (Cisco ISE 3.3 or Earlier) instead.

The following figure shows the steps to configure a pxGrid cloud identity source using Cisco ISE, the Catalyst Cloud Portal, and Cloud-Delivered Firewall Management Center.

Click an area in the figure to learn more about it or click one of the links following the figure.

Enable the pxGrid Cloud Service in Cisco ISERegister the pxGrid Cloud Connection with Cisco ISECreate an App InstanceCreate an App InstanceCreate a pxGrid Cloud Identity SourceActivate the App InstanceActivate the pxGrid Cloud Identity Source
Configure a pxGrid cloud identity source

,

Cisco ISE

Enable the pxGrid Cloud in Cisco ISE.

pxGrid Cloud enables you to subscribe to offers and to register apps (in this case, the Cloud-Delivered Firewall Management Center) for secure data exchange in a cloud environment.

For more information, see Enable the pxGrid Cloud Service in Cisco ISE.

,

Catalyst Cloud Portal

Create an app instance and get the one-time password (OTP) required to create the pxGrid cloud identity source.

For more information, see Create an App Instance.

Cloud-Delivered Firewall Management Center

Create the pxGrid cloud identity source.

The identity source enables the Cloud-Delivered Firewall Management Center to authenticate with Cisco ISE and the Catalyst Cloud Portal so it can receive user data from Cisco ISE.

For more information, see Create the Identity Source.

Catalyst Cloud Portal

Activate the app instance.

For more information, see Activate the App Instance.

Cloud-Delivered Firewall Management Center

Activate the pxGrid cloud identity source.

For more information, see

Activate the pxGrid Cloud Identity Source.

After you have completed all the preceding tasks, you can:

  • Test the pxGrid cloud identity source to make sure it's working properly.

    For more information, see Test the pxGrid Cloud Identity Source.

  • Create dynamic attributes filters, which define what dynamic objects are sent to the Cloud-Delivered Firewall Management Center.

    For more information, see Create Dynamic Attributes Filters.

  • After you configure the pxGrid cloud identity source, you can use any of the following in access control rules:

    • Dynamic objects

    • Microsoft AD user and groups

    • Azure AD users and groups