Symantec Mobility: Suite supports integration with Cisco® Identity Services Engine (ISE) version 1.2 when you use the Work Hub and MDM is enabled. Devices that MDM manages can be reported onto the Cisco ISE system.
For communication and connectivity to occur, you must open ports 443 between ISE server and the Mobility Suite server.
When you combine the Cisco ISE with Mobility Suite's MDM solution, you enable posture compliance assessment and network access control of mobile endpoints that attempt to access your network. The integration also performs ongoing posture checks to ensure compliance and the correct network access level is maintained.
Cisco ISE profiles devices as they attempt to access the network. This discovery process provides you with the first step of network visibility. Once you configure ISE to control network access, only managed and/or approved devices are allowed access based on the rules that you set up in ISE and the information gathered from Mobility Suite about devices. Cisco ISE enforces access policy based on the posture status reported by Mobility Suite's MDM. Access policy may be constructed on specific attributes within Cisco ISE or at a global level of "in compliance" or "not in compliance" within the Mobility Manager.
For further information about Cisco ISE and configuring Cisco ISE, please see the following documentation:
In the Mobility Manager, click Settings > Device configuration > Device management.
Scroll down to the bottom of the page.
Under Cisco ISE, check Enable Cisco ISE support.
A user name and password are automatically pre-generated, but you can click Generate authentication keys to create a new API key in Mobility Suite that has permissions to access the Cisco ISE API.
Uncheck Allow Cisco ISE to execute actions on devices to prevent ISE from executing commands on devices.
If you disable actions from ISE, ISE still works properly with Mobility Suite for network admission, but ISE isn't able to perform actions on devices. For example, an administrator can inadvertently change settings and cause ISE to run actions on devices that Mobility Suite would permit, such as wiping or locking devices. When you disable this option, ISE is unable to lock or wipe a device.