ISE automation BYOD flow is a process that allows users to self-enroll their devices to the network without requiring IT intervention. The process consists of three main functions: certificate enrollment, device registration, and supplicant provisioning.
Certificate enrollment is the function that allows users to obtain a digital certificate from a certificate authority (CA) for their devices. This certificate is used to authenticate the device to the network and provide secure communication. ISE supports different CA options, such as Microsoft CA, Cisco ISE CA, or third-party CA .
Device registration is the function that allows users to register their devices to the network and associate them with their identity. This enables ISE to apply policies based on the device type, ownership, and posture. ISE supports different device registration methods, such as portal-based, API-based, or bulk import .
Supplicant provisioning is the function that allows users to install and configure a network access client (supplicant) on their devices. This client is used to connect to the network using the appropriate protocols and settings. ISE supports different supplicant provisioning methods, such as native supplicant, Cisco Network Setup Assistant (NSA), or Cisco AnyConnect Secure Mobility Client (AnyConnect) .
References:
[Cisco Identity Services Engine Administrator Guide, Release 2.7 - BYOD [Cisco Identity Services Engine]] : [Cisco Identity Services Engine Administrator Guide, Release 2.7 - Certificate Provisioning [Cisco Identity Services Engine]] : [Cisco Identity Services Engine Administrator Guide, Release 2.7 - Device Registration [Cisco Identity Services Engine]] : [Cisco Identity Services Engine Administrator Guide, Release 2.7 - Supplicant Provisioning [Cisco Identity Services Engine]]
