Home > Articles > Cisco Network Technology > General Networking > Authentication and Authorization Policies: Using Cisco Identity Services Engine in a BYOD World

Authentication and Authorization Policies: Using Cisco Identity Services Engine in a BYOD World

Chapter Description

This chapter examines the relationship between authentication and authorization and how to build policies for each, describing a few common Authentication Policies and Authorization Policies to help you see how to work with these policy constructs.

Saving Attributes for Re-Use

ISE offers the ability to save conditions to the library to make it much easier to reuse them in other policies. To show this, let’s go back into your example Authorization Policy and save a few of the conditions.

From the ISE GUI, perform the following steps:

  1. Navigate to Policy > Authorization.
  2. Edit the Employee and CorpMachine rule.
  3. Expand the conditions.
  4. Click Add All Conditions Below to Library, as shown in Figure 13-34.
    Figure 13-34

    Figure 13-34.Add All Conditions Below to Library

    This is adding the full set of conditions, including the AND operator.

  5. Provide a name for this new saved condition, such as EmployeeFullEAPChain.
  6. Finish editing the rule.
  7. Click Save.

    As shown in Figure 13-35, the Authorization Policy text is simplified now with the name of the saved conditions instead of the raw attributes.

    Figure 13-35

    Figure 13-35.Authorization Policy After Saving Conditions to Library

Next, save the Employees group for AD as a condition:

  1. Navigate to Policy > Authorization.
  2. Edit the Employee iDevices Rule.
  3. Expand the conditions.
  4. Click the cog on the right-hand side of the Employees line.
  5. Choose Add Condition to Library.
  6. Name the condition Employees.
  7. Click the green check mark.

    Figure 13-36 displays the saving of Employees to the Conditions library.

    Figure 13-36

    Figure 13-36.Saving Employees to Library

  8. Click Done to finish editing the rule.
  9. Click Save.

    Figure 13-37 shows the final Authorization Policy.

    Figure 13-37

    Figure 13-37.Final Authorization Policy