Integrating Fiberlink MaaS360 with Cisco Identity Services Engine
Figure 13 Cloud Extender AD Configuration
Active Directory/LDAP Integration
Integrating ISE and the MDM to a common directory is important for overall operations. One benefit is
the ability to set a requirement that a user periodically change their directory password. If the MDM were
using a local directory, it would be nearly impossible to keep the accounts in synchronization. But with
a centralized directory structure, password management can be simplified. The main advantage is the
ability to establish complementary network and device policy base on group membership. The CVD
provides examples of how groups can be used to establish a user’s entitlement to network resources.
Likewise, the same group membership can be used to differentiate access to device resources and mobile
AD Group Memberships
Three possible AD groups are presented in the CVD to illustrate their usage—Domain Users,
BYOD_Partial_Access, and BYOD_ Full_Access. ISE establishes the device’s network access based on
the associated user’s membership.
Figure 14 shows the policies presented in the CVD.