Some thoughts around the My Devices portal and its usage from recent discussions
As of ISE 1.3-2.1
- my devices & byod portal flow handles up to 100 devices for registration
Administration -> Device Portal Management -> Settings -> Employee Registered Devices. - This is a global setting that's the same for all users you cannot separate different groups able to manage more device or less devices
- Example: There is no way to allow Students to have 5 devices and teachers to have 10.
- There is no way to have granular control of access to the portal. For example the sponsor portal allows you to select which AD groups can access it, you cannot do that with my devices
- When a user registers the device it is associated with that specific user. There is no way to have a helpdesk or teacher add devices as a proxy for someone else
- marking the device as lost (blacklisting) or stolen (revoking the cert) can be done by the user through My Devices portal
- If the helpdesk needed to revoke the cert then give them access to the certificate authority on ISE to revoke the cert (requires ISE internal CA of 2.x
- to blacklist, the helpdesk under endpoint group can change the identity group assignment
If you're still needing more controls and functionality you can develop your own portal using the ERS API