Connection Guide

Connect Cisco Identity Services Engine Without Breaking the Audit Trail

Use this guide to connect Cisco Identity Services Engine or confirm the export-based path that fits your environment. Aurora keeps source, timestamps, ownership, and collection history attached so the first run becomes reusable proof instead of one-off setup work.

Connector Summary

Connection typeDirect connection

CategoryIdentity

Checklist4 steps

Want help with rollout?

We'll confirm what can be automated, what stays export-based, and how to keep the first evidence record clean.

First-Run Checklist

Use this sequence to connect Cisco Identity Services Engine and make sure the first collection lands cleanly.

1
Configure two dedicated Cisco ISE read-only accounts: ers_username/ers_password for ERS GET access and monitoring_username/monitoring_password for Monitoring REST.
2
Point base_url at the Cisco ISE admin/API gateway host that exposes ERS and Monitoring REST over HTTPS.
3
Keep the ERS account in External RESTful Services Operator and keep the Monitoring account in the narrowest documented internal admin group that still permits session reads.
4
Validate ActiveList and EndPointIPAddress sampling in a sanctioned lab tenant before enabling scheduled sync on production clusters.

Credentials and Secrets

The keys, secrets, or tokens Aurora uses to authenticate and collect proof.

ers_passwordmonitoring_password

Recommended Access

Aurora only asks for the minimum read access needed for collection and checks.

Access requirements depend on the collection mode and scope you choose.