ISE Identity-Group, User Creation and Modification through Rest API

Available Languages

Download Options

  • PDF     (752.7 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (835.5 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (584.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:December 16, 2020
Document ID:216543

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to create and modify identity groups and users using Rest API which can be used for identity management automation. The procedure described in this chapter is based on sample standalone ISE deployment and Rest API Firefox Client (RESTED) in JSON format.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of these topics:

    • Cisco Identity Services Engine (ISE)
    • REST API
    • JSON

    Components Used

    This document is not restricted to specific software and hardware versions and is only a sample configuration guide through REST API.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Configure

    These are the sample steps for operations through API which can be used as a reference to build your own calls.

    1. Identity Group Creation 

    Create an Identity Group with the help of the POST method.

    URL for API Call:

    https://<ISE IP>:9060/ers/config/identitygroup

    The header for API Call:

    HTTP 'Content-Type' Header:

    application/json

    HTTP 'Accept' Header:

    application/json

    JSON code for Identity Group Creation

    {

      "IdentityGroup": {

            "name": "<Identity Group Name>",

            "description": "<Indentity Group Description>",

            "parent": "NAC Group:NAC:IdentityGroups:User Identity Groups"

      }

}

    Example:

    2. Identity Group Details Retrieval

    Fetch the Identity Group details with the help ofGET method.

    URL for API Call:

    https://<ISE IP>:9060/ers/config/identitygroup?filter=name.CONTAINS.<Identity Group Name >

    The header for API Call:

    HTTP 'Content-Type' Header:

    application/json

    HTTP 'Accept' Header:

    application/json

    Example:

    Note: ID (received in Identity Group details) is required to create users in this Identity Group.

    3. User Creation

    Create a User with the help ofPOST Method.

    URL for API Call:

    https://<ISE IP>:9060/ers/config/internaluser/

    The header for API Call:

    HTTP Content-Type Header:

    application/json

    HTTP Accept Header:

    application/json

    JSON code for User Creation:

    {

  "InternalUser": {

    "name": "<username>",

    "email": "<emailid of user>",

    "enabled": true,

    "password": "<password>",

    "firstName": "<first name of user>",

    "lastName": "<Last name of user>",

    "changePassword": false,

    "identityGroups": "<ID of Identity Group, which user will be part of and can be received as described in step 2>",

    "expiryDateEnabled": false,

    "enablePassword": "<Enable Password>"

   

    }

}

    Example:

    4. User Details Retrieval

    Fetch User details with the help of GET Method.

    URL for API Call:

    https://<ISE IP>:9060/ers/config/internaluser

    Note: This URL Can be used to filter Users. User can be filtered using firstName, lastName, identityGroup, name, description, email, enabled.

    This is recommended to filter user details with email ID as email id is unique for each user.

    https://<ISE IP>:9060/ers/config/internaluser?filter=<name of the field used for filtering>.CONTAINS.<Value of the field for filtering>

    The header for API Call:

    HTTP Content-Type Header:

    application/json

    HTTP Accept Header:

    application/json

    Example:

    Note:IDandNamereceived here is required to update the password or other information for a user.hrefURL will be used to update user information.

    5. User Details Modification

    Modify user password with the help ofPUT Method.

    URL for API Call:

    https://<ISE IP>:9060/ers/config/internaluser/<User ID received using  process described in step 4>

    Above is href URL received using the process described in Step 4.

    The header for API Call:

    HTTP Content-Type Header:

    application/json

    HTTP Accept Header:

    application/json

    JSON code for User credential Modification:

    {

  "InternalUser": {

    "id": "<ID of user which needs password change>",

    "name": " <user name which needs password change>",

  

    "password": "<New Password>",

    "enablePassword": "<New Enable Password>"

   

    }

}

    Example:

    Verify

    To Verify identity groups navigate toAdministration > Identity Management > Groups > Identity Groups > User Identity Groupsin ISE GUI.

    To Verify users navigate toAdministration > Identity Management > Identities > Usersin ISE GUI.

    Contributed by

    • Nritragopal Sharma
      Cisco Professional Services

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products