AirWatch can be integrated with ISE using AirWatch ISE API which is already included with all cloud AirWatch (Saas) solutions.
Full list of Cisco ISE supported MDM servers can be found in the Cisco Administrator Guide.

Cisco Identity Services Engine Administrator Guide, Release 2.2 - Manage Network Devices [Cisco Identity Services Engine 2.2]
Manage Network Devices

AirWatch can be integrated with ISE using AirWatch ISE API which is already included with all cloud AirWatch (Saas) solutions.
Full list of Cisco ISE supported MDM servers can be found here.

Cisco ISE allows you to configure MDM policies based on the following attributes:

  • DeviceRegisterStatus
  • DeviceCompliantStatus
  • DiskEncryptionStatus
  • PinLockStatus
  • JailBrokenStatus
  • Manufacturer
  • IMEI
  • SerialNumber
  • OsVersion
  • PhoneNumber
  • MDMServerName
  • MDMServerReachable
  • MEID
  • Model
  • UDID

Cisco ISE send request to AirWatch API using URLs

https://<AirWatch Server>/ciscoise/mdminfo/?ise_api_version=2
https://<AirWatch Server>/ciscoise/mdminfo/

Replace <AirWatch Server> with your AirWatch URL, might be something like "cn628.awmdm.com" and test it in web browser.

You should see following

CIsco ISE API in AirWatch

After you configured AirWatch server in ISE and authentication and authorization policies, ISE is going to query AirWatch cloud every time when your AuthZ policy triggers.

How to check ISE MDM logs

  1. Try to access https://<AirWatch Server>/ciscoise/mdminfo/
  2. If that works fine then set the “external-mdm” logging component at DEBUG level by going to Administration > Debug Log Configuration > Edit the node.
  3. Run this command on ISE via CLI using “show logging application ise-psc.log tail” (without quotes)
  4. Click on test connection again under external MDM or try connection to WLAN using your mobile device
  5. Capture the logs to see if we have any additional info there.

ISE logs example

2017-05-02 13:35:19,175 DEBUG [Thread-97][] cisco.cpm.mdm.api.MdmBaseApi -::::- Calling MDMHttpClient for getMacListForCriteria
2017-05-02 13:35:19,175 DEBUG [Thread-97][] cisco.cpm.mdm.util.MdmRESTClient -::::- sendGETRequestString: start HTTP request - connectionsUsed: 2, connectionsAvailable: 198
2017-05-02 13:35:19,175 INFO [Thread-97][] cisco.cpm.mdm.util.MdmRESTClient
-::::- GET: MDM Server URL: https://cn628.awmdm.com:443/ciscoise/v1/ciscoise/service/devices/?paging=0&querycriteria=macaddress&value=DC094C15E3BC&filter=all
2017-05-02 13:35:19,175 DEBUG [Thread-97][] cisco.cpm.mdm.util.MdmRESTClient -::::- Proxy Config in request = [,null,-1,nullnullnull]
2017-05-02 13:35:19,235 INFO [Thread-97][] cisco.cpm.mdm.util.MdmRESTClient -::::- MDM Server Response Code: 200
2017-05-02 13:35:19,235 DEBUG [Thread-97][] cisco.cpm.mdm.util.MdmRESTClient -::::- sendGETRequestString: end HTTP request - connectionsUsed: 2, connectionsAvailable: 198
2017-05-02 13:35:19,236 DEBUG [Thread-97][] cisco.cpm.mdm.api.MdmClient -::::- getMacList: device with mac: DC-09-4C-15-E3-BC, phoneIdType: UNKNOWN, phoneId: null not found in MDM Server: Air-Watch.
2017-05-02 13:35:19,236 DEBUG [Thread-97][] cisco.cpm.mdm.pip.MdmPartnerPIPHandler -::::- MDM PIP returns for endpoint sessionId d0008a060000000c5908c5ef and macAddr DC-09-4C-15-E3-BC

Notice API request to AirWatch cloud

-::::- GET: MDM Server URL: https://cn628.awmdm.com:443/ciscoise/v1/ciscoise/service/devices/?paging=0&querycriteria=macaddress&value=DC094C15E3BC&filter=all

In this case we requested for information about device with MAC address DC094C15E3BC and recieved answer “Device not found”. If you hit an issue you can troubleshoot it on your own using any REST client (for example – Postman (https://www.getpostman.com/))

Postman - Device not found
Postman - Device is found

Feel free to ask your questions in comments.