Integrate Cisco Meraki Systems Manager

Configure Cisco Meraki Systems Manager

Cisco Meraki Systems Manager supports multiple platforms and helps manage diverse device ecosystems. Systems Manager offers centralized, cloud-based tools for endpoint management. Its scalable design supports growing organizations.

You can integrate Cisco Meraki Systems Manager as an MDM server in Cisco ISE. This allows you to use the endpoint information collected by Systems Manager for compliance checks and endpoint policy management.

For more information about Cisco Meraki Systems Manager, refer to the datasheet.

Cisco Meraki Systems Manager now supports MDM API version 3 and can provide Cisco ISE with a unique device identifier for connected endpoints.

Configure Cisco Meraki Systems Manager as an MDM or UEM server

To configure Cisco Meraki Systems Manager as an MDM or UEM server, follow this workflow.

  1. Create a new profile.

  2. Add SCEP certificate settings.

  3. Configure Wi-Fi settings.

  4. Apply and save Cisco ISE Wi-Fi profile on devices.

  5. Configure organization MDM in Cisco Meraki Systems Manager.

Create a new profile

Before you begin

In Cisco ISE, create and export a system certificate configured for administrator use.

To create and export a system certificate, refer to "System Certificates" in chapter "Basic Setup" in the Cisco ISE Administrator Guide for your release.

Procedure

Step 1

Log in to your Cisco Meraki Systems Manager portal.

Step 2

From the main menu, go to Systems Manager > Manage > Settings.

Step 3

Click + Add Profile.

Step 4

In the Add New Profile dialog box that appears, choose the Device profile (Default) radio button. Click Continue.

Step 5

In the Name and Description fields, enter the required values.

Add SCEP certificate settings

To add Simple Certificate Enrollment Protocol (SCEP) certificate settings, perform these steps:

Procedure

Step 1

Click +Add to add settings.

Step 2

In the Add New Settings Payload window, click SCEP Certificate.

Step 3

Perform these steps in the SCEP certificate window.

  1. In the Name field, enter a name for the SCEP certificate, such as ISE_SCEP.

  2. In the Subject name field, enter the common name value for the certificate.

  3. In the Subject alternative name field, enter uri=ID:MerakiSM:DeviceID:$SM Device ID. When you enter the dollar sign ($), a drop-down list of variables appears. Choose SM Device ID from the list.

  4. In the Key Size area, click the 2048 radio button.

  5. In the Key Usage area, check the Signing and Encryption check boxes.

  6. In the CA Provider area, choose a Certificate Authority (CA) provider from the drop-down list and click Save.

Configure Wi-Fi settings

To configure Wi-Fi settings, perform these steps:

Procedure

Step 1

Click +Add settings on the left side pane.

Step 2

In the Add New Settings Payload window, click Wi-Fi Settings.

Step 3

Enter the appropriate details in the Wi-Fi settings page.

  1. In the SSID field, enter the name of the Wi-Fi network to join.

  2. From the Security drop-down list, choose one of the Wi-Fi Protected Access (WPA) options.

    If you choose an enterprise option from the Security drop-down list, enter these details:

    • In the Protocol tab, check the check box of any certificate-based protocol, such as TLS.

    • In the Authentication tab, in the Identity Certificate area, from the drop-down list, choose the SCEP certificate that you created for the Cisco ISE use case.

    • In the Trust tab, in the Trusted Certificates area, check the check box next to the Cisco ISE certificate that you uploaded and click Save.

Apply and save Cisco ISE Wi-Fi profile on devices

To ensure the profile is assigned to the appropriate devices, perform these steps for applying tags and saving the profile:

Procedure

Step 1

In the Profile Configuration tab, in the Targets area, add a tag for the Cisco ISE use case.

For information on how to create and manage tags in Meraki Systems Manager, refer to Manage Tags. Applying tags ensures that the devices receive the relevant Cisco ISE profile with its certificate and Wi-Fi settings.

Step 2

In the You have unsaved changes dialog box, click Save.

Configure organization MDM in Cisco Meraki Systems Manager

To configure organization MDM in Cisco Meraki Systems Manager, perform these steps:

Procedure

Step 1

In the left pane, navigate to Organization > Configure > MDM.

Step 2

In the Cisco ISE Settings page:

Make note of the username and password details you need to enter in Cisco ISE.

To download the SCEP certificate, click Download.

What to do next

Connect Cisco Meraki Systems Manager as an MDM server in Cisco ISE. For information, refer to "Configure Mobile Device Management Servers in Cisco ISE" in the chapter "Secure Access" in the Cisco ISE Administrator Guide for your release.