Cisco pxGrid Cloud Solution Guide

PDF

Enable Cisco pxGrid Cloud service in Cisco ISE and register device

Updated: February 20, 2026

Want to summarize with AI?

Log in

Overview

Learn how to enable Cisco pxGrid Cloud service in Cisco ISE and register your device.

Before you begin

  • Install and activate the Cisco ISE Advantage license tier in your Cisco ISE deployment.

  • The pxGrid Cloud agent creates an outbound HTTPS connection to Cisco pxGrid Cloud. Therefore, you must configure Cisco ISE proxy settings if the customer's network uses a proxy to reach the internet. To configure proxy settings in Cisco ISE, choose Administration > System > Settings > Proxy.

  • The Cisco ISE Trusted Certificates Store must include the root CA certificate required to validate the server certificate presented by Cisco pxGrid Cloud. Ensure that the Trust for Authentication of Cisco Services option is enabled for this root CA certificate. To enable Trust for Authentication of Cisco Services, choose Administration > System > Certificates.

  • Port 443 must be open for outbound connection from Cisco ISE to the Cisco pxGrid Cloud Portal. If firewall or proxy settings are configured, ensure these URLs are not blocked:

  • Cisco ISE and Cisco pxGrid Cloud integration requires outbound HTTP access to Online Certificate Status Protocol (OCSP) responder URLs for real-time certificate validation. These URLs may change dynamically as root and intermediate certificates are updated.

    If you encounter OCSP validation issues, you can identify the required OCSP responder URLs in the hermes.log file on the active Cisco pxGrid Cloud node. You must allow outbound HTTP access to all identified OCSP responder URLs to ensure successful certificate validation and uninterrupted Cisco pxGrid Cloud integration.

Procedure

1.

In the Cisco ISE GUI, choose Administration > System > Deployment.

2.

Select the node where you want to enable the pxGrid Cloud service.
3.

In the General Settings tab, enable the pxGrid service.
4.

Check the pxGrid Cloud check box.

  • The pxGrid Cloud service can be enabled on two nodes to provide high availability.

  • You can enable the pxGrid Cloud option only when the pxGrid service is enabled on that node.

Cisco pxGrid Cloud service is enabled.
5.

In the ISE deployment name field, enter a name for your Cisco ISE deployment. You can find your registered Cisco ISE deployment on the Cisco Catalyst Cloud Portal using the ISE deployment name.

(Optional) In the Description (optional) field, enter a description for your Cisco ISE deployment.
6.

In the Region drop-down list, choose a region to register your Cisco ISE device. Cisco pxGrid Cloud is supported in the U.S., Europe, Asia Pacific, and Japan. The application you want to use with pxGrid Cloud must also be available in the same region.
7.

In the Activate your device pop-up page, the Activation Code for your device is automatically filled. Click Next.

Log in to your Cisco Catalyst Cloud Portal account or create a new account to complete your device registration. Refer to Create an account in Cisco Catalyst Cloud Portal for information on creating an account.
8.

Log in to your Cisco Catalyst Cloud Portal account.

Your Cisco ISE device is activated and registered.

You can find details of your registered Cisco ISE device in the pxGrid section (Administration > System > Deployment > pxGrid). You can click Deregister to deregister your Cisco ISE device. Deregistering Cisco ISE also automatically deactivates the connected applications.