Home
Support
Product Support
Security
Cisco Identity Services Engine
Configuration Guides

Cisco pxGrid Cloud Solution Guide

View all Saved Content

PDF

Is this helpful?

Helpful Unhelpful

Feedback

Thank you for your feedback. Your response has been recorded.

Ask about this document

Cisco Configuration Guide, Release 4.2

Table of contents

Expand all sections

About this document

Cisco pxGrid Cloud

Introduction to Cisco pxGrid Cloud
Integrate Cisco pxGrid Cloud and Cisco Catalyst Cloud Portal
Cisco pxGrid Cloud terminology

Integrate Cisco pxGrid Cloud with Cisco ISE: Releases 3.3 Patch 5, 3.4 Patch 1, and Later

Cisco pxGrid Cloud and Cisco ISE integration using Integration Catalog
Enable Cisco pxGrid Cloud service in Cisco ISE and register device
Integrate Cisco pxGrid Cloud applications using Integration Catalog
Activate an app using Integration Catalog

Integrate Cisco pxGrid Cloud with Cisco ISE: Other Releases

Cisco pxGrid Cloud and Cisco ISE integration workflow
Activate Cisco pxGrid Cloud service in Cisco ISE
Connect Cisco ISE to Cisco pxGrid Cloud
Application registration
Change the app scopes
Disable Cisco pxGrid Cloud service in Cisco ISE

Cisco pxGrid Cloud Services

Configure a Cisco pxGrid Cloud policy
Cisco pxGrid Cloud registered applications
Cisco pxGrid node high availability
Cisco pxGrid Cloud service log files
Configure debug log level for Cisco pxGrid Cloud service

Connect Cisco ISE to Cisco pxGrid Cloud

Updated: April 10, 2026

Want to summarize with AI?

On this page

Overview

Cisco pxGrid Cloud and Cisco ISE integration

Overview

Learn how to connect your Cisco ISE deployment to Cisco pxGrid Cloud from the Cisco ISE GUI.

After the pxGrid Cloud service is enabled, you must register your Cisco ISE deployment in Cisco pxGrid Cloud and generate an authentication token.

Procedure

	1.	In the Cisco ISE GUI, go to Administration > pxGrid Services > Client Management > pxGrid Cloud Connection.
	2.	Click Setup Connection.
	3.	Enter the OTP in the Setup Connection page, and click Connect. Refer to Register Cisco ISE for instructions on how to obtain the OTP. The connection setup includes these steps: Enrollment: A request is sent to Cisco pxGrid Cloud to enroll the Cisco ISE deployment using the authentication token. When you successfully complete this step, the pxGrid Cloud agent starts on the Active node in the Cisco ISE deployment. pxGrid Connection: The pxGrid Cloud agent establishes a persistent connection to the pxGrid component running locally on the same Cisco ISE node. All pxGrid notifications from Cisco ISE are sent to the pxGrid Cloud agent using this connection. Cloud Connection: The pxGrid Cloud agent establishes a persistent connection to Cisco pxGrid Cloud and sets up the logical channels. These logical channels are used to receive the ERS and pxGrid requests from Cisco pxGrid Cloud, and to send pxGrid notifications to Cisco pxGrid Cloud.

You can view the connection setup progress in the pxGrid Cloud Connection page. After the steps complete, the status displays as Connected and displays the name of the active pxGrid node. .

To end the pxGrid Cloud connection, click Disconnect in the pxGrid Cloud Connection page. This disconnects the Cisco ISE deployment from Cisco pxGrid Cloud and ends the pxGrid Cloud agent on the Active node.

When the Cisco ISE deployment is connected to Cisco pxGrid Cloud, the pxGrid Cloud agent (called Hermes process) is listed in the output of the show application status ise CLI command.

Cisco pxGrid Cloud and Cisco ISE integration

To enable connectivity between a Cisco ISE deployment and Cisco pxGrid Cloud, the pxGrid Cloud option must be activated on one or two pxGrid nodes in the Cisco ISE deployment. If you have configured high availability for pxGrid nodes, one of the nodes acts as the Active node and the other acts as the Standby node. The Standby node assumes the role if the Active node fails.

Only the Active node establishes connection to Cisco pxGrid Cloud and handles the traffic between the Cisco ISE deployment and Cisco pxGrid Cloud. No other Cisco ISE node interacts with Cisco pxGrid Cloud.

The pxGrid Cloud agent acts as a bridge between Cisco ISE and Cisco pxGrid Cloud. A pxGrid Cloud application can subscribe to a pxGrid topic. The pxGrid Cloud agent in Cisco ISE learns about this subscription from Cisco pxGrid Cloud and establishes the actual subscription to the pxGrid service in Cisco ISE. When the agent receives a notification on the pxGrid topic, it forwards the notification to Cisco pxGrid Cloud over a logical channel dedicated to the pxGrid service. The pxGrid Cloud application can invoke ERS, pxGrid, and OpenAPIs within the Cisco ISE deployment. The pxGrid Cloud agent proxies a REST request from Cisco pxGrid Cloud to Cisco ISE, and returns the response to Cisco pxGrid Cloud.

Cisco ISE customers with a pxGrid Cloud subscription can register their deployment with Cisco pxGrid Cloud and use the applications in the offer. To do this, you must:

Acquire and activate the pxGrid Cloud subscription.
Enable the pxGrid Cloud service on one or two pxGrid nodes in the Cisco ISE deployment.
Register the Cisco ISE deployment with Cisco pxGrid Cloud (associating it with the subscription) and receive an authentication token.
Enter the authentication token in the Setup Connection page in Cisco ISE (Administration > pxGrid Services > Client Management > pxGrid Cloud Connection).

This activates the pxGrid Cloud agent on the Active pxGrid node and establishes a connection between the Cisco ISE deployment and Cisco pxGrid Cloud.
Select a Cisco pxGrid Cloud application from the offer and associate it with the subscription. The application then has access to the Cisco ISE deployment.

Need help?

Open a support case

(Requires a Cisco Service Contract)

Bias-free language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.