Cisco Ise 13 User Guide
Have a look at the manual Cisco Ise 13 User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 53 Cisco manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Related Topics EdittheBlacklistPortal,onpage346 BlacklistPortal,onpage337 HTMLSupportfortheBlacklistPortalLanguageFile,onpage805 Portal Settings for BYOD and MDM Portals ThenavigationpathforthesesettingsisAdministration>DevicePortalManagement>BYODPortals orMDMPortals>Create,EditorDuplicate>PortalBehaviorandFlowSettings>PortalSettings. Configurethesesettingstodefineportalpageoperations. •HTTPSport—Enteraportvaluebetween8000to8999;thedefaultvalueis8443forallthedefault portals,excepttheBlacklistPortal,whichis8444.Ifyouupgradedwithportvaluesoutsidethisrange, theyarehonoreduntilyoumodifythispage.Ifyoumodifythispage,updatetheportsettingtocomply withthisrestriction. IfyouassignPortsusedbyanon-guest(suchasMyDevices)portaltoaguestportal,anerrormessage displays. Forpostureassessmentsandremediationonly,theClientProvisioningportalalsousesPorts8905and 8909.Otherwise,itusesthesamePortsassignedtotheGuestportal. PortalsassignedtothesameHTTPSportcanusethesameGigabitEthernetinterfaceoranotherinterface. Iftheyusethesameportandinterfacecombination,theymustusethesamecertificategrouptag.For example: ◦Validcombinationsinclude,usingtheSponsorportalasanexample: ◦Sponsorportal:Port8443,Interface0,CertificatetagAandMyDevicesportal:Port8443, Interface0,CertificategroupA. ◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:Port8445, Interface0,CertificategroupB. ◦Sponsorportal:Port8444,Interface1,CertificategroupAandBlacklistportal:Port8444, Interface0,CertificategroupB. ◦Invalidcombinationsinclude: ◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:8443, Interface0,CertificategroupB. ◦Sponsorportal:Port8444,Interface0,CertificatetagAandBlacklistportal:Port8444, Interface0,CertificategroupA. •Allowedinterfaces—SelectthePSNinterfaceswhichaPANcanusetorunaportal.Whenarequest toopenaportalismadeonthePAN,thePANlooksforanavailableallowedPortonthePSN.Youmust configuretheEthernetinterfacesusingIPaddressesondifferentsubnets. TheseinterfacesmustbeavailableonallthePSNs,includingVM-basedones,thathavePolicyServices turnedon.ThisisarequirementbecauseanyofthesePSNscanbeusedfortheredirectatthestartof theguestsession. ◦TheEthernetinterfacesmustuseIPaddressesondifferentsubnets. Cisco Identity Services Engine Administrator Guide, Release 1.3 755 Device Portal Management
◦TheinterfacesyouenableheremustbeavailableonallyourPSNs,includingVM-basedoneswhen PolicyServicesturnedon.ThisisrequiredbecauseanyofthesePSNscanbeusedforaredirect atthestartoftheguestsession. ◦TheportalcertificateSubjectName/AlternateSubjectNamemustresolvetotheinterfaceIP. ◦Configureiphostx.x.x.xyyy.domain.cominISECLItomapsecondaryinterfaceIPtoFQDN, whichisusedtomatchCertificateSubjectName/AlternateSubjectName. •Certificategrouptag—Pickacertificategrouptagthatspecifiesthecertificatetousefortheportal’s HTTPStraffic. •Endpointidentitygroup—Chooseanendpointidentitygrouptotrackguestdevices.CiscoISEprovides theGuestEndpointsendpointidentitygrouptouseasadefault.Youcanalsocreatemoreendpoint identitygroupsifyouchoosetonotusethedefault. Chooseanendpointidentitygrouptotrackemployeedevices.CiscoISEprovidestheRegisteredDevices endpointidentitygrouptouseasadefault.Youcanalsocreatemoreendpointidentitygroupsifyou choosetonotusethedefault. •DisplayLanguage ◦Usebrowserlocale—Usethelanguagespecifiedintheclientbrowser'slocalesettingasthedisplay languageoftheportal.Ifbrowserlocale'slanguageisnotsupportedbyISE,thentheFallback Languageisusedasthelanguageportal. ◦Fallbacklanguage—Choosethelanguagetousewhenlanguagecannotbeobtainedfromthe browserlocale,orifthebrowserlocalelanguageisnotsupportedbyISE. ◦Alwaysuse—Choosethedisplaylanguagetousefortheportal.ThissettingoverridestheUser browserlocaleoption. SSIDsavailabletosponsors—EnterthenamesortheSSIDs(SessionServiceIdentifiers)ofthenetworks thatasponsorcannotifyguestsasthecorrectnetworkstoconnecttofortheirvisit. Related Topics BringYourOwnDevicePortal,onpage337 CreateaBYODPortal,onpage348 MobileDeviceManagementPortal,onpage338 CreateanMDMPortal,onpage351 HTMLSupportforBringYourOwnDevicePortalsLanguageFiles,onpage805 HTMLSupportforMobileDeviceManagementPortalsLanguageFiles,onpage810 BYOD Settings for BYOD Portals ThenavigationpathforthesesettingsisAdministration>DevicePortalManagement>BYODPortals> Create,EditorDuplicate>PortalBehaviorandFlowSettings>BYODSettings. UsethesesettingstoenableBringYourOwnDevice(BYOD)functionalityforemployeeswhowanttouse theirpersonaldevicestoaccessyourcorporatenetwork. Cisco Identity Services Engine Administrator Guide, Release 1.3 756 Device Portal Management
Usage GuidelinesField Displayyourcompany’snetwork-usagetermsand conditions,eitherastextonthepagecurrentlybeing displayedfortheuserorasalinkthatopensanew taborwindowwithAUPtext. IncludeanAUP(onpage/aslink) RequireuserstoacceptanAUPbeforetheiraccount isfullyenabled.TheLoginbuttonisnotenabled unlesstheuseracceptstheAUP.Ifusersdonotaccept theAUP,theywillnotobtainnetworkaccess. Requireacceptance ThisoptiondisplaysonlyifIncludeanAUPonpage isenabled. EnsurethattheuserhasreadtheAUPcompletely. TheAcceptbuttonactivatesonlyaftertheuserhas scrolledtotheendoftheAUP. RequirescrollingtoendofAUP DisplaythedeviceIDtotheuserduringthe registrationprocess,eventhoughthedeviceIDis pre-configuredandcannotbechangedwhileusing theBYODportal. DisplayDeviceIDfieldduringregistration Aftersuccessfullyauthenticatingtothenetwork, redirecttheuser’sbrowsertotheoriginalwebsitethat theuseristryingtoaccess,ifavailable.Ifnot available,theAuthenticationSuccesspagedisplays. MakesurethattheredirectURLisallowedtowork onport8443ofthePSNbytheaccess-controlliston theNADandbyauthorizationprofilesconfiguredin ISEforthatNAD. ForWindows,MACandAndroiddevices,controlis giventotheSelf-ProvisioningWizardapp,which doesprovisioning.Therefore,thesedevicesarenot redirectedtotheoriginatingURL.However,iOS (dot1X)andunsupporteddevices(thatareallowed networkaccess)areredirectedtothisURL. OriginatingURL Displayapageindicatingthatthedeviceregistration wassuccessful. Successpage Aftersuccessfullyauthenticatingtothenetwork, redirecttheuser'sbrowsertothespecifiedURL,such asyourcompany’swebsite. URL Cisco Identity Services Engine Administrator Guide, Release 1.3 757 Device Portal Management
IfyouredirectaGuesttoanexternalURLafterauthentication,theremaybeadelaywhiletheURLaddress isresolvedandthesessionisredirected. Note Related Topics BringYourOwnDevicePortal,onpage337 CreateaBYODPortal,onpage348 HTMLSupportforBringYourOwnDevicePortalsLanguageFiles,onpage805 Portal Settings for Client Provisioning Portals ThenavigationpathforthesesettingsisAdministration>DevicePortalManagement>ClientProvisioning Portals>Create,EditorDuplicate>PortalBehaviorandFlowSettings>PortalSettings. •HTTPSport—Enteraportvaluebetween8000to8999;thedefaultvalueis8443forallthedefault portals,excepttheBlacklistPortal,whichis8444.Ifyouupgradedwithportvaluesoutsidethisrange, theyarehonoreduntilyoumodifythispage.Ifyoumodifythispage,updatetheportsettingtocomply withthisrestriction. IfyouassignPortsusedbyanon-guest(suchasMyDevices)portaltoaguestportal,anerrormessage displays. Forpostureassessmentsandremediationonly,theClientProvisioningportalalsousesPorts8905and 8909.Otherwise,itusesthesamePortsassignedtotheGuestportal. PortalsassignedtothesameHTTPSportcanusethesameGigabitEthernetinterfaceoranotherinterface. Iftheyusethesameportandinterfacecombination,theymustusethesamecertificategrouptag.For example: ◦Validcombinationsinclude,usingtheSponsorportalasanexample: ◦Sponsorportal:Port8443,Interface0,CertificatetagAandMyDevicesportal:Port8443, Interface0,CertificategroupA. ◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:Port8445, Interface0,CertificategroupB. ◦Sponsorportal:Port8444,Interface1,CertificategroupAandBlacklistportal:Port8444, Interface0,CertificategroupB. ◦Invalidcombinationsinclude: ◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:8443, Interface0,CertificategroupB. ◦Sponsorportal:Port8444,Interface0,CertificatetagAandBlacklistportal:Port8444, Interface0,CertificategroupA. •Allowedinterfaces—SelectthePSNinterfaceswhichaPANcanusetorunaportal.Whenarequest toopenaportalismadeonthePAN,thePANlooksforanavailableallowedPortonthePSN.Youmust configuretheEthernetinterfacesusingIPaddressesondifferentsubnets. Cisco Identity Services Engine Administrator Guide, Release 1.3 758 Device Portal Management
TheseinterfacesmustbeavailableonallthePSNs,includingVM-basedones,thathavePolicyServices turnedon.ThisisarequirementbecauseanyofthesePSNscanbeusedfortheredirectatthestartof theguestsession. ◦TheEthernetinterfacesmustuseIPaddressesondifferentsubnets. ◦TheinterfacesyouenableheremustbeavailableonallyourPSNs,includingVM-basedoneswhen PolicyServicesturnedon.ThisisrequiredbecauseanyofthesePSNscanbeusedforaredirect atthestartoftheguestsession. ◦TheportalcertificateSubjectName/AlternateSubjectNamemustresolvetotheinterfaceIP. ◦Configureiphostx.x.x.xyyy.domain.cominISECLItomapsecondaryinterfaceIPtoFQDN, whichisusedtomatchCertificateSubjectName/AlternateSubjectName. •Certificategrouptag—Pickacertificategrouptagthatspecifiesthecertificatetousefortheportal’s HTTPStraffic. •Identitysourcesequence—Choosewhichidentitysourcesequence(ISS)touseforuserauthentication. TheISSisalistofIdentityStoresthataresearchedinsequencetoverifyusercredentials.Someexamples include:InternalGuestUsers,InternalUsers,ActiveDirectory,LDAPDirectory. CiscoISEincludesadefaultsponsorIdentitySourceSequenceforsponsorportals, Sponsor_Portal_Sequence. ToconfigureanIdentitySourceSequence,chooseAdministration>IdentityManagement>Identity SourceSequences. •DisplayLanguage ◦Usebrowserlocale—Usethelanguagespecifiedintheclientbrowser'slocalesettingasthedisplay languageoftheportal.Ifbrowserlocale'slanguageisnotsupportedbyISE,thentheFallback Languageisusedasthelanguageportal. ◦Fallbacklanguage—Choosethelanguagetousewhenlanguagecannotbeobtainedfromthe browserlocale,orifthebrowserlocalelanguageisnotsupportedbyISE. ◦Alwaysuse—Choosethedisplaylanguagetousefortheportal.ThissettingoverridestheUser browserlocaleoption. SSIDsavailabletosponsors—EnterthenamesortheSSIDs(SessionServiceIdentifiers)ofthenetworks thatasponsorcannotifyguestsasthecorrectnetworkstoconnecttofortheirvisit. Related Topics ClientProvisioningPortal,onpage338 CreateaClientProvisioningPortal,onpage350 HTMLSupportforClientProvisioningPortalsLanguageFiles,onpage806 Employee Mobile Device Management Settings for MDM Portals ThenavigationpathforthesesettingsisAdministration>DevicePortalManagement>MDMPortals >Create,EditorDuplicate>PortalBehaviorandFlowSettings>EmployeeMobileDeviceManagement Settings. Cisco Identity Services Engine Administrator Guide, Release 1.3 759 Device Portal Management
UsethesesettingstoenableMobileDeviceManagement(MDM)functionalityforemployeesusingtheMDM portalsanddefinetheirAUPexperience. Usage GuidelinesField Displayyourcompany’snetwork-usagetermsand conditions,eitherastextonthepagecurrentlybeing displayedfortheuserorasalinkthatopensanew taborwindowwithAUPtext. IncludeanAUP(onpage/aslink) RequireuserstoacceptanAUPbeforetheiraccount isfullyenabled.TheLoginbuttonisnotenabled unlesstheuseracceptstheAUP.Ifusersdonotaccept theAUP,theywillnotobtainnetworkaccess. Requireacceptance ThisoptiondisplaysonlyifIncludeanAUPonpage isenabled. EnsurethattheuserhasreadtheAUPcompletely. TheAcceptbuttonactivatesonlyaftertheuserhas scrolledtotheendoftheAUP. RequirescrollingtoendofAUP Related Topics MobileDeviceManagementPortal,onpage338 CreateanMDMPortal,onpage351 MobileDeviceManagerInteroperabilitywithCiscoISE,onpage8 Portal Settings for My Devices Portals ThenavigationpathforthesesettingsisAdministration>DevicePortalManagement>MyDevices Portals>Create,EditorDuplicate>PortalBehaviorandFlowSettings>PortalSettings. •HTTPSport—Enteraportvaluebetween8000to8999;thedefaultvalueis8443forallthedefault portals,excepttheBlacklistPortal,whichis8444.Ifyouupgradedwithportvaluesoutsidethisrange, theyarehonoreduntilyoumodifythispage.Ifyoumodifythispage,updatetheportsettingtocomply withthisrestriction. IfyouassignPortsusedbyanon-guest(suchasMyDevices)portaltoaguestportal,anerrormessage displays. Forpostureassessmentsandremediationonly,theClientProvisioningportalalsousesPorts8905and 8909.Otherwise,itusesthesamePortsassignedtotheGuestportal. PortalsassignedtothesameHTTPSportcanusethesameGigabitEthernetinterfaceoranotherinterface. Iftheyusethesameportandinterfacecombination,theymustusethesamecertificategrouptag.For example: ◦Validcombinationsinclude,usingtheSponsorportalasanexample: ◦Sponsorportal:Port8443,Interface0,CertificatetagAandMyDevicesportal:Port8443, Interface0,CertificategroupA. Cisco Identity Services Engine Administrator Guide, Release 1.3 760 Device Portal Management
◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:Port8445, Interface0,CertificategroupB. ◦Sponsorportal:Port8444,Interface1,CertificategroupAandBlacklistportal:Port8444, Interface0,CertificategroupB. ◦Invalidcombinationsinclude: ◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:8443, Interface0,CertificategroupB. ◦Sponsorportal:Port8444,Interface0,CertificatetagAandBlacklistportal:Port8444, Interface0,CertificategroupA. •Allowedinterfaces—SelectthePSNinterfaceswhichaPANcanusetorunaportal.Whenarequest toopenaportalismadeonthePAN,thePANlooksforanavailableallowedPortonthePSN.Youmust configuretheEthernetinterfacesusingIPaddressesondifferentsubnets. TheseinterfacesmustbeavailableonallthePSNs,includingVM-basedones,thathavePolicyServices turnedon.ThisisarequirementbecauseanyofthesePSNscanbeusedfortheredirectatthestartof theguestsession. ◦TheEthernetinterfacesmustuseIPaddressesondifferentsubnets. ◦TheinterfacesyouenableheremustbeavailableonallyourPSNs,includingVM-basedoneswhen PolicyServicesturnedon.ThisisrequiredbecauseanyofthesePSNscanbeusedforaredirect atthestartoftheguestsession. ◦TheportalcertificateSubjectName/AlternateSubjectNamemustresolvetotheinterfaceIP. ◦Configureiphostx.x.x.xyyy.domain.cominISECLItomapsecondaryinterfaceIPtoFQDN, whichisusedtomatchCertificateSubjectName/AlternateSubjectName. •Certificategrouptag—Pickacertificategrouptagthatspecifiesthecertificatetousefortheportal’s HTTPStraffic. •FullyQualifiedDomainName(FQDN)—EnteratleastoneuniqueFQDNand/orhostnameforyour SponsororMyDevicesportal.Forexample,youcanentersponsorportal.yourcompany.com,sponsor,so thatwhentheuserenterseitherofthoseintoabrowser,thesponsorportaldisplays.Separatenameswith commas,butdonotincludespacesbetweenentries. IfyouchangethedefaultFQDN,thenalsodothefollowing: ◦UpdateyourDNSsothattheFQDNofthenewURLresolvestoavalidPolicyServicesNode (PSN)IPaddress.Optionally,thisaddresscouldpointtoaloadbalancervirtualIPaddressthat servesapoolofPSNs. ◦Toavoidcertificatewarningmessagesduetonamemismatches,includetheFQDNofthecustomized URL,orawildcard,inthesubjectalternativename(SAN)attributeofthelocalservercertificate oftheCiscoISEPSN. •Identitysourcesequence—Choosewhichidentitysourcesequence(ISS)touseforuserauthentication. TheISSisalistofIdentityStoresthataresearchedinsequencetoverifyusercredentials.Someexamples include:InternalGuestUsers,InternalUsers,ActiveDirectory,LDAPDirectory. Cisco Identity Services Engine Administrator Guide, Release 1.3 761 Device Portal Management
CiscoISEincludesadefaultsponsorIdentitySourceSequenceforsponsorportals, Sponsor_Portal_Sequence. ToconfigureanIdentitySourceSequence,chooseAdministration>IdentityManagement>Identity SourceSequences. •Endpointidentitygroup—Chooseanendpointidentitygrouptotrackguestdevices.CiscoISEprovides theGuestEndpointsendpointidentitygrouptouseasadefault.Youcanalsocreatemoreendpoint identitygroupsifyouchoosetonotusethedefault. Chooseanendpointidentitygrouptotrackemployeedevices.CiscoISEprovidestheRegisteredDevices endpointidentitygrouptouseasadefault.Youcanalsocreatemoreendpointidentitygroupsifyou choosetonotusethedefault. •Purgeendpointsinthisidentitygroupwhentheyreach__days—Changethenumberofdayssince theregistrationofauser'sdevicebeforeitispurgedfromtheCiscoISEdatabase.Purgingisdoneona dailybasisandthepurgeactivityissynchronizedwiththeoverallpurgetiming.Thechangeisapplied globallyforthisendpointidentitygroup. IfchangesaremadetotheEndpointPurgePolicybasedonotherpolicyconditions,thissettingisno longeravailableforuse. •Idletimeout—EnterthetimeinminutesthatyouwantCiscoISEtowaitbeforeitlogsouttheuserif thereisnoactivityintheportal.Thevalidrangeisfrom1to30minutes. •DisplayLanguage ◦Usebrowserlocale—Usethelanguagespecifiedintheclientbrowser'slocalesettingasthedisplay languageoftheportal.Ifbrowserlocale'slanguageisnotsupportedbyISE,thentheFallback Languageisusedasthelanguageportal. ◦Fallbacklanguage—Choosethelanguagetousewhenlanguagecannotbeobtainedfromthe browserlocale,orifthebrowserlocalelanguageisnotsupportedbyISE. ◦Alwaysuse—Choosethedisplaylanguagetousefortheportal.ThissettingoverridestheUser browserlocaleoption. SSIDsavailabletosponsors—EnterthenamesortheSSIDs(SessionServiceIdentifiers)ofthenetworks thatasponsorcannotifyguestsasthecorrectnetworkstoconnecttofortheirvisit. Related Topics MyDevicesPortal,onpage338 CreateaMyDevicesPortal,onpage352 Login Page Settings for My Devices Portals Login Page Settings for My Devices Portals •Maximumfailedloginattemptsbeforeratelimiting—Specifythenumberoffailedloginattempts fromasinglebrowsersessionbeforeCiscoISEstartstothrottlethataccount.Thisdoesnotcausean accountlockout.ThethrottledrateisconfiguredinTimebetweenloginattemptswhenratelimiting. Cisco Identity Services Engine Administrator Guide, Release 1.3 762 Device Portal Management
•Maximumfailedloginattemptsbeforeratelimiting—Specifythenumberoffailedloginattempts fromasinglebrowsersessionbeforeCiscoISEstartstothrottlethataccount.Thisdoesnotcausean accountlockout.ThethrottledrateisconfiguredinTimebetweenloginattemptswhenratelimiting. •IncludeanAUP—Addaacceptableusepolicypagetotheflow.YoucanaddtheAUPtothepage,or linktoanotherpage.Addingthischangesthepictureoftheflowontheright. ◦requireacceptance—ForcetheusertoagreetotheAUPbeforecontinuingtheflow. • Related Topics MyDevicesPortal,onpage338 CreateaMyDevicesPortal,onpage352 MonitorMyDevicesPortalsandEndpointsActivity,onpage356 Acceptable Use Policy (AUP) Page Settings for My Devices Portals ThenavigationpathforthispageisAdministration>DevicePortalManagement>MyDevicesPortals >Create,EditorDuplicate>PortalBehaviorandFlowSettings>AcceptableUsePolicy(AUP)Page Settings. UsethesesettingstodefinetheAUPexperiencefortheusers(guests,sponsorsoremployeesasapplicable). Usage GuidelinesField Displayyourcompany’snetwork-usagetermsand conditionsonaseparatepagetotheuser. IncludeanAUPpage EnsurethattheuserhasreadtheAUPcompletely. TheAcceptbuttonactivatesonlyaftertheuserhas scrolledtotheendoftheAUP. RequirescrollingtoendofAUP DisplayanAUPwhentheuserlogsintothenetwork orportalforthefirsttimeonly. Onfirstloginonly DisplayanAUPeachtimetheuserlogsintothe networkorportal. Oneverylogin DisplayanAUPperiodicallyaftertheuserfirstlogs intothenetworkorportal. Every__days(startingatfirstlogin) Related Topics MyDevicesPortal,onpage338 CreateaMyDevicesPortal,onpage352 Post-Login Banner Page Settings for My Devices Portals ThenavigationpathforthispageisAdministration>DevicePortalManagement>MyDevicesPortals >Create,EditorDuplicate>PortalBehaviorandFlowSettings>Post-LoginBannerPageSettings. Cisco Identity Services Engine Administrator Guide, Release 1.3 763 Device Portal Management
Usethissettingtonotifyusers(guests,sponsorsoremployeesasapplicable)ofadditionalinformationafter theyloginsuccessfully. Usage GuidelinesField Displayadditionalinformationaftertheusers successfullyloginandbeforetheyaregranted networkaccess. IncludeaPost-LoginBannerpage Related Topics MyDevicesPortal,onpage338 CreateaMyDevicesPortal,onpage352 Employee Change Password Settings for My Devices Portals ThenavigationpathforthispageisAdministration>DevicePortalManagement>MyDevicesPortals >Create,EditorDuplicate>PortalBehaviorandFlowSettings>EmployeeChangePasswordSettings. UsethesesettingstodefinethepasswordrequirementsforemployeesusingtheMyDevicesportal. Tosettheemployeepasswordpolicy,chooseAdministration>IdentityManagement>Settings>Username PasswordPolicy. Usage GuidelinesField Allowemployeestochangetheirpasswordsafterthey logintotheMyDevicesportal. Thisonlyappliestoemployeeswhoseaccountsare storedintheCiscoISEdatabaseandnottothose storedinexternaldatabases,suchasActiveDirectory orLDAP. Allowinternaluserstochangepassword Related Topics CreateaMyDevicesPortal,onpage352 UTF-8CharacterSupportinthePortals,onpage23 Manage Device Settings for My Devices Portal ThenavigationpathforthesesettingsisAdministration>DevicePortalManagement>MyDevicesPortals >Create,EditorDuplicate>PortalPageCustomization>ManageDevices. UnderPageCustomizations,youcancustomizethemessages,titles,content,instructions,andfieldand buttonlabelsthatappearontheManageAccountstaboftheMyDevicesportal. UnderSettings,youcanspecifytheactionsthatemployeesusingthisMyDevicesportalcanperformontheir registeredpersonaldevices. Cisco Identity Services Engine Administrator Guide, Release 1.3 764 Device Portal Management