Hello.

m In this video, we will walk through the steps to create a new authorization
policy with a new logical profile. Our first step is to create a new logical
profile. We will start from the ISE Admin portal by navigating to Work Centers,
Profiler, and then Profiling Policies.
Once the page loads, I'll select Logical Profiles from the list on the left. From
the list of logical profiles on the right, I will click the Add button to create a
new logical profile. The name of my new logical profile will be
Approved_Smart_Devices. And the description will be "Devices on the corporate
approved Smart Devices list."
To assign policies, I'll select multiple policies from the list on the left by
holding down the Control key on my keyboard and then selecting each policy that I
want to assign. In my case, I want to assign five policies starting with Android.
So I'll select that first. Then I'll scroll down the list and also click on Apple-
iPad, Apple-iPhone, Apple-iPod, and finally, Apple-Device.
After that, I'll click on the single right arrow to move the selected policies into
the Assigned Policies box. Once I've verified the configuration, I'll click on
Submit to create the new logical profile. After that, I'm returned to the Logical
Profiles list, and my new profile shows in the list. I can click on the profile
name at any time to verify it or to make changes to it.
Note that an endpoint has already been identified as part of this logical profile,
my Apple iPad device. Now that our new Approved_Smart_Devices logical profile has
been created, the next step is to create the authorization policy that will use the
newly created profile. To start, we'll navigate from the ISE Admin portal to Policy
and then Policy Sets.
Once the page loads, we'll enter the Wireless_Access policy set. And once there,
we'll open the Authorization Policy. Then, we'll click the gear icon next to the
guest access rule, and we will insert a new rule above that policy. The new
authorization rule will be named Smart Devices.
Then I'll click on the plus sign to create the condition for the rule. This will
open up the Conditions Studio, and there, I will click on the field to add an
attribute. I'll limit the list of attributes by selecting the Endpoints dictionary.
Then, from that dictionary, I will select the logical profile attribute. The
condition box is filled in, and next, I need to select a profile from the list of
profiles in ISE.
I'll click on the empty field to get a list of profiles to choose from. My new
profile shows as the first in the list, so I'll select it. Once my condition looks
correct, I'll click the Use button to close the Conditions Studio and return to the
authorization policy.
The final step is to apply the guest access profile to the rule. I'll click on the
empty field and scroll down the list to where I can select it. The rule is now
complete. So I'll scroll down the page and click on Save to save my changes. This
new authorization policy is now ready to be tested.