Cisco Identity Services Engine is a network access control and policy platform that helps organisations authenticate users and endpoints and manage access across enterprise networks. It applies identity and device context to enforce access policies across wired, wireless and VPN environments, supporting clearer visibility and tighter segmentation.
Controlling network access now depends on verifying users, devices and endpoint state at every entry point before trust is granted.
Cisco Identity Services Engine is a network access control and policy platform for wired, wireless and VPN environments. It authenticates users and endpoints, then applies access rules based on identity and context across enterprise network domains.
In production, Cisco Identity Services Engine works where access begins. It uses RADIUS, TACACS+, 802.1X and MAB to control who connects, while posture services help restrict devices that do not meet policy. In campus and branch networks, endpoint profiling turns unknown devices into known assets before permissions are assigned.
The result is clearer visibility into who and what is on the network, with stronger control over guest, contractor and BYOD access. It also supplies identity groups and policy context for Cisco SD-Access segmentation, and supports compliance-based containment when devices need to be limited or quarantined.
If you are evaluating Cisco Identity Services Engine, our team can help you assess fit for access control, segmentation and endpoint policy in your environment.
Cisco Identity Services Engine is a network access control and policy platform for enterprise networks that verifies users and endpoints, applies identity-aware access rules, and supports segmentation across wired, wireless, VPN, and other domains.
802.1X, MAB, and RADIUS Enforcement
The platform uses RADIUS, TACACS+, 802.1X, MAB, and posture services to authenticate users and devices before granting access across wired, wireless, and VPN entry points.
Endpoint Posture Evaluation
It checks device context and posture so security teams can restrict risky endpoints from sensitive network segments and apply compliance-based access decisions.
Device Profiling and Visibility
Cisco Identity Services Engine helps identify unknown endpoints, IoT devices, and unmanaged systems so network teams can assign permissions based on observed device identity.
Guest and Contractor Access Control
The platform supports temporary access workflows for visitors and partners while preserving internal network controls through policy-based authentication and authorization.
Identity-Driven Segmentation
Cisco Identity Services Engine provides identity groups and policy context for Cisco SD-Access segmentation so teams can enforce access rules without manually managing VLANs everywhere.
TrustSec and pxGrid Integration
It integrates with TrustSec and pxGrid to share identity and policy information across Cisco security and networking tools for coordinated enforcement.
Directory and Endpoint Platform Integration
The platform integrates with Active Directory, LDAP, and MDM or UEM systems so access decisions can reflect user identity and managed device context.
If you need consistent network access control, device visibility, or identity-based segmentation, our Cisco experts can help map Cisco Identity Services Engine to your wired, wireless, VPN, and zero-trust requirements.
Used at wired, wireless and VPN entry points, Cisco Identity Services Engine authenticates users and endpoints with 802.1X, MAB, RADIUS and TACACS+, then applies identity- and context-based access policies so each connection is admitted, limited or blocked according to the organisation’s rules.
Applied in campus and branch networks, Cisco Identity Services Engine uses network telemetry and profiling services to identify connected endpoints, classify unknown devices and feed that context into access policy decisions, giving IT clearer visibility before permission is granted.
For temporary users, Cisco Identity Services Engine provides sponsor-led guest portals and controlled onboarding workflows, allowing contractors and visitors to get short-term network access with separate policies instead of standard employee credentials or broad internal access.
For personal device onboarding, Cisco Identity Services Engine combines identity checks, certificates, posture assessment and policy enforcement to register BYOD devices safely and keep them segmented from managed corporate endpoints across wired, wireless and VPN access.
In Cisco SD-Access environments, Cisco Identity Services Engine supplies identity groups, TrustSec policy context and segmentation data to Cisco Catalyst Center, enabling identity-driven fabric access control and zero-trust segmentation across the network.
Where access depends on endpoint state, Cisco Identity Services Engine runs posture services and compliance rules to verify device health before granting connectivity, and can restrict, quarantine or remediate devices that fail policy requirements.
Cisco Identity Services Engine authenticates users and endpoints with RADIUS, TACACS+, 802.1X and MAB across wired, wireless and VPN entry points.
Supports posture services and policy rules to assess endpoint state and restrict or quarantine devices that do not meet requirements.
Uses network telemetry to profile unknown endpoints in campus and branch networks before access policies are applied.
Provides sponsor, portal and certificate-based onboarding workflows for temporary users and personal devices without exposing employee access.
Integrates with Cisco SD-Access, TrustSec and Catalyst Center to supply identity groups and policy context for fabric segmentation.
Connects with Active Directory, LDAP, MDM/UEM platforms, pxGrid and Cisco security tools to align identity-driven policy across the Cisco ecosystem.
Cisco Identity Services Engine Essentials provides the base licensing for AAA, 802.1X and MAB, alongside guest access, basic profiling, posture, BYOD, MyDevices and TrustSec policy enforcement.
Cisco Identity Services Engine Advantage adds full endpoint analytics, full posture compliance, TrustSec policy authoring and threat-centric NAC for SDA, segmentation and richer policy-driven access control.
Cisco Identity Services Engine Premier includes TACACS+ device administration, together with certificate provisioning at scale and full SDA Day 2 operations where applicable.
Cisco Identity Services Engine Device Admin provides per-network-device licensing for TACACS+ administration when command authorisation and accounting are needed for a smaller set of managed devices.
Cisco Identity Services Engine is licensed per active endpoint connected concurrently on any given day, sold as 1-, 3- or 5-year subscriptions and deployed on physical appliances or virtual nodes.
Cisco Identity Services Engine supports Cisco Smart Licensing through Smart Account or Virtual Account, and endpoint counts may be pooled under Cisco Security EA 3.0 with True Forward.
We help assess Cisco Identity Services Engine requirements for wired, wireless and VPN access, so your organisation can define clear policies for users, devices, guests and contractors before deployment begins.
Our team can assist with Cisco Identity Services Engine installation, initial configuration and policy setup, including access rules, onboarding flows and endpoint checks aligned to your operating model.
We support integration of Cisco Identity Services Engine with Active Directory, MDM or UEM platforms, pxGrid, Cisco Catalyst Center and Cisco SD-Access to align identity controls with your existing network and security environment.
We can help prepare network and security administrators to manage Cisco Identity Services Engine day to day, with handover, operational process alignment and guidance for guest, BYOD and access approval workflows.
We support Cisco Identity Services Engine with ongoing technical assistance, environment reviews, licence alignment, renewal planning and lifecycle guidance so your deployment remains manageable over time.
We help review Cisco Identity Services Engine subscriptions against peak active endpoint usage and the capabilities needed for wired, wireless, VPN, guest, BYOD, profiling and posture-based access, so the tier mix stays aligned to day-to-day demand.
Where relevant, we can assess Cisco Smart Licensing and Security EA 3.0 alignment across ISE and adjacent Cisco security investments, helping you keep endpoint counts, renewal visibility and portfolio planning coordinated within a wider Cisco estate.
Our team can assess whether Essentials, Advantage, Premier or Device Admin coverage best matches your access control priorities, including TACACS+ administration, SDA, TrustSec, posture and MDM requirements, so commercial spend reflects the level of control you need.
We support proactive renewal planning by reviewing changing endpoint volumes, virtual node requirements, mixed physical and virtual estates, and co-term dates, helping you maintain a clear view of future ISE requirements as the environment evolves.
Successful network access control depends on steady adoption and ongoing optimisation, and we help customers maximise value from Cisco Identity Services Engine through usage review, policy alignment and lifecycle guidance that keeps the service relevant as needs change.
The software and technologies listed here support different requirements and are often used together as part of a wider IT stack.
As an official partner to vendors including Cisco, Juniper, HPE and Fortinet, we can help confirm which software or combination provides the capabilities your team needs, while avoiding under- or over-licensing.
Speak to our team for help matching the right solution and licence level to your requirements.