Cisco ISE 1.4 was released about a week ago. There are a few new features but overall the release is not as exciting as the 1.3 release. In this release Cisco has added SAML Single Sign On (SSO) for the Guest portal (sponsored and self-registered), Sponsor portal, and My Devices portal.
Cisco also added automatic failover for the Administration persona. The release notes state you need at least two nodes in your distributed setup to assume the Administration persona and one node to assume the non-Administration persona. If the Primary Administration Node (PAN) goes down, an automatic promotion of the Secondary Administration Node is initiated. This is possible because the non-administrative node acts as a health check node for the admin pair. So upon failure the non-administrative node must initiate the failover. So basically it’s HSRP, but not as good. I mean its ASA failover, but not as good. I mean… well…you have to have a third node. Don’t we know how to do this with two nodes now? At any rate, it’s a feature that some will want.
All the gory details can be found at http://www.cisco.com/c/en/us/td/docs/security/ise/1-4/release_notes/ise14_rn.html#pgfId-484485.