https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5375770#M5726 <OL> <LI>Yes with <A href="https://help.webex.com/en-us/article/ngp4sr8/SSO-with-multiple-IdPs-in-Webex#generic-template_7359cc82-9b8c-4d30-8836-73aa07a55858" target="_blank" rel="noopener">IdP routing rules</A>. You can have an ordered list of match logic based on email domain of the user account or group membership with a last resort option without a match criteria. Be advised that some InfoSec folks feel that the ability to bypass SSO is a risk, so be sure you get the relevant approvals internally before configuring this.</LI> <LI>First, I wanted to warn "don't do this!" Users and endpoints absolutely belong in the same tenant; some features only work intra-tenant. To answer the question directly though: only one Webex tenant could use the <A href="https://help.webex.com/en-us/article/heauzeb/Set-up-the-Entra-ID-Wizard-App-in-Control-Hub" target="_blank" rel="noopener">Entra ID Wizard App integration</A> (i.e. the easy button.). The other would need to use SAML/OIDC, and optionally SCIM 2.0 for account synchronization, the hard way from Entra as an enterprise application.</LI> </OL> Tue, 10 Mar 2026 18:38:45 GMT Jonathan Schulenberg 2026-03-10T18:38:45Z https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5375649#M5724 <P>Hi</P><P>I have a few queries regarding SSO on WebEx control hub and was hoping someone may be able to answer the below:</P><OL><LI>Is it possible to enable SSO on WebEx control hub, whilst allowing some users to sign in using their WebEx credentials rather than SSO?</LI><LI>Is it possible to have 2 WebEx tenants configured to the same SSO provider. Example User WebEx tenant and Device WebEx tenant both using a single Microsoft tenant for SSO.</LI></OL><P>Thanks</P> Tue, 10 Mar 2026 10:07:29 GMT https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5375649#M5724 RobT1923 2026-03-10T10:07:29Z https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5375770#M5726 <OL> <LI>Yes with <A href="https://help.webex.com/en-us/article/ngp4sr8/SSO-with-multiple-IdPs-in-Webex#generic-template_7359cc82-9b8c-4d30-8836-73aa07a55858" target="_blank" rel="noopener">IdP routing rules</A>. You can have an ordered list of match logic based on email domain of the user account or group membership with a last resort option without a match criteria. Be advised that some InfoSec folks feel that the ability to bypass SSO is a risk, so be sure you get the relevant approvals internally before configuring this.</LI> <LI>First, I wanted to warn "don't do this!" Users and endpoints absolutely belong in the same tenant; some features only work intra-tenant. To answer the question directly though: only one Webex tenant could use the <A href="https://help.webex.com/en-us/article/heauzeb/Set-up-the-Entra-ID-Wizard-App-in-Control-Hub" target="_blank" rel="noopener">Entra ID Wizard App integration</A> (i.e. the easy button.). The other would need to use SAML/OIDC, and optionally SCIM 2.0 for account synchronization, the hard way from Entra as an enterprise application.</LI> </OL> Tue, 10 Mar 2026 18:38:45 GMT https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5375770#M5726 Jonathan Schulenberg 2026-03-10T18:38:45Z https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5375924#M5727 <P>Thanks, would you be able to say which features only work intra-tenant?<BR />The devices are going to be in Teams mode or Room OS utilising OBTJ.<BR />Thanks</P> Wed, 11 Mar 2026 13:00:26 GMT https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5375924#M5727 RobT1923 2026-03-11T13:00:26Z https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5376989#M5732 <P>I'm reluctant to even answer this question because it's such a bad idea. It will make everything more difficult, even sourcing. This is not how Control Hub was designed to function. Why do you want to separate them so badly?</P> Mon, 16 Mar 2026 21:37:57 GMT https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5376989#M5732 Jonathan Schulenberg 2026-03-16T21:37:57Z https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5377082#M5733 <P>I don't want to separate them, i want them on the same tenant but management has asked for them to be separate and i can only see it causing issues.<BR /><BR />One of the reasons for separating was due to the fact that its a tenant shared by multiple regions, and they didn't want other regions managing devices. I've been able to confirm that location admin is the way to go for this so that helps my argument for staying on one tenant.&nbsp;</P> Tue, 17 Mar 2026 09:43:52 GMT https://community.cisco.com/t5/webex-administration/webex-control-hub-sso/m-p/5377082#M5733 RobT1923 2026-03-17T09:43:52Z