ā10-23-2024 07:04 AM
Hi
I have a customer who currently used LDAP sync to pull in users from AD. The customer has requested if this sync can be done directly with cloud based system MS Entra/Azure. Is that possible?
My additional questions sort of relate to the SSO for Jabber which i have explored before and tested which works. My question is can you have SSO with out the LDAP sync? I'm assuming not as you would need the users in CUCM for the Jabber to be set up.
If the above is not possible are there any alternatives.
Thanks
Solved! Go to Solution.
ā10-23-2024 09:02 AM - edited ā10-23-2024 10:12 AM
Entra account sync is facilitated through the Control Hub Entra ID wizard and Cloud Connected UC Directory service. Users are synced into Control Hub and then southbound into CUCM/CUC. This only replaces LDAP account imports, not LDAP authentication. You need to use SAML SSO with Entra to perform authentication. Also enabling OAuth & SIP OAuth on CUCM/CUC/Expressway is strongly recommended.
SAML SSO can be enabled independent of any account import process, LDAP or CCUC. Itās perfectly capable of authenticating a local end user as long as the uid attribute in the SAML response matches a username in the database.
ā10-23-2024 09:02 AM - edited ā10-23-2024 10:12 AM
Entra account sync is facilitated through the Control Hub Entra ID wizard and Cloud Connected UC Directory service. Users are synced into Control Hub and then southbound into CUCM/CUC. This only replaces LDAP account imports, not LDAP authentication. You need to use SAML SSO with Entra to perform authentication. Also enabling OAuth & SIP OAuth on CUCM/CUC/Expressway is strongly recommended.
SAML SSO can be enabled independent of any account import process, LDAP or CCUC. Itās perfectly capable of authenticating a local end user as long as the uid attribute in the SAML response matches a username in the database.
ā10-23-2024 09:07 AM
Hi Jonathan,
I had seen some of your other posts I had hoped something may have changed sadly it seems not.
The Cloud Connected UC I assume that's a separate product the customer would need to purchase? Currently it is all on prem servers.
I suspect we may go down the route of local users hard to say.
On one cluster they can do the Entra SSO piece as it is a single domain.
ON another cluster they have a few different organisation and some don't have traditional AD on prem to perform an LDAP sync to. As it is low numbers needed local account will work I think. If it ever scales much bigger i can see local accounts being a real pain.
Thanks for your reply.
ā10-23-2024 10:11 AM
CCUC, or Cloud Connected UC as the full name of it is, is a Control Hub service that is free. If the customer doesnāt have a Webex org they can get one created for free to use for CCUC.
ā10-24-2024 02:25 AM
I'll need to work out how i get to this control hub if there is an instance for my customer or have one created.
Thanks
ā10-24-2024 03:48 AM
To access Control Hub you go to https://admin.webex.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide