cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
394
Views
3
Helpful
5
Replies

CUCM User Sync with MS Entra/Azure or similar and Jabber Auth

simon hester
Level 1
Level 1

Hi 

I have a customer who currently used LDAP sync to pull in users from AD. The customer has requested if this sync can be done directly with cloud based system MS Entra/Azure. Is that possible?

My additional questions sort of relate to the SSO for Jabber which i have explored before and tested which works. My question is can you have SSO with out the LDAP sync? I'm assuming not as you would need the users in CUCM for the Jabber to be set up. 

If the above is not possible are there any alternatives.  

Thanks

1 Accepted Solution

Accepted Solutions

Jonathan Schulenberg
Hall of Fame
Hall of Fame

Entra account sync is facilitated through the Control Hub Entra ID wizard and Cloud Connected UC Directory service. Users are synced into Control Hub and then southbound into CUCM/CUC. This only replaces LDAP account imports, not LDAP authentication. You need to use SAML SSO with Entra to perform authentication. Also enabling OAuth & SIP OAuth on CUCM/CUC/Expressway is strongly recommended.

SAML SSO can be enabled independent of any account import process, LDAP or CCUC. Itā€™s perfectly capable of authenticating a local end user as long as the uid attribute in the SAML response matches a username in the database.

View solution in original post

5 Replies 5

Jonathan Schulenberg
Hall of Fame
Hall of Fame

Entra account sync is facilitated through the Control Hub Entra ID wizard and Cloud Connected UC Directory service. Users are synced into Control Hub and then southbound into CUCM/CUC. This only replaces LDAP account imports, not LDAP authentication. You need to use SAML SSO with Entra to perform authentication. Also enabling OAuth & SIP OAuth on CUCM/CUC/Expressway is strongly recommended.

SAML SSO can be enabled independent of any account import process, LDAP or CCUC. Itā€™s perfectly capable of authenticating a local end user as long as the uid attribute in the SAML response matches a username in the database.

Hi Jonathan, 

I had seen some of your other posts I had hoped something may have changed sadly it seems not. 

The Cloud Connected UC I assume that's a separate product the customer would need to purchase? Currently it is all on prem servers. 

I suspect we may go down the route of local users hard to say. 

On one cluster they can do the Entra SSO piece as it is a single domain. 

ON another cluster they have a few different organisation and some don't have traditional AD on prem to perform an LDAP sync to. As it is low numbers needed local account will work I think. If it ever scales much bigger i can see local accounts being a real pain. 

Thanks for your reply. 

CCUC, or Cloud Connected UC as the full name of it is, is a Control Hub service that is free. If the customer doesnā€™t have a Webex org they can get one created for free to use for CCUC.



Response Signature


I'll need to work out how i get to this control hub if there is an instance for my customer or have one created. 

Thanks

To access Control Hub you go to https://admin.webex.com



Response Signature