Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
28943
Views
41
Helpful
19
Replies

Jabber SSO login with Azure AD.

Go to solution
ranjith raman
Level 1
Level 1

‎02-03-2019 12:49 AM

Hi Team,

Customer is currently  using SSO for Jabber using ADFS. Customer is looking at migrating SSO to Azure AD, I would like to know if this is supported by Cisco.

Kindly suggest.

 

Version : Cisco Unified Presence 10.5.2.

Labels:
0 Helpful
19 Replies 19

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎09-04-2020 05:16 AM

Just to update everyone - this thread keeps turning up in search results - Cisco has published a TechNote for SAML SSO Microsoft Azure Identity Provider.

The trick, a shared signing certificate for the Azure IdP, was first discovered by Bernhard Albler and Stoyan Stoitsev. It is published in their Medium.com article Cisco CUCM and Expressway SSO with Azure AD. Cisco had expected Microsoft to add support for multiple ACS URLs; however, that has reportedly slipped on their roadmap. The business unit chose to (re)publish Bernhard and Stoyan's approach so it would be officially on Cisco.com.

Go to solution
Wagner Jose Fernandes Junior
Level 4
Level 4

‎09-30-2020 08:24 AM

Hello,

We migrated our 5 cucm 11.5 clusters to azure successfully.

Initially we used this procedure https://medium.com/@stoyan.stoitsev/cucm-sso-with-azure-ad-1d6ccaa55656.to move two clusters. 

After this, at another mantenance window we try to use cisco official document https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/SAML_SSO_deployment_guide/Azure/cucm_b_saml-sso-microsoft-azure-idp.html to chante 3 final clusters and we found a small difference, our environment did not worked with the "Default" mode as cisco document,  but "email address" as shown in the attached figure.

Today everything is working well on Azure.

Preview file
65 KB

Go to solution
ly_36
Level 1
Level 1

‎02-22-2024 02:16 AM - edited ‎02-22-2024 02:20 AM

We're planning to try to use SAML SSO with Azure for our CUCM, IM&P, Unity (14SU3) and Expressway (14.0.7) estate. The guide looks good.

Can I ask (possibly a stupid question) is there any requirement to have OAuth enabled first in Enterprise parameters and Expressway or is this not necessary? Azure will instead do the token work and not prompt to sign in constantly?

0 Helpful

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to ly_36

‎02-22-2024 09:46 AM

SAML and OAuth are technically independent of one another. When both are enabled the longer life OAuth tokens allow the client to skip the SAML IdP until/unless the refresh token expires. I consider it best practice to enable both, including SIP OAuth - an extra step, but you're not required to. An easy example of where OAuth makes a big difference are inbound calls on mobile devices. Without OAuth, the user will be prompted to re-authenticate to the SAML IdP if their cookie has expired. The chances of a user successfully re-authenticating - especially with MFA - before the CFNA timer expires are pretty low.

Go to solution
ly_36
Level 1
Level 1

‎03-27-2024 02:55 AM

What item are we using for Common Name when creating the certificate for Azure? Nothing in the guide to indicate this

0 Helpful
Customers Also Viewed These Support Documents