Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
890
Views
0
Helpful
1
Replies

Jabber with Multi-Forest/Domain and SSO

jriacono5
Level 1
Level 1

‎09-20-2019 08:34 AM

Hello,

 

We are planning a new deployment for a client with multiple forests and domains. I know that you can use LDS to combine the directories and allow users to login. If we were to implement SSO and the IdP was able to authenticate users in each domain, would we need to do LDS still? I know we would need to do the LDAP directory sync but I'm wondering if SSO would negate having to do the LDAP authentication in CUCM.

 

Thank you,

James

 

 

0 Helpful
1 Reply 1

Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎09-21-2019 08:04 AM

SSO does not negate the LDAP sync - you still need to pull End Users in to the database.

The only officially supported way to support multi-forest on the same cluster is with MS LDS. The problem is that LDS is very poorly understood by most Microsoft admins. You may want to consider the viability of a cluster per-forest and rely on things such as ILS, EMCC, IM&P Inter-Cluster Peering, and CUC HTTPS Digital Networking instead.
0 Helpful
Customers Also Viewed These Support Documents