Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
986
Views
1
Helpful
8
Replies

Limit Jabber to specific endpoints

rm760
Level 4
Level 4

‎01-19-2017 12:01 PM - edited ‎03-17-2019 06:38 PM

Hello

I have been asked if it is possible to limit Jabber registrations to devices provided by the employer.  If such is possible, I would appreciate any direction given. 

Labels:
8 Replies 8

skilambi
VIP Alumni
VIP Alumni

‎01-19-2017 01:25 PM

Ron

Today there isn't a perfect solution for this, user based policy enforcement and that too broken down by modality of communication like IM vs voice/video is on the roadmap. You can however use cert based auth with x8.9 and if you don't have the cert you won't login

Planning Guide for Cisco Jabber 11.7 - User Management [Cisco Jabber for Windows] - Cisco

0 Helpful

rm760
Level 4
Level 4
In response to skilambi

‎01-19-2017 01:36 PM

Srinivasan

I did read this, but interpreted it to mean that the user would no longer require credentials.  Is this correct?

0 Helpful

rm760
Level 4
Level 4
In response to rm760

‎01-19-2017 01:43 PM

Also allow me to add this is an on premise non cloud install

0 Helpful

skilambi
VIP Alumni
VIP Alumni
In response to rm760

‎01-19-2017 01:51 PM

Yes uses expressway and your MDM solutions to push cert and of course UCM

Thanks

Srini

0 Helpful

skilambi
VIP Alumni
VIP Alumni
In response to rm760

‎01-19-2017 07:07 PM

The cert would identify the user so yes it's basically SSO with certs

Thanks

Srini

0 Helpful

rm760
Level 4
Level 4
In response to skilambi

‎02-18-2017 01:47 PM

Srinivasan

I have enabled SSO on VCS-E, VCS-C, and call manager.  VCS is set for exclusive MRA mode. SSO IdP is ADFS 2.0.  USers are logging in via SSO.  They can still use personal devices without certs on them to login just by knowing their AD credentials.  Do I need to expand the relay or CoT to include the CA cert provider?  If so please do detail how to go about doing so. 

0 Helpful

skilambi
VIP Alumni
VIP Alumni
In response to rm760

‎02-18-2017 03:48 PM

Ron

Not sure since I don’t have a client who has deployed it yet. Maybe a case for TAC to check if this is working as designed. You would think without the certificate, the client won’t be allowed to login, if they found your password but I am not sure. I know more security policies through expressway are being planned like controlling user group access by type of communication but that shouldn’t stop this from working. Let me know what was the end result though?

Srini Kilambi

0 Helpful

rm760
Level 4
Level 4
In response to skilambi

‎02-19-2017 10:19 AM

Srini

I am thinking now along the lines of the IdP processing.  Currently we are only doing form validation for credentials via Microsoft ADFS 2.0.  I believe going to ADFS 4.0 and incorporating certificate validation is going to be the next step.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents