Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
1
Replies

Migrating from AD to Oauth

mbuttnerMSI
Level 1
Level 1

‎09-10-2018 05:57 PM

Looking for community input on migrations from a on-prem UCM/IMP/MRA 12.0 environment of AD authentication to Oauth/SSO. 

 

The migration looks like an all or nothing on the infrastructure side. Is there a clear way to do this without putting abrupt changes on the end user? With UCM its an on/off from what it looks like. Though you have the Expressway flexibility to have multiple UCMs with different authen methods.

 

Anyone able to test this on without spinning up separate domains/infrastructure? Lessons learned etc? We are actively deploying it following documentation like this below but if there is any first-hand experience out there, feedback would be greatly appreciated.

 

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/jabber/11_9/Unified-CM-OAuth-Whitepaper-v17-FINAL.pdf

 

 

Labels:
0 Helpful
1 Reply 1

Slavik Bialik
Level 7
Level 7

‎09-11-2018 03:29 AM

Well, besides changing it on the Expressway-C configurations, I would also recommend to go to: CUCM -> Enterprise Parameters, and change the "OAuth with Refresh Login Flow" to True.

If you also have Unity Connection and you are allowing users to access from their Cisco Jabber to their voicemail boxes, so you also MUST do the following:

Go to Unity Connection -> System Settings (menu) -> Authz Servers

And just add your CUCM as your OAuth Token provider, because if you don't do that then your users won't be able to access their voicemail anymore, as Unity needs to verify the OAuth token that Expressway-C sent him, and he has no knowledge about those tokens without the CUCM.

0 Helpful
Customers Also Viewed These Support Documents