Solved: Re: WebEx integration with Azure AD

Yangjp715 · ‎07-30-2019

Hi all,

We have 900 webex users under site admin and planning to integrate with Azure AD and enable SSO for authentication and auto account creation. I was wondering what is the system behavior after synchronization. The current users will keep the same if the email address is matching? What is the username for the new users after the synchronization? Is there any impact on the end users?

Alok Jaiswal · ‎08-16-2019

Look at this document. It will help you.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-tutorial

https://help.webex.com/en-us/g5ey83/Configure-Single-Sign-On-for-Cisco-Webex-Site

I think to enable SSO on WebEx meeting on site admin page (not via control hub) you have to reach out to Cisco to enable SSO. Once its done, you can configure site for SSO. You will be able to access site URL without SSO using below.

https://SITENAME.Webex.com/admin

Regards,

Alok

View solution in original post

mtabrez · ‎09-25-2019

Hi,

Azure AD integration is possible with Control Hub please review https://help.webex.com/en-us/aumpbz/Synchronize-Azure-Active-Directory-Users-into-Cisco-Webex-Control-Hub

What you have posted is JIT user provisioning with SSO for a site on Site Admin which is done as part of the SAML assertion please review https://help.webex.com/en-us/g5ey83/Configure-Single-Sign-On-for-Cisco-Webex-Site

Regards

Alok Jaiswal · ‎08-15-2019

I have done this in past multiple times and as far as you have email address matching for user, there won't be any impact.

Before you enable the full synchronization, run a dry sync to verify that its matching to currently users in the hub and not deleting any users. Also you can create policy for auto sync and apply necessary subscription during synchronization.

Regards,

Alok

Yangjp715 · ‎08-16-2019

Thanks, Alok. Actually, i would like to integrate WebEx site admin instead of control hub with Azure AD, then users can login from shortcut of VDI to their own WebEx account to manage meetings. Is there any different with the integrating control hub with Azure AD?

Alok Jaiswal · ‎08-16-2019

Look at this document. It will help you.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-tutorial

https://help.webex.com/en-us/g5ey83/Configure-Single-Sign-On-for-Cisco-Webex-Site

I think to enable SSO on WebEx meeting on site admin page (not via control hub) you have to reach out to Cisco to enable SSO. Once its done, you can configure site for SSO. You will be able to access site URL without SSO using below.

https://SITENAME.Webex.com/admin

Regards,

Alok

Yangjp715 · ‎09-24-2019

Hi Alok, have you done the auto account creation on site admin with Azure AD? I was told the directory synchronization needs to be enabled on the control hub only for that feature.

Alok Jaiswal · ‎09-24-2019

Yes, that's correct. You need a machine where you will install directory connector. The are some requirements for the login permissions and dot net etc, you can read through the documentation below:

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cloudCollaboration/spark/hybridservices/directoryconnector/cmgt_b_directory-connector-guide-admins.html

When you configure directory connector, you can then define which OU/group you want to pull and can define you AD servers in priority order. You can also define any specific filter for e.g. if you want to pull users from say a particular security group (that's how i normally deployed with all my WebEx deployments).

Regards,

Alok

Yangjp715 · ‎08-07-2019

Any advice on this?