Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
5
Helpful
2
Replies

CUCM with SSO enabled: Logging in via LDAPS

Go to solution
Nadav
Level 7
Level 7

‎12-29-2022 03:44 AM

Hi,

 

If we have SSO enabled for CUCM and IM&P, is it possible to still login via LDAPS to the administration pages? Local authentication works with the recovery URL, but we can't get LDAPS working even though it worked before integrating SSO.

 

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎12-30-2022 04:24 AM

The only place LDAP authentication will be used with SAML SSO enabled are sign-in flows where the latter are not supported. The prime examples being MRA-connected IP Phones if not using Activation Code Onboarding & OAuth, MRA-connected TelePresence endpoints (ie anything running CE/RoomOS software), and RTMT if you toggle the Enterprise Parameter off for it.

Invest in your IdP deployment; it’s just as critical as DNS. The recovery URLs are there for the worst case scenario of an IdP outage (or misconfiguration) only. They only work with local super-admin accounts.

View solution in original post

2 Replies 2

Go to solution
Nadav
Level 7
Level 7

‎12-29-2022 04:27 AM

Update:  LDAPS isn't being used at all, for all screens other than OS admin and DRS it simply redirects to ADFS and you have to authenticate there. It still respects user roles configured in CUCM. 

 

This isn't ideal since now you have a dependency on ADFS/idP to authenticate to an administrative portal with a domain user rather than just AD.

0 Helpful

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎12-30-2022 04:24 AM

The only place LDAP authentication will be used with SAML SSO enabled are sign-in flows where the latter are not supported. The prime examples being MRA-connected IP Phones if not using Activation Code Onboarding & OAuth, MRA-connected TelePresence endpoints (ie anything running CE/RoomOS software), and RTMT if you toggle the Enterprise Parameter off for it.

Invest in your IdP deployment; it’s just as critical as DNS. The recovery URLs are there for the worst case scenario of an IdP outage (or misconfiguration) only. They only work with local super-admin accounts.

Customers Also Viewed These Support Documents