Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
6
Replies

CUCM AD Authentication Migration

fdharmawan
Level 4
Level 4

‎04-11-2022 12:17 AM

Hi Guys,

 

I want to migrate the AD authentication of the CUCM. There are two changes that I will make:

1. Migrate from AD X to AD Y. Currently I already setup the connection, the users has been populated on the new AD. But I have not changed the LDAP authentication settings to the new AD.

2. Change the authentication type to SAML SSO. Currently we use AD password authentication. I have the IdP and XML setup, but SSO have not been enabled yet.

 

Is it possible to have two AD as authenticator? Also, if I enable the SAML SSO to the new AD server for testing, will it affect the current AD authentication that uses password?

0 Helpful
6 Replies 6

Hudaifa shakkir Nattukallingal
Level 1
Level 1

‎04-11-2022 12:31 AM

Hi,

 

CUCM supports only one AD for authentication. If you want to use SAML SSO with a new AD, you need to change the authentication also to the new AD in CUCM.

 

Thanks.

Shakir

0 Helpful

fdharmawan
Level 4
Level 4
In response to Hudaifa shakkir Nattukallingal

‎04-11-2022 12:58 AM

Hi Shakir,

 

So as soon as I enable the SAML SSO, the LDAP authentication should be redirected to new AD? Say if I want to rollback the action, should I just change the LDAP authentication entry or I need to disable the SAML SSO also?

0 Helpful

Hudaifa shakkir Nattukallingal
Level 1
Level 1
In response to fdharmawan

‎04-11-2022 05:15 AM

Hi,

I believe if you enable the SAML authentication, IdP is deciding the authentication. If my understanding is correct CUCM ldap authentication configuration will not have any effect. So ldap authentication is not redirecting to new AD, its the Idp. So you will be importing the idp metadata from the new AD Y so the authentication will be redirected to AD Y. if you want to roll back you need to disable SAML SSO. Sorry I mentioned wrongly in the previous response that you need to change the authentication also to new AD, its not needed I believe. 

Thanks.

Shakir.

0 Helpful

fdharmawan
Level 4
Level 4
In response to Hudaifa shakkir Nattukallingal

‎04-11-2022 05:44 AM

Hi Shakkir,

 

I see. Let me try on my environment. Will get back to post the result. Thank you.

0 Helpful

Nithin Eluvathingal
VIP
VIP

‎04-11-2022 01:06 AM

You can only have a single Ad server for authentica

First move the AD from X to Y first. test all user authentications and then work on SSO.

 

 

 



Response Signature


0 Helpful

fdharmawan
Level 4
Level 4
In response to Nithin Eluvathingal

‎04-11-2022 01:09 AM

Hi Nithin,

 

Say a rollback is needed for one reason or another. Should I disable the SAML SSO again?

0 Helpful
Customers Also Viewed These Support Documents