04-11-2022 12:17 AM
Hi Guys,
I want to migrate the AD authentication of the CUCM. There are two changes that I will make:
1. Migrate from AD X to AD Y. Currently I already setup the connection, the users has been populated on the new AD. But I have not changed the LDAP authentication settings to the new AD.
2. Change the authentication type to SAML SSO. Currently we use AD password authentication. I have the IdP and XML setup, but SSO have not been enabled yet.
Is it possible to have two AD as authenticator? Also, if I enable the SAML SSO to the new AD server for testing, will it affect the current AD authentication that uses password?
04-11-2022 12:31 AM
Hi,
CUCM supports only one AD for authentication. If you want to use SAML SSO with a new AD, you need to change the authentication also to the new AD in CUCM.
Thanks.
Shakir
04-11-2022 12:58 AM
Hi Shakir,
So as soon as I enable the SAML SSO, the LDAP authentication should be redirected to new AD? Say if I want to rollback the action, should I just change the LDAP authentication entry or I need to disable the SAML SSO also?
04-11-2022 05:15 AM
Hi,
I believe if you enable the SAML authentication, IdP is deciding the authentication. If my understanding is correct CUCM ldap authentication configuration will not have any effect. So ldap authentication is not redirecting to new AD, its the Idp. So you will be importing the idp metadata from the new AD Y so the authentication will be redirected to AD Y. if you want to roll back you need to disable SAML SSO. Sorry I mentioned wrongly in the previous response that you need to change the authentication also to new AD, its not needed I believe.
Thanks.
Shakir.
04-11-2022 05:44 AM
Hi Shakkir,
I see. Let me try on my environment. Will get back to post the result. Thank you.
04-11-2022 01:06 AM
You can only have a single Ad server for authentica
First move the AD from X to Y first. test all user authentications and then work on SSO.
04-11-2022 01:09 AM
Hi Nithin,
Say a rollback is needed for one reason or another. Should I disable the SAML SSO again?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide