01-22-2018 04:45 PM
Hi,
We are looking at SSO using ADFS for a couple systems and were wondering if that means users have to have a domain account, we have a couple users that do not have an AD account and was wondering if it is possible to have a hybrid of SSO and local accounts.
Thanks in advanced!
Ted
01-31-2018 08:54 AM
Ted,
I will speak specifically for UCM. The answer to your question is, no. When you enable SSO for UCM, the login URL's are directed to your IDp. So the user that is logging in must be resolvable in your IDp. Even though you can defined local end users in UCM End User page, if they are not in your IDp, then you will not be able to get them logged in.
For UCM admin pages, you can bypass IDp by choosing the recovery login to UCM admin, which will use the Application User accounts, but app users on UCM do not have the same capabilities as an end user. Additionally, the CCMUser pages will exclusively redirect to IDp, thus preventing app users from managing their users setting through the CCMUser pages.
Thanks,
Dan Keller
Technical Marketing Engineer
01-31-2018 09:01 AM
Thanks Daniel! that was what we thought was the case for CUCM but weren't sure
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide