03-17-2022 10:48 AM - edited 03-17-2022 11:20 AM
Hi all,
the very first step for all organizations is to verify and claim a domain. By that, we can prevent users to set up free accounts with their business mail address or migrate existing ones into the affected org. This is even recommended for very small organizations with just a hand full of users.
We recently have onboarded a customer with domain let's say example.org. Only a few of his users were getting Calling and Meeting licenses, so we created accounts for all these users only. After a while, the customer asked why he's not seeing everyones presence state, it was only visible of "some" users. Those users that had no presence state were users that signed on as free users, so they're not in his org.
So verifying and claiming the domain before would have made it impossible for those collegues to create free accounts outside of the organization (or to join the org automatically). Having the users in the own organization would be no more change for the customer, but he would have full control of the user: organizational compliance and retention policies are just one important aspect beside the benefits of the org wide presence state.
This step is even independent from follow ups like setting up SSO or a directory sync. Both are additional great features that were just demod by Mike.
To verify a domain, simply navigate to your organizational settings, section Domains. Add your domain to the list. For each domain, you will be given a validation token that needs to be added as a txt DNS entry. Once populated there, complete the verification. The Control Hub will check if the token matches the given one. If so, it proves you to be in control of that domain.
After that, select Claim from the domain's menu. That's all! From now on, no user will be able to be created in another organization using this domain, neither a customer org nor as a free user.
For more information, check https://help.webex.com/cd6d84/
04-06-2022 07:05 AM
Some basic questions for a tiny 4 person company with no IT dept and a basic commercial cloud workspace that uses webex daily for client meetings:
To verify a domain, simply navigate to your organizational settings, section Domains. Add your domain to the list. (On the WebEx Control Hub?)
For each domain, you will be given a validation token that needs to be added as a txt DNS entry (Where is this added? Not WebEx Control Hub? Within the cloud provider admin console, the domain registrar?)
Once populated there, complete the verification (On the WebEx Control Hub?)
Also, verifying the domain asks for an internal site to verify CORS. Again, small firm, no infrastructure, 100% commercial cloud. Ideas for what to put here?
04-06-2022 09:52 AM
1) Correct, in CH you start the claim process. Click the add domain button and enter the domain (for instance example.org).
This is a screenshot of a CH org that has two verified domains:
To add another one, click on the "Add domain" button and enter example.org. After that, the new domain will appear pending in the list:
Click on "Retrieve verification token":
The green text must be copied into a txt record of your domain.
2) At your domain control panel. That really depends on where you have hosted your domain. Maybe there is a plesk admin interface for doing that.
This is a sample of a (German) interface for Plesk. The black rectangle covers the domain. No www must be passed, only example.org or whatever you domain looks like.
You have to paste the whole green text from the step before. After having applied, it may take some hours until the DNS has spread that new entry. You may manually verify by openeing a command prompt and do the following:
nslookup will open the DNS lookup tool
set q=txt will answer TXT records only
example.org will return the results for that domain
the white rectangles cover the actual domain/parts of the verification token.
3) Yes, again in control hub. Again in the pending domain's menu, by selecting "verify domain". By clicking that option, the CH basically does the same as you did in the cmd. If the code in the response match what CH presented you in set 1, that it assumes that you're in control of the given domain (example.org in this example). This is basically the same steps as you would do for a M365 exchange online mail system, there the token is named MS=ms... instead of cisco-ci-domain-verification=...
Hope that helps.
03-18-2022 09:06 AM
Often overlooked as one of the initial steps an IT Admin should complete when standing up their new Control Hub. Thanks for sharing!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide