cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
710
Views
20
Helpful
2
Replies

Cisco Directoy Conector versus Azure SCIM for Webex Control Hub Sync

Hi Pals,

could you please help me with this dilemma.?

 

I am trying to decide between user Cisco Directory Connector or Azure SCIM for user Sync inside Webex Control Hub

I know the key differences, is that Directory Connector allows users/groups sync and Azure SCIM only allows users.

 

I wanted to ask you guys if those key differences are killers or there is anything else I can select 1 technology over the other.

Like "SCIM is on early stages because of this..." "I recommend Cisco Directory Connector GREATLY because of this".

 

Could you please be kind of explain me why I should use one over the other?

I think I can save virtual machines by going SCIM, but dont know./

2 Replies 2

Cristian Boboc
Level 1
Level 1

From my experience, Integration with Cloud (Azure/Okta) is easier but you might have problems in managing users in the future (delete, remove from sync) as there are issues with Inactive users which are not getting deleted after 30 days in Control Hub (this might be a pain). Also, you won't be able to find anywhere in Control Hub a way to tell you that you have an active integration with Azure and you still be able to manage  (add, delete) users manually in Control Hub.

Directory Connector integration is more complex and requires effort and VM resources but the user management in Control Hub is as expected. Also, you won't be able to manage users manually in Control Hub.

DerekD
Level 1
Level 1

We use directory connector (with federated SSO) and have for 3+ years.  Does SCIM support the deprovisioning of CH/common identity accounts if using federated SSO?  What about "username" (email address) changes?  We do hundreds/thousands of those (account creates/deletes) a year and dozens of email address changes a year.  (60K host accounts as a university.)  Both of those account life cycles are handled upstream of CH, directory connector and even on-prem AD in our campus IdM processes.

 

We are still waiting on an API call to allow us to change a user's personal room URL based on their email address changing so that part we have to do by hand.

 

We don't use groups in directory connector as that feature wasn't there when we deployed it and so far haven't really found a need to handle groups.  Especially since it seems that many new features are controlled at the organization level and not the site or user level.  (Thinking Apps/Slido, admin based virtual backgrounds, Events (classic) access, etc.)  We may look at them again as we work through the Webex Meetings App and Jabber client migration to the Webex App.

Getting Started

Welcome to the Webex Community. This is your home to ask questions, share knowledge, and attend live webinars.