Re: Enabling SSO with MFA in Azure

Karl Jacobsen · ‎03-04-2021

Question, we deployed the O365 add-in for the Webex scheduler a few weeks ago. Our staff have the Webex desktop app, Productivity Tools, and the O365 add-in. At one point we'll remove the Productivity Tools and just use the add-in. I enabled the Third-Party Integration for Microsoft a while ago so users can choose to authenticate to the site with their Azure credentials or Webex credentials. If we enable SSO in Site Admin and Control Hub, what happens to the desktop app, Productivity Tools, and O365 add-in? I know the desktop app currently uses the Webex site user credentials not Azure, I assume the Productivity Tools do too? Would the desktop app just prompt you to sign in again with your Azure credentials? When we enable SSO, how does the desktop app react with regards to MFA on our Azure site?

Does anyone have any knowledge base articles or screenshots to give to end users about the process of logging into these with SSO/Azure/MFA?

mwatts51212 · ‎01-04-2022

Karl,
I am in a somewhat similar situation. We are currently using Microsoft ADFS for SSO within the Cisco Control Hub. We are wanting to use SSO with our Microsoft Azure AD tenant now, but we are not sure if this will require everyone to use MFA. For instance, if I login to our Azure tenant, I must use MFA. Would this be the same for signing into Webex if moving to SSO with Microsoft Azure? That would be a little cumbersome for folks but if that is what is expected, then I would want to make sure we have proper education for everyone to follow before we make the change within the Control Hub.

Any feedback would be greatly appreciated!

Thanks,

Matt

Karl Jacobsen · ‎01-05-2022

Hi Matt,

We're fully SSO integrated with Azure for our Webex environment now. In order for any of our staff to login to Webex they MUST have an account in Azure. The only remaining issue is we have a separate O365 tenant for our students and Webex can only accept one tenant for auth in Azure so right now we don't claim the domain in Control Hub. It's verified but not claimed. Supposedly Cisco is going to add the ability to do multi-tenant auth but I haven't seen anything on it yet.

When we made the move the desktop client and prod tools were unaffected. The process was actually well accepted by my users. They were used to it because we've been using Azure with other systems so they were familiar with the screens.

mwatts51212 · ‎01-05-2022

Karl,

Thank you for the quick reply! I am glad that the move to Azure SSO with Webex went smoothly, overall. So, as far as users signing into Webex, it does or doesn't use MFA? Our Azure tenant forces users to setup MFA within 14 days of initial login and pretty much all of our users have not signed into Azure AD and registered with MFA. So, I am just trying to think of what approach we "have" to take. It really all depends on how Webex uses SSO with Azure. So, do your users have to use MFA when signing into Webex?

Thanks!

Matt

Karl Jacobsen · ‎01-05-2022

Yes, all of our users using SSO with Azure have MFA enabled. It's not a bad way to go...

mwatts51212 · ‎01-05-2022

Thanks Karl! I opened a Cisco TAC request asking the same question and haven't even heard back from them yet. Glad I went ahead and posted here. Very helpful indeed!

Karl Jacobsen · ‎01-05-2022

Good luck Matt!

Kyriakos.Stamoglou · ‎03-04-2021

Hi Carl,

In my organization we enabled SSO between Webex and Azure AD almost from the start of the Webex deployment. Users have the Webex meetings app and the Productivity tools (Outlook add-in). I am not sure if its the same with your deployment with O365 and if you talking for the new Webex app instead.

SSO with Azure AD works really well in our case, but it is not fully featured as setting up SSO with Active Directory. The Webex meetings app & Productivity tools (Outlook add-in) works really well if you distribute a customized .reg file to end users. Any user, when using Webex within our network is signed in automatically in meetings and Azure does not require MFA in this case .