Solved: Single Sign-on and MFA in Control Hub

Daniel-aq · ‎02-06-2025

Hi everyone,

we have the requirement that a customer wants to use single sign-on in Control Hub but does not have a mfa solution in place. Does anyone have experience with using single sign on for Control Hub and also activating the MFA functionality in Control Hub? Expected behavior would be: User logs in into Webex utilizing their single sign-on IdP and then gets prompted to set up mfa / input the generated code from their totp application of choice?

Thanks in advance

Best

Daniel

dtibbe · ‎02-11-2025

Those MFA settings are handled by Webex itself, ie. all users may enable MFA themselves or must enable it as it is org wide configured.

So in case you'd have an external IDP that does also MFA, those users would get two MFA prompts (one by the IDP and one by Webex) currently.

Back to your question: if you enable it, those users will be asked to set up a TOTP application themselves and the secrets are in the Webex Cloud. It works with the Webex internal authentication as well as when using an external SSO solution.

View solution in original post

dtibbe · ‎02-11-2025

Those MFA settings are handled by Webex itself, ie. all users may enable MFA themselves or must enable it as it is org wide configured.

So in case you'd have an external IDP that does also MFA, those users would get two MFA prompts (one by the IDP and one by Webex) currently.

Back to your question: if you enable it, those users will be asked to set up a TOTP application themselves and the secrets are in the Webex Cloud. It works with the Webex internal authentication as well as when using an external SSO solution.

Daniel-aq · ‎02-12-2025

Thank you!