Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
0
Helpful
3
Replies

Enabling Azure AD authentication for an existing Webex deployment

detho9000
Level 1
Level 1

‎05-26-2021 06:54 AM

Hi everyone,

We have an existing paid-for Webex deployment and use the AD Directory Connector to get our user account info from our on-prem AD to Webex.  However the connector doesn't include AD authentication and everyone has a separate password for Webex. We do have hybrid authentication with AzureAD configured and working for other services.

 

So I'd like to integrate Webex with Azure AD so that my users can use their regular AD credentials for Webex.  I've read the documentation about configuring Webex SSO with Azure AD and I understand it in principal, but I still had some questions:

 

1) After configuring SSO can I specify which users I want to enable SSO for?  Ideally I'd like to turn on SSO to test it before I enable it for everyone.

2) After enabling SSO is it possible to convert my existing users over to using their AD credentials instead of creating new accounts for them?

 

Thanks!

Labels:
0 Helpful
3 Replies 3

yhung
Cisco Employee
Cisco Employee

‎05-26-2021 07:48 AM

Unfortunately the SSO is a global setting, so it would be enabled for all, you should add a backdoor account as an external full admin so you don't get locked out if it doesn't work, and revert the change if there's an issue.

 

And I believe that all the users will still be there, as long as the email address matches with the SSO id/email it should start using the IdP login instead of Webex CI.

 

This Cisco Live video may be helpful for you to see and get familiar with the process:

https://www.ciscolive.com/global/on-demand-library.html?search=DGTL-BRKCOL-2104#/session/1572829984801001e0WH

 

0 Helpful

detho9000
Level 1
Level 1
In response to yhung

‎05-26-2021 10:51 AM

Thank you for your response.  I'll check out the video.

 

In the mean time, is it possible to enable SSO and then go back to Webex CI without affecting my userbase permanently?  I'd like to turn on SSO sometime afterhours to test, and then turn it off and have everything be back to normal for the next business day.  After disabling SSO and going back to Webex CI, could my user accounts (Passwords, etc) be the same?

0 Helpful

yhung
Cisco Employee
Cisco Employee
In response to detho9000

‎05-26-2021 12:24 PM

So, when you set it up, it will give you an opportunity to test the connection, and if the connection fails, gives you the opportunity to revert back to CI:

 

Screen Shot 2021-05-26 at 3.02.04 PM.png

 

But after I enabled this, and disabled it, I was able to login with the original CI local admin account with the original password before I enabled SSO.

 

I do suggest that any changes you are going to make, have TAC on the call while you are performing these changes. I would also confirm this with TAC since they will support this change also if you need help.

0 Helpful
Customers Also Viewed These Support Documents