Introduction
This document describes the Admin Self recovery for Control Hub if Single Sign-On does not work.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Webex Control Hub.
- Single Sign-On.
Components Used
The information in this document is based on these software and hardware versions:
- Azure AD ldP.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background
Previously when an Administrator had a failed log in with Single Sign-On when the ldP or SP certificate expires or if there is an outage for misconfiguration, a user was required to contact Cisco TAC to disable Single SIgn-On from the backend to repair the configuration.
The Self Recovery option allows users to update or disable Single Sign-On with a secure backdoor API.
Log In Error
Single Sign-On compromised: unable to access admin.webex.com or Webex app.
Single Sign-On bypass
Preferably on an incognito browser tab, go to admin.webex.com/manage-sso and enter the admin email.
Select Send One Time Password.
A One Time Password PIN sent from webex_comm@webex.com
Enter the one-time PIN received and click the Sign In button.
In the SSO Recovery Option choose Option 1: disable SSO or Option 2: update certificate and download metadata as needed.
Option 1
Select the toggle Modify your organization's SSO authentication.
Confirm action and select the Deactivate button.
Single Sign-On is successfully disabled and basic Webex authentication is in place.
Option 2
Choose a Certificate and upload updated ldP Metadata file.
Click Test SSO setup button.
Once Single Sign-On succeeds, it is safe to Sign Out from the Manage-SSO portal.
Related Information
Welcome to the Webex Community. This is your home to ask questions, share knowledge, and attend live webinars.