Share via

Webex Teams SSO ADFS

Kriz Vitezslav 1 Reputation point
2020-11-12T14:05:28.753+00:00

Hi Community,

I dont know if somebody was facing the same issue but I will give a try and ask you..

I have implemented SSO, Webex Teams in dCloud and this is the scenario:
User Cholland is loging to the system with dcloud.cisco.loc or dcloud.cisco.com and in the Cloud is synced with Cisco Directory Connector with the email address. In my case it was ******@cb150.dc-03.com.

I have configured the ADFS and provided him alternative ID to login/authenticated with the mail address.

39375-2020-11-12-13-52-47-jumphost-vmware-workstation.png

If I try to login I will all time get the message to login again and authenticated.

39355-2020-11-12-13-51-26-jumphost-vmware-workstation.png

If the user has user logon name the same like email everything works just fine.

39413-2020-11-12-13-53-08-jumphost-vmware-workstation.png

39414-2020-11-12-13-53-16-jumphost-vmware-workstation.png

If I turn off the windows authentication i will get a page from ADFS and Im able to use the email to login to system.

If I turn on the windows authentication and the mail address is the same like logon name everything works just fine.

If I turn on the windows authentication and the mail address is different from logon name the authentication doenst work. What I have to do to bring this working?

Do you have somebody any idea what I have to setup on ADFS to have a working SSO if the user has .loc or .cisco.com user logon name?
Thank you so much!

Microsoft Security | Active Directory Federation Services

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pierre Audonnet - MSFT 10,191 Reputation points Microsoft Employee
    2020-11-14T11:34:58.18+00:00

    Windows Integrated Authentication uses the UPN or the DOMAIN\samaccoutname format. Not the alternate login ID you set.

    From your link:

    Wenn die integrierte Windows-Authentifizierung (WIA) ausgeführt wird (z. b. Wenn Benutzer versuchen, über das Intranet auf eine Unternehmens Anwendung auf einem in eine Domäne eingebundenen Computer zuzugreifen, und AD FS Administrator die Authentifizierungs Richtlinie für die Verwendung von WIA für das Intranet konfiguriert hat), wird der UPN für die Authentifizierung verwendet.

    From the English version:

    When Windows Integrated Authentication (WIA) is performed (for example, when users try to access a corporate application on a domain-joined machine from intranet and AD FS administrator has configured the authentication policy to use WIA for intranet), UPN isused for authentication.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.