Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this article, you learn how to integrate Cisco Webex with Microsoft Entra ID. When you integrate Cisco Webex with Microsoft Entra ID, you can:
- Control in Microsoft Entra ID who has access to Cisco Webex.
- Enable your users to be automatically signed-in to Cisco Webex with their Microsoft Entra accounts.
- Manage your accounts in one central location.
Prerequisites
The scenario outlined in this article assumes that you already have the following prerequisites:
- A Microsoft Entra user account with an active subscription. If you don't already have one, you can Create an account for free.
- One of the following roles:
- Cisco Webex single sign-on (SSO) enabled subscription.
- Service Provider Metadata file from Cisco Webex.
Scenario description
In this article, you configure and test Microsoft Entra SSO in a test environment.
- Cisco Webex supports SP initiated SSO.
- Cisco Webex supports Automated user provisioning.
Note
Identifier of this application is a fixed string value so only one instance can be configured in one tenant.
Adding Cisco Webex from the gallery
To configure the integration of Cisco Webex into Microsoft Entra ID, you need to add Cisco Webex from the gallery to your list of managed SaaS apps.
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Entra ID > Enterprise apps > New application.
- In the Add from the gallery section, type Cisco Webex in the search box.
- Select Cisco Webex from results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Alternatively, you can also use the Enterprise App Configuration Wizard. In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, and walk through the SSO configuration as well. Learn more about Microsoft 365 wizards.
Configure and test Microsoft Entra SSO for Cisco Webex
Configure and test Microsoft Entra SSO with Cisco Webex using a test user called B.Simon. For SSO to work, you need to establish a link relationship between a Microsoft Entra user and the related user in Cisco Webex.
To configure and test Microsoft Entra SSO with Cisco Webex, perform the following steps:
- Configure Microsoft Entra SSO to enable your users to use this feature.
- Create a Microsoft Entra test user to test Microsoft Entra single sign-on with B.Simon.
- Assign the Microsoft Entra test user to enable B.Simon to use Microsoft Entra single sign-on.
- Configure Cisco Webex SSO to configure the SSO settings on application side.
- Create Cisco Webex test user to have a counterpart of B.Simon in Cisco Webex that's linked to the Microsoft Entra representation of user.
- Test SSO to verify whether the configuration works.
Configure Microsoft Entra SSO
Follow these steps to enable Microsoft Entra SSO.
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Browse to Entra ID > Enterprise apps > Cisco Webex application integration page, find the Manage section and select Single sign-on.
On the Select a Single sign-on method page, select SAML.
On the Set up Single Sign-On with SAML page, select the pencil icon for Basic SAML Configuration to edit the settings.
On the Basic SAML Configuration section, upload the downloaded Service Provider metadata file and configure the application by performing the following steps:
Note
You get the Service Provider Metadata file from the Configure Cisco Webex section, which is explained later in the article.
a. Select Upload metadata file.
b. Select folder logo to select the metadata file and select Upload.
c. After successful completion of uploading Service Provider metadata file the Identifier and Reply URL values get auto populated in Basic SAML Configuration section:
d. In the Sign on URL textbox, type a URL using the following pattern:
https://web.ciscospark.com/idb/Consumer/metaAlias/<ID>/spNote
This value isn't real. Copy the literal Reply URL value and add this value to the
https://web.ciscospark.com/to formulate the actual Sign on URL value.Cisco Webex application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following screenshot shows the list of default attributes.
In addition to above, Cisco Webex application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirements.
Name Source Attribute uid user.userprincipalname Note
The source attribute value is by default mapped to userprincipalname. This can be changed to user.mail or user.onpremiseuserprincipalname or any other value as per the setting in Webex.
On the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, find Federation Metadata XML and select Download to download the certificate and save it on your computer.
Create and assign Microsoft Entra test user
Follow the guidelines in the create and assign a user account quickstart to create a test user account called B.Simon.
Configure Cisco Webex SSO
Sign in to Cisco Webex with your administrator credentials.
Select Organization Settings and under the Authentication section, select Modify.
Select Integrate a 3rd-party identity provider. (Advanced) and select Next.
Select Download Metadata File to download the Service Provider Metadata file and save it in your computer, select Next.
Select file browser option to locate and upload the Microsoft Entra metadata file. Then, select Require certificate signed by a certificate authority in Metadata (more secure) and select Next.
Select Test SSO Connection, and when a new browser tab opens, authenticate with Microsoft Entra ID by signing in.
Return to the Cisco Cloud Collaboration Management browser tab. If the test was successful, select This test was successful. Enable Single Sign-On option and select Next.
Select Save.
Note
To know more about how to configure the Cisco Webex, please refer to this page.
Create Cisco Webex test user
In this section, a user called B.Simon is created in Cisco Webex.This application supports automatic user provisioning, which enables automatic provisioning and deprovisioning based on your business rules. Microsoft recommends using automatic provisioning whenever possible. See how to enable auto provisioning for Cisco Webex.
If you need to create a user manually, perform the following steps:
Sign in to Cisco Webex with your administrator credentials.
Select Users and then Manage Users.
In the Manage Users window, select Manually Add or Modify Users.
Select Names and Email address. Then, fill out the textbox as follows:
a. In the First Name textbox, type first name of user like B.
b. In the Last Name textbox, type last name of user like Simon.
c. In the Email address textbox, type email address of user like b.simon@contoso.com.
Select the plus sign to add B.Simon. Then, select Next.
In the Add Services for Users window, select Add Users and then Finish.
Test SSO
In this section, you test your Microsoft Entra single sign-on configuration with following options.
Select Test this application, this option redirects to Cisco Webex Sign-on URL where you can initiate the login flow.
Go to Cisco Webex Sign-on URL directly and initiate the login flow from there.
You can use Microsoft My Apps. When you select the Cisco Webex tile in the My Apps, this option redirects to Cisco Webex Sign-on URL. For more information about the My Apps, see Introduction to the My Apps.
Related content
Once you configure Cisco Webex you can enforce Session Control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session Control extends from Conditional Access. Learn how to enforce session control with Microsoft Defender for Cloud Apps.