Cisco WebEx Meetings

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide Single Sign-On (SSO) for Cisco WebEx Meetings using SAML.

About Cisco WebEx

Cisco WebEx, formerly WebEx Communications Inc., is a company that provides on-demand collaboration, online meeting, web conferencing, and video conferencing apps.

After integrating Cisco WebEx with Oracle Identity Cloud Service:

  • Users can access Cisco WebEx using their Oracle Identity Cloud Service login credentials.
  • Users can launch Cisco WebEx using the Oracle Identity Cloud Service My Apps console.
  • Admins can assign and revoke user access to the Cisco WebEx app using the Oracle Identity Cloud Service administration console.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (Identity Domain Administrator or Application Administrator).
  • A Cisco WebEx account with authorization rights to configure federated authentication.
  • Make sure that the email ID of each user in Cisco WebEx matches the primary email ID of the Oracle Identity Cloud Service account.

Obtaining Tenant, IDCS Domain, and Account Name

A dedicated tenant, IDCS domain, and account name are required before you can register and activate the Cisco WebEx app.

  1. The tenant and IDCS Domain values appear in the Oracle Identity Cloud Service My Profile console URL: https://<IDCS_Service_Instance>.<identity.oraclecloud.com>/ui/v1/myconsole.

    Note: Use the value entered for IDCS_Service_Instance as Tenant, and the value entered for identity.oraclecloud.com as IDCS Domain during Cisco WebEx registration in the "Registering and Activating the Cisco WebEx App" section.

  2. The Cisco WebEx account name appears in the Cisco WebEx home URL: https://<Account_Name>.webex.com that you received in an email from Cisco WebEx.

    Tip: Use the values obtained in this section during Cisco WebEx registration in the "Registering and Activating the Cisco WebEx App" section.

Configuring the Cisco WebEx App in Oracle Identity Cloud Service

Use this section to obtain the required parameters to register and activate, and to enable provisioning and synchronization for Cisco WebEx. You can then assign users or groups to Cisco WebEx and start the user provisioning process.

Registering and Activating the Cisco WebEx App

  1. Access the Oracle Identity Cloud Service administration console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for Cisco WebEx, and then click Add.

  4. In the App Details section, enter your Cisco WebEx Account Name, Tenant, and IDCS Domain values, and then click Next.

    Note: These are the values that you obtained while performing the steps in the "Obtaining Tenant, IDCS Domain, and Account Name" section.

  5. Click Download Identity Provider Metadata. To learn about other methods you can use to access SAML metadata, see Access SAML Metadata.

    Tip: Use this file later during Cisco WebEx configuration in the "Configuring SSO for Cisco WebEx" section.

  6. Click Next. Oracle Identity Cloud Service displays the Provisioning page.

Enabling Provisioning and Synchronization for Cisco WebEx

Use this section to enable provisioning and synchronization for managing user accounts in Cisco WebEx through Oracle Identity Cloud Service.

Enabling Provisioning

  1. On the Provisioning page, select Enable Provisioning.

  2. Use the table to update the provisioning attributes, and then click Test Connectivity. A success message is displayed stating that the connection is successful.

    This table lists the provisioning attributes that you must set to enable provisioning.
    Attribute Value
    Site Name Enter the account name that you obtained while performing the steps in the "Obtaining Tenant, IDCS Domain, and Account Name" section.
    Site URL Enter the Cisco WebEx Site URL: https://<Account_Name>.webex.com/WBXService/XMLService.
    Administrator Username Enter the administrator's username.
    Administrator Password Enter the administrator's password.

  3. To view predefined attribute mappings between the user account fields defined in Cisco WebEx and the corresponding fields defined in Oracle Identity Cloud Service, click Attribute Mapping, and then click OK.

    Note: To add a new attribute for provisioning, click Add Attribute, specify the attributes in the User and Account columns, and then click OK. For example, if you want to add the External ID field, enter $(user.externalId) in the User column, and then select the corresponding field from the drop-down list in the Account column.

  4. Specify the provisioning operations that you want to enable for Cisco WebEx:

    Note: By default, the Create Account, De-activate Account, and Delete Account check boxes are selected.

    Create Account: Automatically creates an Cisco WebEx account when Cisco WebEx access is granted to the corresponding user in Oracle Identity Cloud Service.

    De-activate Account: Automatically deactivates or activates a Cisco WebEx account when the Cisco WebEx access is deactivated or activated for the corresponding user in Oracle Identity Cloud Service.

    Delete Account: Automatically removes an account from Cisco WebEx when Cisco WebEx access is revoked from the corresponding user in Oracle Identity Cloud Service.

Enabling Synchronization

  1. On the Provisioning page, select Enable Synchronization.

  2. From the User Identifier drop-down list, define a matching rule that links a record fetched from Cisco WebEx with an existing record in Oracle Identity Cloud Service:

    Note: By default, the User Name option is selected from the drop-down list. It is recommended to leave this default attribute for accurate synchronization of user records.

    Primary Email Address: Primary email address of the Oracle Identity Cloud Service user.

    User Name: User name of the Oracle Identity Cloud Service user.

  3. From the When exact match is found drop-down list, select one of the following actions to be performed when a matching Oracle Identity Cloud Service user is found for an account:

    Link and confirm: Automatically links and confirms the matched account to the corresponding Oracle Identity Cloud Service users based on the defined user identifier.

    Link but do not confirm: Automatically links all the matched accounts to the corresponding Oracle Identity Cloud Service users based on the defined user identifier. You need to manually confirm the linked accounts.

  4. In the Max. number of creates field, enter a number that is greater than or equal to 10. This value limits the number of accounts to be created during the synchronization run.

  5. In the Max. number of deletes field, enter a number that is greater than or equal to 10. This value limits the number of accounts to be removed during the synchronization run.

    After enabling provisioning and synchronization for Cisco WebEx, you can synchronize the existing account details from Cisco WebEx and link them to the corresponding Oracle Identity Cloud Service users. For more information on performing synchronization tasks, see the Importing User Accounts from a Software as a Service Application section in Administering Oracle Identity Cloud Service.

    You can also manage Cisco WebEx accounts through Oracle Identity Cloud Service. For more information on performing provisioning tasks, see the Managing Oracle Identity Cloud Service Users and Managing Oracle Identity Cloud Service Groups sections in Administering Oracle Identity Cloud Service.

  6. Click Finish, and Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Assigning Users to the Cisco WebEx App

  1. On the Cisco WebEx app page in Oracle Identity Cloud Service, select Users, and then click Assign. The Assign Users window appears.

  2. Select users that you want to assign to Cisco WebEx, and then click OK. Oracle Identity Cloud Service displays a confirmation message stating that the Cisco WebEx app is assigned to the users that you selected.

Configuring SSO for Cisco WebEx

  1. Access Cisco WebEx as an administrator using the URL: https://<Account_Name>.webex.com/admin. The Cisco WebEx Site Information appears.

  2. From the navigation menu, click Configuration, hover over Common Site Settings, and then select SSO Configuration. The SSO Configuration page appears.

  3. In the SSO Profile field of the Federated Web SSO Configuration section, select the SP Initiated option, and the AuthnRequest Signed check box. The Destination text box appears.

  4. Enter the Sign-in URL/SSO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/sso in the Destination text box. This allows users to initiate single sign on from Cisco WebEx.

  5. Use the table to update the federated authentication attributes, and then click Update.

    This table lists the mandatory federated authentication attributes that you must set to complete the SSO configuration.
    Attribute Value
    Import SAML Metadata Click to import your SAML metadata that you downloaded during Cisco WebEx registration in Oracle Identity Cloud Service. See the "Registering and Activating the Cisco WebEx App" section.
    WebEx SAML Issuer (SP ID) Enter the SAML Issuer (SP ID) : <Account_Name>.webex.com.
    NameID Format Select Email address from the drop-down list.
    AuthnContextClassRef Enter the value: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
    Single Logout Select the check box. The Customer SSO Service Logout URL text box appears.
    Customer SSO Service Logout URL Enter the Sign-out URL/SLO Endpoint: https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/idp/slo.

    Tip: When the Single Logout check box is not selected, users cannot initiate Single Log-Out (SLO) from Cisco WebEx. To logout of the application, click Site Administration in the upper-right corner of the My WebEx page, and then click Logout in the upper-right corner of the WebEx Administration page.

Verifying the Integration

Use this section to verify that SSO/SLO works when initiated from Oracle Identity Cloud Service (IdP initiated SSO) or from Cisco WebEx (SP initiated SSO/SLO).

Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service

  1. Access the Oracle Identity Cloud Services My Profile console using the URL: https://<IDCS-Service-Instance>.identity.oraclecloud.com/ui/v1/myconsole.

  2. Log in using credentials for a user that is assigned to the Cisco WebEx app. Oracle Identity Cloud Service displays a shortcut to Cisco WebEx under My Apps.

  3. Click Cisco WebEx. The Cisco WebEx home page appears.

  4. On the Cisco WebEx home page, confirm that the user that is logged in is the same for both Cisco WebEx and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Oracle Identity Cloud Service works.

Verifying Service Provider Initiated SSO from Cisco WebEx

  1. Access Cisco WebEx using the URL: https://<Account_Name>.webex.com. The Search Meetings page appears.

  2. In the upper-right corner of the header, click Log In. You are redirected to the Oracle Identity Cloud Service login page.

  3. Log in using credentials for a user that is assigned to the Cisco WebEx app. The Cisco WebEx home page appears.

  4. On the Cisco WebEx home page, confirm that the user that is logged in is the same for both Cisco WebEx and Oracle Identity Cloud Service.

    This confirms that SSO that is initiated from Cisco WebEx works.

Verifying Single Log-Out (SLO) from Cisco WebEx

  1. Access Cisco WebEx following the steps from the "Verifying Identity Provider Initiated SSO from Oracle Identity Cloud Service" or "Verifying Service Provider Initiated SSO from Cisco WebEx" sections.

  2. In the upper-right corner, click Log Out. The Search Meetings page appears.

    Note: If the user has already logged in to Oracle Identity Cloud Service My Profile console in the browser, that session is logged out, and then the login page appears.

    This confirms that SLO that is initiated from Cisco WebEx works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Cisco WebEx displays the message, "User Authentication Failed".

Cause: The email attribute sent by Oracle Identity Cloud Service during SSO doesn't match any existing user in Cisco WebEx.

Solution: Ensure that the user that you assign to the Cisco WebEx app has an account in both Oracle Identity Cloud Service and Cisco WebEx with the same email address.

Oracle Identity Cloud Service displays the error message, "You are not authorized to access the app. Contact your system administrator."

Cause 1: The SAML 2.0 integration between the Oracle Identity Cloud Service Cisco WebEx app and Cisco WebEx is deactivated.

Solution 1:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select Cisco WebEx.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the Cisco WebEx app using Oracle Identity Cloud Service.

Solution 2:

  • Access the Oracle Identity Cloud Service administration console, select Applications, and then select Cisco WebEx.
  • In the App Details section, select Users, and then click Assign to re-assign the user.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.