Cisco Webex Teams

Before You Begin

Introduction

This document describes how to configure Oracle Identity Cloud Service to provide single sign-on (SSO) and user provisioning for Cisco Webex Teams.

About Cisco Webex Teams

Cisco Webex Teams is a complete business collaboration service from Cisco cloud and it enables users to message, meet, or make calls. It also allows users to send one-to-one and group messages in virtual rooms with persistent content and context for team interactions.

After integrating Cisco Webex Teams with Oracle Identity Cloud Service:

  • Users can use their Oracle Identity Cloud Service login credentials to access Cisco Webex Teams.
  • Administrators can use the Identity Cloud Service console to assign and revoke user access to the Cisco Webex Teams app.

What Do You Need?

  • An Oracle Identity Cloud Service account with authorization rights to manage apps and users (by being assigned to the identity domain administrator or application administrator role).
  • A Cisco Webex Teams account with authorization rights to configure federated authentication and user provisioning.
  • A service provider signing certificate.
  • To make sure that the email ID of each user in Cisco Webex Teams matches the primary email ID of the Oracle Identity Cloud Service account.

Obtaining an Organization ID and a Service Provider Signing Certificate

Before you can register and activate the Cisco Webex Teams app, you'll need an organization ID and a service provider signing certificate. You obtain them from Cisco Webex Teams.

  1. Using the https://admin.webex.com/ URL, access Cisco Webex Teams as an administrator. The Overview page appears.

  2. In the lower-left corner of the navigation menu, click the company name. The My Company page appears.

  3. Under the Company Information section, make note of the Organization ID value in the text box.

    Image img1.png displays the Cisco Webex Teams My Company page with company name and Organization ID highlighted.

    Tip: Use this Organization ID to register and activate the Cisco Webex Teams app in Oracle Identity Cloud Service. See the "Registering and Activating the Cisco Webex Teams App" section.

  4. In the left navigation menu, click Settings. The Settings page appears.

  5. Locate the Authentication section, and then under Single Sign-On, click Modify. The Enterprise Settings window displays the Single Sign-On page.

  6. Select Integrate a 3rd-party identity provider. (Advanced), and then click Next.

  7. In the Export Directory Metadata page, click Download Metadata File and then close the Enterprise Settings window. The service provider metadata file is downloaded.

  8. Open the metadata file, and then locate the SPSSODescriptor tag.

  9. Copy the content between the ds:X509Certificate tags.

    Image img2.png displays the metadata content with md:SPSSODescriptor and ds:X509Certificate tags highlighted.

  10. To format the certificate, access the https://www.samltool.com/format_x509cert.php URL. The Format a X.509 certificate page appears.

  11. In the X.509 cert text box, paste the content, and then click FORMAT X.509 CERTIFICATE. The formatted certificate is displayed in the X.509 cert with header text box.

  12. In the X.509 cert with header text box, copy the certificate, paste it in a text file, and then save the file in a .pem format.

    Note: Use this certificate to register and activate the Cisco Webex Teams app in Oracle Identity Cloud Service. See the "Registering and Activating the Cisco Webex Teams App" section.

Configuring Cisco Webex Teams in Oracle Identity Cloud Service

Use this section to register and activate the Cisco Webex Teams app, and to enable provisioning and synchronization for Cisco Webex Teams.

Registering and Activating the Cisco Webex Teams App

  1. Access the Identity Cloud Service console, select Applications, and then click Add.

  2. Click App Catalog.

  3. Search for Cisco Webex Teams, and then click Add.

  4. In the App Details section, enter your Cisco Webex Teams Organization ID, and then click Next.

    Note: You obtained the Organization ID while performing the steps in the "Obtaining an Organization ID and a Service Provider Signing Certificate" section.

  5. In the SSO Configuration section, click Download Identity Provider Metadata. Alternatively, to access the metadata, use the https://<IDCS-Service-Instance>.identity.oraclecloud.com/fed/v1/metadata URL.

    Tip: You'll use this metadata file later in the "Configuring SSO for Cisco Webex Teams" section.

  6. Expand the General Settings section, and then upload the signing certificate of the service provider that you obtained while performing the steps in the "Obtaining an Organization ID and a Service Provider Signing Certificate" section.

  7. Click Next. Oracle Identity Cloud Service displays the Provisioning page.

Enabling Provisioning and Synchronization for Cisco Webex Teams

Use this section to enable provisioning and synchronization for managing user accounts in Cisco Webex Teams through Oracle Identity Cloud Service.

Enabling Provisioning

  1. In the Provisioning page, select Enable Provisioning.

  2. Under the Configure Connectivity section, click Authorize with Cisco Webex Teams. A Cisco Webex Teams log in page appears.

  3. To configure connectivity between the Cisco Webex Teams account and Oracle Identity Cloud Service, enter the Cisco Webex Teams admin credentials, and then click Sign In.

  4. Click Accept. You're redirected to the Oracle Identity Cloud Service Provisioning page. A success message is displayed, stating that the authorization is completed.

  5. Click the Actions drop-down list, and then select Test to verify the connectivity. A success message is displayed, stating that the connection is successful.

  6. To view predefined attribute mappings between the user account fields defined in Cisco Webex Teams and the corresponding fields defined in Oracle Identity Cloud Service, click Attribute Mapping, and then click OK.

    Note: To add a new attribute for provisioning, click Add Row, specify the attributes in the User and Cisco Webex Teams Account columns, and then click OK. For example, if you want to add the External ID field, enter $(user.externalId) in the User column, and then select the corresponding field from the drop-down list in the Cisco Webex Teams Account column.

  7. Specify the provisioning operations that you want to enable for Cisco Webex Teams:

    Note: By default, the Create Account, Update Account, and Delete Account check boxes are selected.

    Create Account: Automatically creates a Cisco Webex Teams account when Cisco Webex Teams access is granted to the corresponding user in Oracle Identity Cloud Service.

    Update Account: Automatically updates a Cisco Webex Teams account when the corresponding user is edited in Oracle Identity Cloud Service.

    Delete Account: Automatically removes an account from Cisco Webex Teams when Cisco Webex Teams access is revoked from the corresponding user in Oracle Identity Cloud Service.

Enabling Synchronization

  1. In the Provisioning page, select Enable Synchronization.

  2. From the User Identifier drop-down list, select the Oracle Identity Cloud Service user attribute that you want to match with the corresponding record fetched from Cisco Webex Teams:

    Note: By default, the Primary Email Address option is selected from the drop-down list. It's recommended to leave this default attribute for accurate synchronization of user records.

    Primary Email Address: Primary email address of the Oracle Identity Cloud Service user.

    User Name: User name of the Oracle Identity Cloud Service user.

  3. To match a Cisco Webex Teams account attribute with the existing Oracle Identity Cloud Service user, select an attribute from the Application Identifier drop-down list.

    Note: By default, the name option is selected. This option represents the username attribute of the Cisco Webex Teams account. Don't change this default option.

  4. From the When exact match is found drop-down list, select one of the following actions to be performed when a matching Oracle Identity Cloud Service user is found for an account:

    Link and confirm: Automatically links and confirms the matched account to the corresponding Oracle Identity Cloud Service user based on the defined User Identifier and Application Identifier fields. 

    Link but do not confirm: Automatically links all matched accounts to the corresponding Oracle Identity Cloud Service users based on the defined User Identifier and Application Identifier fields. You need to confirm the linked accounts manually. 

  5. In the Max. number of creates field, enter a number that's greater than or equal to 10. This value limits the number of accounts to be created during the synchronization run.

  6. In the Max. number of deletes field, enter a number that's greater than or equal to 10. This value limits the number of accounts to be deleted during the synchronization run.

    After enabling provisioning and synchronization for Cisco Webex Teams, you can synchronize the existing account details from Cisco Webex Teams and link them to the corresponding Oracle Identity Cloud Service users. For more information on performing synchronization tasks, see the Importing User Accounts from a Software as a Service Application section in Administering Oracle Identity Cloud Service.

    You can also manage Cisco Webex Teams accounts through Oracle Identity Cloud Service. For more information on performing provisioning tasks, see the Managing Oracle Identity Cloud Service Users and Managing Oracle Identity Cloud Service Groups chapters in Administering Oracle Identity Cloud Service.

  7. Click Finish, Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Configuring SSO for Cisco Webex Teams

  1. Using the https://admin.webex.com/ URL, access Cisco Webex Teams as an administrator. The Overview page appears.

  2. In the left navigation menu, click Settings. The Settings page appears.

  3. Locate the Authentication section, and then under Single Sign-On, click Modify. The Enterprise Settings window displays the Single Sign-On page.

  4. Select Integrate a 3rd-party identity provider. (Advanced), and then click Next.

  5. In the Export Directory Metadata page, click Next.

  6. In the Import IdP Metadata page, click the file browser link, and then upload the metadata that you downloaded in the "Registering and Activating the Cisco Webex Teams App" section. A success message appears, stating that the identity provider (IdP) metadata file was imported successfully.

  7. Locate the Signing of Metadata (Advanced) section, select Allow self-signed certificate in Metadata (less secure), and then click Next.

  8. In the Test SSO Setup page, click Test SSO Connection. In another tab, you're redirected to the Oracle Identity Cloud Service Sign In page.

  9. Log in as an administrator that's assigned to the Cisco WebEx Teams app in Oracle Identity Cloud Service. A success message appears, stating that SSO succeeded.

  10. In the Test SSO Setup page, locate and select The test was successful. Enable Single Sign On, and then click Save.

    Note: Enabling SSO deactivates the ability to log in using Cisco Webex Teams' user name and password. To verify that the service-provider-initiated SSO/SLO from Cisco Webex Teams works, remain logged in to the Cisco Webex Teams session until you complete the next section.

    To allow user provisioning authorization in Oracle Identity Cloud Service again, disable SSO in the Cisco Webex Teams app and attempt to authorize.

Verifying the Integration

Use this section to verify that SSO/SLO works when initiated from Cisco Webex Teams (a service-provider-initiated SSO/SLO).

Verifying the Service-Provider-Initiated SSO from Cisco Webex Teams

  1. Using the https://teams.webex.com URL, access Cisco Webex Teams. The Cisco Webex Teams sign in page appears.

  2. Enter your email address, and then click Next. You're redirected to the Oracle Identity Cloud Service Sign In page.

  3. Log in using credentials for a user that's assigned to the Cisco Webex Teams app. The Cisco Webex Teams home page appears.

  4. In the upper-left corner, click the display name icon and confirm that the user that's logged in is the same for both Cisco Webex Teams and Oracle Identity Cloud Service.

    This confirms that SSO that's initiated from Cisco Webex Teams works.

Verifying Single Log-Out (SLO) from Cisco Webex Teams

  1. To access Cisco Webex Teams, use the steps in the "Verifying the Service-Provider-Initiated SSO from Cisco Webex Teams" section.

  2. In the upper-left corner, click the display name icon, and then select Sign Out from the drop-down list. The Cisco Webex Teams sign in page appears.

    Note: If the user has already logged in to the Oracle Identity Cloud Service My Profile console in the browser, that session is logged out, and then the Oracle Identity Cloud Service Sign In page appears.

    This confirms that SLO that's initiated from Cisco Webex Teams works.

Troubleshooting

Use this section to locate solutions to common integration issues.

Known Issues

Cisco Webex Teams displays the message, "Check your email. We sent a six-digit confirmation code to <Email_address>"

Cause: The user attempting to initiate SSO doesn't have a valid account in Cisco Webex Teams.

Solution: Ensure that the user that you assign to the Cisco Webex Teams app has an account in both Oracle Identity Cloud Service and Cisco Webex Teams with the same email address.

Oracle Identity Cloud Service displays the message, "You are not authorized to access the app. Contact your system administrator."

Cause 1: The SAML 2.0 integration between the Cisco Webex Teams app and Cisco Webex Teams is deactivated.

Solution 1:

  • Access the Identity Cloud Service console, select Applications, and then select Cisco Webex Teams.
  • In the App Details section, click Activate, and then click Activate Application. Oracle Identity Cloud Service displays a confirmation message.

Cause 2: The administrator revokes access for the user at the same time that the user tries to access the Cisco Webex Teams app using Oracle Identity Cloud Service.

Solution 2:

  • Access the Identity Cloud Service console, select Applications, and then select Cisco Webex Teams.
  • In the App Details section, select Users, and then click Assign to reassign the user.

Cause 3: Under Enabling Provisioning, user provisioning authorization is attempted from Oracle Identity Cloud Service when SSO configuration is enabled in the Cisco Webex Teams app.

Solution 3: Access Cisco Webex Teams as an administrator, and then disable the SSO configuration under the Authentication section in the Settings page.

Unknown Issues

For unknown issues, contact Oracle Support:

  1. Go to https://support.oracle.com.

  2. Select Cloud Support, and then sign in with your support credentials.

  3. In the Cloud Dashboard, confirm that there are no planned outages in Oracle Identity Cloud Service, and then click Create Service Request.

  4. Select Oracle Identity Cloud Service as the service type.

  5. Complete your service request.