Tutorial: Azure Active Directory integration with Cisco Webex
In this tutorial, you learn how to integrate Cisco Webex with Azure Active Directory (Azure AD).
Integrating Cisco Webex with Azure AD provides you with the following benefits:
- You can control in Azure AD who has access to Cisco Webex.
- You can enable your users to automatically get signed in to Cisco Webex with their Azure AD accounts.
- You can manage your accounts in one central location--the Azure portal.
For more details about SaaS app integration with Azure AD, see What is application access and single sign-on with Azure Active Directory?.
To configure Azure AD integration with Cisco Webex, you need the following items:
- An Azure AD subscription
- A Cisco Webex single sign-on-enabled subscription
We don't recommend using a production environment to test the steps in this tutorial.
To test the steps in this tutorial, follow these recommendations:
- Don't use your production environment unless it's necessary.
- If you don't have an Azure AD trial environment, you can get a one-month free trial.
In this tutorial, you test Azure AD single sign-on in a test environment. The scenario outlined in this tutorial consists of two main building blocks:
- Adding Cisco Webex from the gallery
- Configuring and testing Azure AD single sign-on
Add Cisco Webex from the gallery
To configure the integration of Cisco Webex into Azure AD, you need to add Cisco Webex from the gallery to your list of managed SaaS apps.
To add Cisco Webex from the gallery, take the following steps:
In the Azure portal, in the left pane, select the Azure Active Directory icon.
Go to Enterprise applications. Then go to All applications.
To add a new application, select the New application button on the top of the dialog box.
In the search box, type Cisco Webex.
Select Cisco Webex from the results panel. Then select the Add button to add the application.
Configure and test Azure AD single sign-on
In this section, you configure and test Azure AD single sign-on with Cisco Webex based on a test user called "Britta Simon."
For single sign-on to work, Azure AD needs to know who the counterpart user in Cisco Webex is to a user in Azure AD. In other words, you need to establish a link between an Azure AD user and a related user in Cisco Webex.
In Cisco Webex, give the value Username the same value as user name in Azure AD. Now you have established the link between the two users.
To configure and test Azure AD single sign-on with Cisco Webex, complete the following building blocks:
- Configure Azure AD single sign-on to enable your users to use this feature.
- Create an Azure AD test user to test Azure AD single sign-on with Britta Simon.
- Create a Cisco Webex test user to have a counterpart of Britta Simon in Cisco Webex that is linked to the Azure AD representation of user.
- Assign the Azure AD test user to enable Britta Simon to use Azure AD single sign-on.
- Test single sign-on to verify that the configuration works.
Configure Azure AD single sign-on
In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your Cisco Webex application.
To configure Azure AD single sign-on with Cisco Webex, take the following steps:
In the Azure portal, on the Cisco Webex application integration page, select Single sign-on.
To enable single sign-on, in the Single sign-on dialog box, in the Mode drop-down list, select SAML-based Sign-on.
In the Cisco Webex Domain and URLs section, take the following steps:
a. In the Sign-on URL box, type a URL with the following pattern:
b. In the Identifier box, type the URL
c. In the Reply URL box, type a URL with the following pattern:
These values are not real. Update these values with the actual reply URL and sign-on URL. Contact Cisco Webex Client support team to get these values.
On the SAML Signing Certificate section, select Metadata XML, and then save the metadata file on your computer.
In the Cisco Webex Configuration section, select Configure Cisco Webex to open the Configure sign-on window. Copy the Sign-Out URL, SAML Entity ID, and SAML Single Sign-On Service URL from the Quick Reference section.
In a different web browser window, sign in to your Cisco Webex company site as an administrator.
From the menu on the top, select Site Administration.
In the Manage Site section, select SSO Configuration.
In the Federated Web SSO Configuration section, take the following steps:
a. In the Federation Protocol list, select SAML 2.0.
b. For SSO profile, select SP Initiated.
c. Open your downloaded certificate in Notepad, and then copy the content.
d. Select Import SAML Metadata, and then paste the copied content of the certificate.
e. In the Issuer for SAML (IdP ID) box, paste the value of the SAML Entity ID that you copied from the Azure portal.
f. In the Customer SSO Service Login URL box, paste SAML Single Sign-On Service URL, which you copied from the Azure portal.
g. From the NameID Format list, select Email address.
h. In the AuthnContextClassRef box, type urn:oasis:names:tc:SAML:2.0:ac:classes:Password.
i. In the Customer SSO Service Logout URL box, paste Sign-Out URL, which you copied from the Azure portal.
j. Select Update.
You can now read a concise version of these instructions inside the Azure portal while you are setting up the app. After you add this app from the Active Directory > Enterprise Applications section, select the Single Sign-On tab, and then access the embedded documentation through the Configuration section at the bottom. You can read more about the embedded documentation feature at Azure AD embedded documentation.
Create an Azure AD test user
The objective of this section is to create a test user in the Azure portal called Britta Simon.
To create a test user in Azure AD, perform the following steps:
In the Azure portal, in the left pane, select the Azure Active Directory button.
To display the list of users, go to Users and groups, and then select All users.
To open the User dialog box, select Add at the top of the All Users dialog box.
In the User dialog box, take the following steps:
a. In the Name box, type BrittaSimon.
b. In the User name box, type the email address of user Britta Simon.
c. Select the Show Password check box, and then write down the value that's displayed in the Password box.
d. Select Create.
Create a Cisco Webex test user
To enable Azure AD users to sign in to Cisco Webex, they must be provisioned in Cisco Webex. In the case of Cisco Webex, provisioning is a manual task.
To provision a user account, take the following steps:
Sign in to your Cisco Webex tenant.
Go to Manage Users > Add User.
In the Add User section, take the following steps:
a. For Account Type, select Host.
b. In the First name box, type the first name of the user (in this case, Britta).
c. In the Last name box, type the last name of the user (in this case, Simon).
d. In the Username box, type the email of the user (in this case, Brittasimon@contoso.com).
e. In the Email box, type the email address of the user (in this case, Brittasimon@contoso.com).
f. In the Password box, type the user's password.
g. In the Confirm Password box, reenter the user's password.
h. Select Add.
You can use any other Cisco Webex user account creation tools or APIs that are provided by Cisco Webex to provision Azure AD user accounts.
Assign the Azure AD test user
In this section, you enable the user Britta Simon to use Azure single sign-on by granting them access to Cisco Webex.
To assign Britta Simon to Cisco Webex, take the following steps:
In the Azure portal, open the applications view. Next, go to the directory view, and then to Enterprise applications.
Select All applications.
In the applications list, select Cisco Webex.
In the menu on the left, select Users and groups.
Select the Add button. Then select Users and groups in the Add Assignment dialog box.
In the Users and groups dialog box, select Britta Simon in the Users list.
In the Users and groups dialog box, click the Select button.
Select the Assign button in the Add Assignment dialog box.
Test single sign-on
In this section, you test your Azure AD single sign-on configuration by using the access panel.
When you select the Cisco Webex tile in the access panel, you automatically get signed in to your Cisco Webex application.
For more information about the access panel, see Introduction to the access panel.