An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)



Similar documents
An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Configuring. SuccessFactors. Chapter 67

Configuring. SugarCRM. Chapter 121

Connected Data. Connected Data requirements for SSO

Configuring SuccessFactors

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Configuring Salesforce

SAML single sign-on configuration overview

Configuring Parature Self-Service Portal

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

SAP NetWeaver AS Java

Configuring on-premise Sharepoint server SSO

Configuring. Moodle. Chapter 82

Sharepoint server SSO

SAML single sign-on configuration overview

Creating a generic user-password application profile

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

Configuring Single Sign-on from the VMware Identity Manager Service to AirWatch Applications

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Egnyte Single Sign-On (SSO) Installation for Okta

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

Google Apps Deployment Guide

IIS, FTP Server and Windows

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

Centrify Cloud Management Suite

Office 365 deploym. ployment checklists. Chapter 27

Managing users. Account sources. Chapter 1

To set up Egnyte so employees can log in using SSO, follow the steps below to configure VMware Horizon and Egnyte to work with each other.

Office 365 deployment checklists

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Configuring user provisioning for Amazon Web Services (Amazon Specific)

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Egnyte Single Sign-On (SSO) Installation for OneLogin

SAML application scripting guide

Introduction and overview view of Citrix ShareFile provisioning. Preparing your Citrix ShareFile account for provisioning

Single Sign-on. Overview. Using SSO with the Cisco WebEx and Cisco WebEx Meeting. Overview, page 1

McAfee Cloud Identity Manager

Fairsail. Implementer. Single Sign-On with Fairsail and Microsoft Active Directory Federation Services 2.0. Version 1.92 FS-SSO-XXX-IG R001.

Configuring Single Sign-on from the VMware Identity Manager Service to Dropbox

HOTPin Integration Guide: Salesforce SSO with Active Directory Federated Services

OneLogin Integration User Guide

This chapter describes how to use the Junos Pulse Secure Access Service in a SAML single sign-on deployment. It includes the following sections:

PingFederate. Salesforce Connector. Quick Connection Guide. Version 4.1

Configuring an ios App Store application

McAfee Cloud Identity Manager

SalesForce SSO with Active Directory Federated Services (ADFS) v2.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Getting Started with the Aloha Community Template for Salesforce Identity

VMware Identity Manager Administration

Step-by-Step guide for SSO from MS Sharepoint 2010 to SAP EP 7.0x

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

Copyright Pivotal Software Inc, of 10

T his feature is add-on service available to Enterprise accounts.

Using Internet or Windows Explorer to Upload Your Site

User Management Tool 1.5

Only LDAP-synchronized users can access SAML SSO-enabled web applications. Local end users and applications users cannot access them.

User-password application scripting guide

This section includes troubleshooting topics about single sign-on (SSO) issues.

Quick Start Guide. Installation and Setup

AVG Business SSO Partner Getting Started Guide

CA Nimsoft Service Desk

Configuring Single Sign-on from the VMware Identity Manager Service to Amazon Web Services

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Security Assertion Markup Language (SAML) Site Manager Setup

State Health Repository Tool (SHRT) Testing Instructions

SAML Single-Sign-On (SSO)

PingFederate. IWA Integration Kit. User Guide. Version 2.6

Single Sign On for ShareFile with NetScaler. Deployment Guide

McAfee Cloud Single Sign On

Flexible Identity Federation

Getting Started with AD/LDAP SSO

PingFederate. IWA Integration Kit. User Guide. Version 3.0

DocuSign Single Sign On Implementation Guide Published: March 17, 2016

Advanced Configuration Administration Guide

Centrify Mobile Authentication Services for Samsung KNOX

Microsoft Office 365 Using SAML Integration Guide

Single Sign-On Instructions (SSO) Registration for the SSO

SchoolBooking SSO Integration Guide

How To Use Salesforce Identity Features

Managing policies. Chapter 7

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Integrating Autotask Service Desk Ticketing with the Cisco OnPlus Portal

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

McAfee Cloud Identity Manager

Flexible Identity Federation

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

Active Directory Federation Services

Adding Single Sign-On to CloudPassage Halo

Lifesize Cloud Table of Contents

Enabling Single Sign- On for Common Identity using F5

CA Performance Center

Flexible Identity Federation

Setting Up Resources in VMware Identity Manager

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

SAM Context-Based Authentication Using Juniper SA Integration Guide

Configuring identity platform settings

Centrify Mobile Authentication Services

E-PLAN FREQUENTLY ASKED QUESTIONS

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Transcription:

Chapter 83 WebEx This chapter includes the following sections: An overview of configuring WebEx for single sign-on Configuring WebEx for SSO Configuring WebEx in Cloud Manager For more information about WebEx An overview of configuring WebEx for single sign-on To configure the WebEx application for single-sign on from the cloud service (an overview) 1 Prepare WebEx for single sign-on: Verify the WebEx account provides SSO: If using a sub-domain in WebEx, add and verify it Create WebEx user accounts 2 Configure WebEx for SSO with SAML: 3 Configure the application settings in Cloud Manager: Configure the WebEx web application in Cloud Manager. Here you specify some of the settings you specified in the web application directly. What you need ed before configuring this application A signed certificate. You can either download one from Cloud Manager or use your organization s trusted certificate. You ve created and verified a domain in WebEx. Or, if you don t have a separate domain, you ll use your main WebEx account. A regular, non-trial account. Trial WebEx accounts do not support SSO. Tip Here are some useful tips about configuring WebEx for SSO: If you do not see the SSO Configuration option in the Site Administration area, call WebEx directly and make sure they enable the SSO option. This can take 24 hours or more. If you make mistakes in the SSO Configuration and need to reset the account, call WebEx directly to have them revert the changes back to non-sso. 8

Configuring WebEx for SSO Setting up the certificates for SSO To establish a trusted connection between the web application and the cloud service, you need to have the same signing certificate in both the application and the application settings in Cloud Manager. If you use your own certificate, you upload the signing certificate and its private key in a.pfx or.p12 file to the application settings in Cloud Manager. You also upload the public key certificate in a.cer or.pem file to the web application. Configuring WebEx for SSO You need administrator privileges in WebEx to perform these steps. Note If you plan on using the certificate generated by the Cloud Manager, go log in there first and download the certificate before continuing. Note If you plan on configuring WebEx for SSO using IdP SAML metadata from Cloud Manager, download the metadata file from the WebEx application profile Application Settings file by clicking Download Identity Provider SAML Meta data as described in Configuring WebEx in Cloud Manager. Tip It can be useful to open the web application and Cloud Manager simultaneously and have them both open, perhaps side by side. As part of the SSO configuration process, you ll need to copy and paste settings between the two browser windows. Configuring WebEx automatically by uploading SAML metadata To configure WebEx for SSO using IdP SAML metadata: 1 Login to your WebEx account using your administrative user account. Your login URL is something like https://<yourcompanyidentifier>.webex.com. 2 If the Site Administration page doesn t appear, in the top menu bar click More Services and select Site Administration. 3 In the left panel, click SSO Configuration. 4 In the SSO Configuration page, click the Import SAML Metadata link. The Import SAML Metadata dialog box appears. 5 Use the Import SAML Metadata dialog box to upload the IdP SAML metadata file that you downloaded earlier from Cloud Manager, then click Import. Cloud Manager user s guide 9

Configuring WebEx for SSO 6 In the SSO Configuration page, specify the following: 7 Click Update to save the changes. 8 Log out of your WebEx account. Configuring WebEx manually To configure WebEx manually for SSO: 1 Login to your WebEx account using your administrative user account. Your login URL is something like https://<yourcompanyidentifier>.webex.com. 2 If the Site Administration page doesn t appear, in the top menu bar click More Services and select Site Administration. 3 In the left panel, click SSO Configuration. 4 Click Site Certificate Manager. A new window opens. SSO Profile Required IdP Initiated or SP-Initiated 5 Browse to your trusted certificate. Use either your own or the one you downloaded from the Cloud Manager. 6 Click OK and then click Close to close the Site Certificate Manager window. 7 In the SSO Configuration page, specify the following: Select the option that correlates with the SSO option that you plan to use. Auto Account Creation not selected Selecting this option interferes with WebEx provisioning. Auto Account Update not selected Selecting this option interferes with WebEx provisioning. Federation Protocol Required SAML 2.0 SSO Profile Required IdP Initiated or SP-Initiated WebEx SAML Issuer Required http://www.webex.com Select the option that correlates with the SSO option that you plan to use. Chapter 83 10

Configuring WebEx for SSO Issuer for SAML (IdP ID) Required [enter your company s domain name] Customer SSO Service Login URL Customer SSO Error URL Customer SSO Service Logout URL al NameID Format Required Unspecified AuthnContextClassRef Required urn:oasis:names:tc:saml:2.0 :ac:classes:unspecified 8 Click Update to save the changes. 9 Log out of your WebEx account. For example, acme.com. Use the company domain name that s in the certificate that you re using. If this URL is specified, users are redirected to this page if they try to log in directly to WebEx. This is SP-initiated SSO. To enable SP-initiated SSO, copy the Customer SSO Service Login URL from the WebEx Application Settings dialog box and paste it into this field. The Error URL is a customized page that displays when a user encounters an error in WebEx. If desired, paste the Error URL contents from the WebEx application settings in the Cloud Manager. If you want SP-initiated SSO AND you want users to log out of the user portal when they log out of WebEx, copy the URL from the WebEx Application Settings in the Cloud Manager and paste the URL here. If you want to keep users logged into the user portal after they log out of WebEx, enter a different URL. Auto Account Creation not selected Selecting this option interferes with WebEx provisioning. Auto Account Update not selected Selecting this option interferes with WebEx provisioning. Cloud Manager user s guide 11

Configuring WebEx in Cloud Manager Configuring WebEx in Cloud Manager To add and configure the WebEx application in Cloud Manager: 1 In Cloud Manager, click Apps. 2 Click Add Web Apps. The Add Web Apps screen appears. 3 On the Search tab, enter the partial or full application name in the Search field and click the search icon. 4 Next to the application, click Add. 5 In the Add Web App screen, click Yes to confirm. Cloud Manager adds the application. 6 Click Close to exit the Application Catalog. The application that you just added opens to the Application Settings page. 7 Specify the following: Issuer for SAML (IdP ID) Required [Enter the same Issuer that you specified on the WebEx website] WebEx Site Brand Name Required Enter your WebEx site brand name here. For example, if your login URL is acme.webex.com, enter acme here. Customer SSO Service Login URL Customer SSO Error URL [this field is automatically generated for you] The cloud service automatically generates the content of this field. If you want to do SP-initiated SSO, copy this URL into WebEx directly. If you want IdP-initiated SSO, leave this field as is. If desired, copy this URL into the Error URL in WebEx. This page displays when users encounter an error in WebEx. Chapter 83 12

Configuring WebEx in Cloud Manager Customer SSO Service Logout URL [this field is automatically generated for you] If you want users to log out of the user portal when they log out of WebEx, copy this URL and paste it into the same field in WebEx. If you want to keep users logged into the user portal after they log out of WebEx, leave this field as is. Download Identity Provider SAML Meta data al Click this link to download an IdP SAML metadata file that you can upload to WebEx to provide SAML configuration data as described in Configuring WebEx for SSO. 8 On the Application Settings page, expand the Additional s section and specify the following settings: Application ID Configure this field if you are deploying a mobile application that uses the Centrify mobile SDK, for example mobile applications that are deployed into a Samsung KNOX version 1 container. The cloud service uses the Application ID to provide single sign-on to mobile applications. Note the following: The Application ID has to be the same as the text string that is specified as the target in the code of the mobile application written using the mobile SDK. If you change the name of the web application that corresponds to the mobile application, you need to enter the original application name in the Application ID field. There can only be one SAML application deployed with the name used by the mobile application. The Application ID is case-sensitive and can be any combination of letters, numbers, spaces, and special characters up to 256 characters. Cloud Manager user s guide 13

Configuring WebEx in Cloud Manager Show in User app list Security Certificate Select Show in User app list to display this web application in the user portal. (This option is selected by default.) If this web application is added only to provide SAML for a corresponding mobile app, deselect this option so the web application won t display for users in the user portal. These settings specify the signing certificate used for secure SSO authentication between the cloud service and the web application. Just be sure to use a matching certificate both in the application settings in the Cloud Manager and in the application itself. Select an option to change the signing certificate. Use existing certificate When selected the certificate currently in use is displayed. It s not necessary to select this option it s present to display the current certificate in use. Use the default tenant signing certificate Select this option to use the cloud service standard certificate. This is the default setting. Use a certificate with a private key (pfx file) from your local storage Select this option to use your organization s own certificate. To use your own certificate, you must click Browse to upload an archive file (.p12 or.pfx extension) that contains the certificate along with its private key. If the file has a password, you must enter it when prompted. Upload the certificate from your local storage prior to downloading the IdP metadata or the Signing Certificate from the Applications Settings page. If the IdP metadata is available from a URL, be sure to upload the certificate prior to providing the URL to your service provider. 9 (al) On the page, you can change the name, description, and logo for the application. For some applications, the name cannot be modified. The Category field specifies the default grouping for the application in the user portal. Users have the option to create a tag that overrides the default grouping in the user portal. 10 On the User Access page, select the role(s) that represent the users and groups that have access to the application. When assigning an application to a role, select either Automatic Install or al Install: Select Automatic Install for applications that you want to appear automatically for users. If you select al Install, the application doesn t automatically appear in the user portal and users have the option to add the application. Chapter 83 14

Configuring WebEx in Cloud Manager 11 (al) On the Policy page, specify additional authentication control for this application.you can select one or both of the following settings: Restrict app to clients within the Corporate IP Range: Select this option to prevent users outside the company intranet from launching this application. To use this option, you must also specify which IP addresses are considered as your intranet by specifying the Corporate IP range in Settings > Corporate IP Range. Require Strong Authentication: Select this option to force users to authenticate using additional, stronger authentication mechanisms when launching an application. Specify these mechanisms in Policy > Add Policy Set > Account Security Policies > Authentication. You can also include JavaScript code to identify specific circumstances when you want to block an application or you want to require additional authentication methods. For details, see Application access policies with JavaScript. 12 On the Account Mapping page, configure how the login information is mapped to the application s user accounts. The options are as follows: Use the following Directory Service field to supply the user name: Use this option if the user accounts are based on user attributes. For example, specify an Active Directory field such as mail or userprincipalname or a similar field from the Centrify cloud directory. Everybody shares a single user name: Use this option if you want to share access to an account but not share the user name and password. For example, some people share an application developer account. Use Account Mapping Script: You can customize the user account mapping here by supplying a custom JavaScript script. For example, you could use the following line as a script: LoginUser.Username = LoginUser.Get('mail')+'.ad'; The above script instructs the cloud service to set the login user name to the user s mail attribute value in Active Directory and add.ad to the end. So, if the user s mail attribute value is Adele.Darwin@acme.com then the cloud service uses Adele.Darwin@acme.com.ad. For more information about writing a script to map user accounts, see the SAML application scripting. 13 (al) On the Advanced page, you can edit the script that generates the SAML assertion, if needed. In most cases, you don t need to edit this script. For more information, see the SAML application scripting. 14 (al) On the Changelog page, you can see recent changes that have been made to the application settings, by date, user, and the type of change that was made. 15 (al) Click Workflow to set up a request and approval work flow for this application. Cloud Manager user s guide 15

For more information about WebEx The Workflow feature is a premium feature and is available only in the Centrify Identity Service App+ Edition. See Configuring Workflow for more information. 16 Click Save. After configuring the application settings (including the role assignment) and the application s web site, you re ready for users to launch the application from the user portal. For more information about WebEx For additional information about configuring WebEx for SSO, see the following links: http://www.webex.com/webexconnect/orgadmin/help/index.htm?toc.htm?25575.htm http://developer.cisco.com/documents/4733862/4734214/ Federated+SSO+Authentication+Service.pdf Chapter 83 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information