Cisco WebEx Connect Administrator s Guide

For more information: In the U.S.: 800.374.2441 www.intercall.com info@intercall.com In Canada: 877.333.2666 www.intercall.ca Cisco WebEx Connect Administrator s Guide 2009. WebEx Communications, Inc. All rights reserved. Cisco, WebEx, and Cisco WebEx are registered trademarks or trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries. Other brands and products are trademarks or registered trademarks of their respective holders. Last modified on: 4/29/2009

Table of Contents Getting Started...4 Client Site and Desktop Requirements...4 Network Requirements...4 Capacity and Bandwidth Requirements...5 Bandwidth Requirement P2P...5 Bandwidth Requirement With Server Proxy...5 WebEx Connect Settings...6 Advanced Auditor Options...6 IM Client Proxy Addresses...6 Public IM Domain Names and URLs...7 WebEx Connect Integration with Other Instant Messagers...7 Communicating with LCS and Sametime Users...8 WebEx Connect Admin Console Setup...9 Administrative Tools...11 Adding Users...12 Adding Users...12 Searching Users...12 Adding single users...13 Importing multiple users from a CSV file...14 Editing users...15 Adding Users with Single Sign-on and Directory Integration Enabled...16 Assigning Spaces...16 Adding Groups...16 Adding groups...18 Editing groups...18 Deleting groups...19 WebEx Connect Roles...20 Default Roles...20 Configuring WebEx Connect...21 Configuring WebEx Connect...21 Notifications, Emails, and Alert Templates...24 Email Templates...24 Premium Services Configuration...26 Calendar Application Configuration...27 Migrating WebEx Connect...27 Using the Policy Editor...29 Understanding the collaboration features...29 Using the Policy Editor...30 Adding Policies...30 Adding actions to a policy...30 Applying policies to groups...32 Disabling Connect Spaces...32 Disabling Auto Upgrade...33 Single Sign On and Directory Integration...35 Single Sign-on...35 Single Sign-On Requirements...35 Single Sign-On Configuration of the Admin Console...35 Example for Installing WebEx Connect Client for SSO...37 Directory Integration...37 2

Directory Integration Import Process and File Formats...38 User File Formats...38 Group File Formats...39 User Inactivation...40 Group Deletion...41 Reports...42 WebEx Connect Reports...42 Usage Report...42 User Report...42 Storage Consumption Report...43 Generating Reports...43 CSV File Format...45 CSV Fields...45 CSV File Import Process...45 Sample CSV file...46 Library Management...47 Adding Applications...47 Copying applications to a library...47 Approving request to add application to public library...48 Removing applications from a library...49 Restoring applications to a library...49 WebEx Connect Command-line Parameters...51 Command-line Parameters...51 3

Getting Started The WebEx Connect Admin Console enables administrators to monitor, manage, control, and enhance user access to WebEx Connect. This section includes a summary of tasks to quickly get started using the WebEx Connect Admin Console. For more detailed instructions, refer to the chapters in the rest of the document. For more information on using the WebEx Connect product, refer to the WebEx Connect Help. A WebEx Connect organization administrator can perform the following functions using the WebEx Connect Admin Console: Create new users Edit user properties Configure WebEx Connect settings for users Client Site and Desktop Requirements The following are the minimum and recommended desktop requirements to install and run the WebEx Connect Client. Platform Windows: Pentium processor running Windows XP Professional Service Pack 2 or Vista Hardware Intel Celeron CPU 2.40 GHz, 512 MB Memory Disk Space 60 MB free hard drive space (100 MB of temporary space for the installation) Browser Internet Explorer 6.0 SP2, 7.0, Mozilla Firefox 2.0 Internet Internet connection that allows full Internet usage (not just a free Connection email service). Minimum requirement: Dial-up 56 kbps. Recommended: Broadband connection. Email Program Microsoft Outlook 2000 SP4 or later, Microsoft Outlook Express, or Microsoft Outlook 2007 Audio Full duplex sound card and a headset Video At least 1.8 GHz CPU, 800x600 resolution, 256 colors or more, and a webcam Network Requirements The following are the Network requirements to access the WebEx Connect Service. The Client PC must have Internet connectivity and be able to connect to the following hosts and ports: Type of Connection Host Name Port WebEx Connect IM Secure SSL Connection Slogin.oscar.aol.com 443 4

WebEx Connect Client configuration service (see note) WebEx Connect VoIP/Video WebEx Connect Desktop Sharing WebEx Connect Premium service ://aimpro.premiumservices.aol.com/cc/clientcon figurationws.jws 80 or 443 avsglobal.webex.com 80 or 443 aimprods01.webex.com 80 or 443 components.premiumservices.aol.com aimpro.premiumservices.aol.com radaol-prod-web-rr.streamops.aol.com 80 or 443 Note: WebEx Connect Client uses the Web Proxy information configured in Internet Explorer to access the client configuration service. If the proxy in the customer network is an authenticated proxy, the proxy will be appropriately configured to allow access to this URL without requiring any authentication. Additionally, ensure that you allow access to all URLs that have webexconnect.com and webex.com in them. Capacity and Bandwidth Requirements The following are the recommended bandwidth requirements for the Video sessions initiated from the WebEx Connect Client: BANDWIDTH REQUIREMENT P2P Resolution Maximum Frame Rate (fps) Minimum Bandwidth (kbps) Maximum Bandwidth (kbps) QVGA(320X240) 15 35-80 250-300 QCIF(176X144) 15 30-60 150-200 BANDWIDTH REQUIREMENT WITH SERVER PROXY Resolution Maximum Frame (fps) Minimum Bandwidth (kbps) Maximum Bandwidth (kbps) QVGA(320X240) 10 25-70 160 QCIF(176X144) 10 20-50 90 The bandwidth matrix is intended as a guideline. Additional bandwidth might be required based on your usage. 5

WEBEX CONNECT SETTINGS The following settings are required for WebEx Connect, including the type of connection, host name, port, and IP addresses. Type of Connection Host Name Port IM Service slogin.oscar.com 443 VoIP/Video avsglobal.webex.com 80 and 443 Desktop Sharing aimprods01.webex.com 80 and 443 Premium service components.premiumservices.aol.com 80 and 443 aimpro.premiumservices.aol.com radaol-prod-web-rr.streamops.aol.com Connect Platform Swapi.webexconnect.com 80 and 443 dms.webexconnect.com User Registraton and Marketplace.webex.com 80 and 443 MarketPlace Shortcut redirect URLs, www.webex.com 80 and 443 Downloads and Documentation URLs WebEx Services Incoming Emails To receive automatic Username & Passwords, set your SPAM Filter to allow emails from mda.webex.com. Connect IP Addresses 66.163.32.0 66.163.63.255 209.197.192.0-209.197.223.255 AOL Network Range 205.188.0.0 205.188.255.255 64.12.0.0 64.12.255.255 80, 443 and 5190 ADVANCED AUDITOR OPTIONS The following settings are required for Advanced Auditor, including the type of connection, host name, and port Type of Connection Host Name Port IM Service with Auditor Option slogin.webexaimpro.com 5191 Advanced Auditor admin https://<companyid>.webexaimpro.com 8443 Console WebEx AIM Pro - Secure SSL slogin.webexaimpro.com 5191 connections WebEx AIM Pro - Non-secure connections login.webexaimpro.com 5190 The Advanced Auditor Solution can also be used to manage and audit the traffic from/to public IM clients (Yahoo, MSN and/or GoogleTalk). IMA can be set to monitor/manage the public IM traffic in one of the two ways: Configuring the public IM clients with the proxy address provided by WebEx Communications Inc. Configuring the DNS server to redirect the URLs used by public IM clients to WebEx IM A servers. IM CLIENT PROXY ADDRESSES Following table lists the proxy addresses for different IM clients. The firewalls need to be setup appropriately to allow public IM clients to access the proxy addresses. 6

Type of Connection Host Name Port Yahoo IM proxy.webexaimpro.com 1080 MSN Messenger proxy.webexaimpro.com 1080 GoogleTalk proxy.webexaimpro.com 1080 AIM (Note: AIM 6.1 does not allow proxy to be configured) proxy.webexaimpro.com 1080 PUBLIC IM DOMAIN NAMES AND URLS Following table lists the public IM domain names and the corresponding WebEx URLs. The DNS should be configured to redirect the public IM domain names to the URLs specified. The firewalls need to be setup appropriately to allow connectivity to the WebEx IMA addresses. Public IM Domain Name WebEx IMA domain names Port scs.msg.yahoo.com proxy.webexaimpro.com 5050 relay.msg.yahoo.com scsa.msg.yahoo.com scsb.msg.yahoo.com scsc.msg.yahoo.com scsd.msg.yahoo.com messenger.hotmail.com proxy.webexaimpro.com 1863 messenger.msn.com gateway.messenger.hotmail.com talk.google.com proxy.webexaimpro.com 5222, 5223 login.oscar.aol.com Note: AIM 6.1 is not supported login.webexaimpro.com 5190 Public IM clients such as Yahoo! Messenger and MSN are designed to evade the common firewall and proxy controls used by enterprises. For Advanced Auditor solution to monitor the traffic from/to public IM clients, it is required that any direct connectivity between the public IM clients and the public IM cloud be prevented. Refer to the Facetime documentation on the latest information on IP addresses, URLs, and Ports that need to be denied access to block direct communication between public IM clients and the public IM cloud. WEBEX CONNECT INTEGRATION WITH OTHER INSTANT MESSAGERS WebEx Connect can federate with users of many leading Instant Messengers, including Jabber, IBM Lotus Sametime, and Microsoft Live Communications Server (LCS). 7

COMMUNICATING WITH LCS AND SAMETIME USERS The following prerequisites are necessary so that third party Instant Messaging solutions, such as Microsoft Live Communications Server (LCS) and IBM Lotus Sametime work properly with WebEx Connect: The third party Instant Messaging solution must have federation with AIM network enabled. Connectivity between the third party Instant Messaging solution and AIM network has to be established through respective vendors of the third party solution. For Intra-Company Federation (users who want to use the third party solution and WebEx Connect) need to use different domain names for the two Instant Messaging solutions. WebEx Connect administrators need to make the following DNS changes for their domain, for example, acme.com, to enable federation with the third party Instant Messaging solutions. DNS Entry Format for Federating with Microsoft LCS The format for Microsoft LCS is: _SIPFederationTLS._TCP.connectcustomer.com 3600 IN SRV 0 1 5061 sip.oscar.aol.com (replace connectcustomer with your organization s domain name). DNS Entry Format for all other Instant Messengers The format for all other supported third party solutions is: _sips._tcp.connectcustomer.com 3600 IN SRV 0 1 5061 sip.oscar.aol.com (replace connectcustomer with your organization s domain name). After the prerequisites are complete, WebEx Connect users can add the LCS or Sametime contacts with their screen name, just like any other contact and can begin exchanging IM conversations. Note: Due to the DNS caching in the internet, changes to DNS settings can take a few hours (in some cases, up to 72 hours) to take effect. Note: The domain name used by the enterprise system and the domain name used by WebEx Connect cannot be the same. 8

WebEx Connect Admin Console Setup You can access WebEx Connect administrative functionality the first time using the steps below. If you have Spaces disabled, see Logging in with Spaces Disabled. Logging in with Spaces Enabled To access to WebEx Connect administrative functionality the first time you log in, follow these steps: 1 Check your inbox for email from WebEx. The email is sent to the email address designated as the implementation contact when ordering the service. If you do not see the email from webex.com check your spam filter or contact WebEx Support. 2 Click on the URL in the email to reset the password. 3 Click on the URL in the email to download the latest WebEx Connect client. 4 Install and start WebEx Connect. 5 Log in using the email address and password from the initial account setup. 6 Click on the Spaces icon and then click on MyWebEx. 7 Click on the Administrative Tools tab to enter the WebEx Connect Admin Console. For more information on using WebEx Connect, refer to the WebEx Connect Help. 9

The following buttons appear on the User tab: Button Add User Description Add users on the User tab, one at a time. Edit User Open the Edit User dialog box to edit users. Import Users Import users from a CSV file. From the Administrative Tools tab, you can then: Customize emails you send to new WebEx Connect users and when users invite others to join WebEx Connect Team Spaces. For more information on customizing email templates, see Notifications, Emails, and Alert Templates. Add new WebEx Connect users from the User tab. Assign Roles and Groups to users. For more information on adding users, see Adding single users. Configure WebEx Connect for users from the Configuration tab. For more information on configuring WebEx Connect, see Configuring WebEx Connect. Use the Import Users button on the User tab to importing user information from a CSV (comma separated value) file. For more information on importing users, guidelines for formatting CSV files, and a sample CSV, see CSV File Format. For more information on importing users, see CSV File Format. Note: For additional information and documentation, click on the About tab. 10

Logging in with Spaces Disabled If you have Spaces disabled, you can access the WebEx Connect Admin Console by accessing this URL: http://www.webex.com/go/connectadmin Note: Customers with Single Sign-On or Directory Integration enabled need to contact WebEx representative for assistance in getting started with launching WebEx Connect Admin Console. ADMINISTRATIVE TOOLS The following tabs are available in the WebEx Connect Administrative Tools: Tab User Configuration Policy Editor Group Report About Description Add user information. Configure settings for users. Set policies and rules for users. Assign users to groups and assign group policies. View usage reports on users. View WebEx Connect documentation and version. 11

Adding Users The User tab enables you to view, edit, and create, groups, users, and roles for any applications running on the WebEx Connect users. From the User tab, you can: Add users Import users from a CSV file Assign users to Groups Add new Groups Assign Roles to users Adding Users You can search for, create, and edit users, and assign groups and roles to users. The Org Administrator role can only be assigned to users who are members of the top level group. A top level group, with the name of the organization provided at the time of provisioning. The name of the top level group begins with the name of the organization. In addition to manually adding and editing users and groups, the process is different for adding and editing users when SSO and directory integration is enabled. For more information on configuration, see Single Sign On and Directory Integration. For more information on adding users with SSO and Directory Integration enabled, see Adding Users with Single Sign-on and Directory Integration. SEARCHING USERS By default, the User tab shows each user s name, their email address, the primary group to which they belong and the assigned roles. The search field is case-sensitive. As an administrator you may have hundreds of users in your organization. If you want to view or change the details of one particular user, you want to be able to find that user easily. The WebEx Connect Admin Console has a filter and search feature that allows you to limit the number of user records showing at any one time or search for a specific entry. 12

To search for users: 1 Click the Search arrow to the left of the search field to display the dropdown list search criteria. Choose to search by email, first name, last name, or group name from the dropdown list. 2 Enter at least the first three letters of the search criteria into the search field, except for Search by Org Admin, which does not require a search string. 3 Select Page Size for the number of users to display per page. 4 Click the search button to the right of the search criteria. WebEx Connect Admin Console displays the records that match the search criteria. You can filter the records by selecting a criteria option from the Search drop-down list. List by User Name Email Address Group Name Inactive User Org Admin Employee ID (LDAP only) Filter criteria options Definition Enter at least three letters of the user s first or last name on which to search. All users with a name matching those letters are displayed in the User pane. Enter an email address on which to search. All users with an email address matching that letter are displayed in the User pane. Enter a group name to search. All users in that group are displayed in the User pane. Enter the inactive user s first or last name. Select this option to display all Org Admin users. You do not need to enter any search criteria. To find a specific Org Admin, enter the user s first or last name. Enter the user s exact Employee ID. This is for use only when Directory Integration is enabled. You can also limit the number of records displayed in the User pane. From the Page Size drop-down list, choose how many records to display per page. In addition, you can click First, Prev, Next, and Last buttons (shown below) to go to scroll through the list of records. ADDING SINGLE USERS An administrator can add new users, one at a time from the User tab. If not explicitly specified, a user is created under the default group with the default role (Group Member). The default group is decided when the user is created. Note: If you do not assign a user to a group an error message appears. To create a new user: 1 From the WebEx Connect Admin Console, select the User tab. 13

2 Click on the Add User icon to insert a new row. 3 Click in the Name field and enter the user s name. 4 Click in the Email field and enter an email address. 5 Double-click the Home Group field to select a group. The User Group and Role Management screen appears. 6 Click on a Group Name to associate with this user and click Select. To create new groups, see Adding Groups. 7 Click on the Roles link to select a role. The User Group and Role Management screen appears. 8 Select the Role check box to assign to the user. You can select more than one role to assign to the user. 9 Click Save. User records are automatically saved. 10 Continue adding users by clicking the Add User icon and repeating the previous steps. New users receive a welcome email based on the Welcome Email template in the WebEx Connect Admin Console. For details on email templates, see Notifications, Emails, and Alert Templates. Note: If there is missing information or errors when you add new users, the errors are highlighted in yellow and a message is displayed. IMPORTING MULTIPLE USERS FROM A CSV FILE To import users from a CSV file: 1 From the WebEx Connect Admin Console, select the User tab. 2 To import multiple users click the Import User button. 14

The Import User dialog box appears above the user list. 3 Click Select File to select the CSV file you want to import and click Import. After the import is complete, the administrator who initiated the import, receives an email with the status of the import. The email states whether the import was a success, failure, or terminated. The CSV file is imported and the users appear in the User tab. For more information on CSV file format and a sample file, see CSV File Format EDITING USERS As an administrator, you have permission to edit all the properties of an existing user. You can change the groups a user is assigned to and change the roles associated with that user. To edit a user: 1 Select the user you want to edit in the User tab. 2 Click the Edit User icon. The Edit User dialog box appears. All the current properties of the user are displayed. 3 Edit any properties in the Edit User dialog box. In addition, you can use this screen to reset the user password. Note: The Screen Name format must match the Business Email format and must comply with the domain list. By default, this value is automatically populated. 4 Click Save. 15

Adding Users with Single Sign-on and Directory Integration Enabled In addition to manually adding and editing users and groups, the process is different for adding and editing users when SSO and directory integration is enabled. For more information on Single Sign-on (SSO) and Directory Integration, see Single Sign On and Directory Integration. When Directory Integration is implemented with WebEx Connect: Users and groups are created from corporate directory files provided by the company or organization. Org Administrators cannot directly edit the user and group data. When the user and group data needs updating, the company provides an updated corporate directory file that can be imported into WebEx Connect. The CSV file import function is not available. When Single Sign-On is implemented with WebEx Connect. New user accounts are automatically created when the user logs into WebEx Connect for the first time. When SSO is implemented, user accounts are automatically provisioned the first time the user logs into WebEx Connect. Assigning Spaces The WebEx Connect Administrator can reassign spaces owned by a user to any user. Once assigned the user to which the space is assigned becomes the space administrator for all the spaces. For example, if an employee leaves a company, the Administrator can reassign this user s spaces to another user. You can turn off the spaces feature by creating a policy. For more information, see Disabling Connect Spaces. To reassign a space to another user: 1 Right-click the name of a user from the User tab and select Assign User. 2 Enter the name of the user you want to be the space owner for all the spaces that belong to this user. 3 Click Assign. Adding Groups The WebEx Connect Administrator organizes users into groups. The groups are assigned group policies to determine what actions should be taken when users belong to a particular group. Users can be members of one or more groups. However, policies applied to users home group overrides any other policies. The first time you open the WebEx Connect Admin Console there will be a default list of groups available. These groups cannot be edited or deleted at this time, however you can create new groups or edit or delete these new groups at any time. You can assign users to a group to which you apply a specific policy. 16

When WebEx Connect is provisioned, an Organization is created the top level group: A top level group, with the name of the organization provided at the time of provisioning. The Org Administrator role can only be assigned to users who are members of the top level group. The name of the top level group begins with the name of the organization. Note: WebEx Connect sees a personal library appear as a group associated with a user, but this group cannot be modified. Assigning the Org Administrator Role A user can be assigned an Org admin role, as long as the user is a member of top level group. A member of a group can be assigned Group Administrator Role. For LDAP only, users can be assigned the Org Admin role to the top level group by right-clicking on the user and selecting Assign Org Admin. Group Administrator Role Group Administrator role allows a user to: View a list of users in the group, and in the sub-groups Search for users by group, and move users between the groups managed Apply policies to groups managed Be an administrator of only one group (home-group and its sub-groups) Create sub-groups A Group Administrator cannot: Create new users No migration tab, therefore cannot migrate users Create policies 17

Note: Users can only be a group administrators for their home group. ADDING GROUPS If you are an org or group administrator, you can create new groups. To create a new group: 1 From the User tab, double-click to select a group. 2 From the User Group and Role Management dialog box, double-click to open the Select Group box. 3 Right click to Add a group. The default name New Group is assigned. 4 Enter the name of the group at the top of the dialog. 5 Select the group and click Select to save the group and close the Select Group dialog. 6 Click Save on the User Group and Role Management dialog box. EDITING GROUPS As an administrator, you rename groups. To edit an existing group: 18

1 Select the group you want to edit in the User tab. 2 Double click the group name. The User Group and Role Management dialog box appears. 3 Double click the group name to open the Select Group dialog box. Edit any properties in the User Group and Role Management dialog box. To rename a group, click at the top of the dialog box, next to Group Name and enter a new name. 4 Click Select on the Select Group dialog box. 5 Click Save on the User Group and Role Management dialog box. DELETING GROUPS You can only delete a group if the group is empty and has no users associated with it. However, if a group is not empty, you can delete any users that belong to multiple groups. You cannot delete any default groups. To delete a group: 1 Select the group you want to edit in the User tab. 2 Double click the group name. The User Group and Role Management dialog box appears. 3 Double click the group name to open the Select Group dialog box. 19

4 Right click the name of the group and select Delete Group. 5 Click Select on the Select Group dialog box. 6 Click Save on the User Group and Role Management dialog box. WebEx Connect Roles Roles grant specific privileges to individual users or groups and allow them to perform specific actions. There are some default roles and privileges. Each default role in the WebEx Connect Admin Console includes one or more privileges, which determines the level of access a user has to applications running on the WebEx Connect platform. Note: A role can have one or more privileges, but the available privileges are determined by the choice and category already selected for that particular role. DEFAULT ROLES The default roles are displayed on the User Group and Role Management screen. For a regular organization, the Org Administrator can assign Group Admin, Group Member, or Org Admin roles to users. The Group Administrator can assign only Group Admin and Group Member roles to users. The default roles in the WebEx Connect Admin Console are: Group Administrator Role assigned to the person who has responsibility for all the actions and tasks relating to the group. Group Member Role assigned to person who is a member of a group. Org Administrator Role assigned to the user who manages the WebEx Connect organization. This role can only be assigned to a user who belongs to the top level group. 20

Configuring WebEx Connect As an administrator you can set a default user level storage allocation for the an organization or modify storage allocation on a user-by-user basis. You can also configure notification alerts that are sent to a user or an organization when a certain event occurs. Configuring WebEx Connect The Configuration tab allows you to set and control default settings WebEx Connect users. To configure WebEx Connect settings: 1 Click the Configuration tab. The Configuration screen appears. 2 Enter the information in the settings fields. Field Domain Name Domain White List Definition Super Admin Settings The list of domain names associated with the organization. This list determines the domain names that can be used as part of user screen names. The organization needs to own the domain names associated with the organization. The domain name list cannot be changed by the Org admin. To add new domain names into this list, contact support. This is not a Super Admin setting. The Org Administrator can add domains to the white list. The list of domain names used for defining the trusted domains and companies for 21

Storage Purchased Storage Used Number of users Enable storage enforcement of each user Default Storage Allocation per User Enable User Self- Registration Display contact pictures in contact list User Registration URL Forgot Password URL Connect Support URL Center Site URL Click-to-Call Allow user to enter manual setting User IM visibility Blocked URLs communication and collaboration. For example, Organizations can define the partner domain names and enforce communication policies using the domains specified in the white list. Domains that are added to the white list receive the same privileges as internal users. Resource Allocation The amount of storage purchased by the company. (Read only field. Contact WebEx to make a change). The storage amount used by the company. (Read only field). The number of company licensed WebEx Connect users. (Read only field. Contact WebEx to make changes). Check this box to limit the maximum allowed storage per user. Disabling this option allows the user to use the storage up to the org or department storage limit. The maximum storage amount allowed for each user. Enter the storage amount to be allocated to all users. The Administrator can specify a unique amount for individual users on a case by case basis. When the default value is changed for all users, the unique allocations for the individual users is not affected. Default Settings Select Yes or No to allow users to register on www.webex.com/go/wc and become part of the organization without manual provisioning by the administrator. When this is disabled, users will get a message to contact their administrator. Select Yes or No to allow users to display a picture with their name on the contact list. Configure URL Specify custom messages with contact information and expose this page to any user attempting to register for a Guest Edition user with the domains owned by the Company. This URL is only effective is self-registration is disabled. This URL is used in rare customer-specific scenarios where WebEx Connect cannot support self-managed user password reset. The URL that is shown to users from WebEx Connect Help>Support menu. Leave this field blank to use default functionality. The URL for the center site. Connect Telephony Select to enable Click-to-Call functionality. If enabled, enter CUCM (Cisco Unified Communication Manager) IP address or URL. Select to allow manual setting. IM Settings Select Yes to enable the Invisible menu option for Instant Messaging users. Select No to disable the Invisible menu option. Enter the URLs that are not allowed to send instant messages to users. User Profile Override and View Settings 22

User Profile Override Select Yes or No to allow users to override the default setting that the org administrator set for users to set their profile. User Profile View Setting Select from the dropdown menu who can view the user s profile. Directory Input Scheduling Job Scheduling This is only used with Directory Integration. Enter the date and time you want the directory files to import into WebEx Connect. Use UNIX cron job format for this field. For details on cron format, see http://www.opensymphony.com/quartz/api/org/quartz/cronexp ression.html. Notification Emails This is only used with Directory Integration. Enter the email addresses for those you want to receive status of the import of directory files. Security Settings Org, WebEx, and Select one of the certificates to import. For more information, Federated Web SSO see Directory Integration. The Super Admin must give the Certificate management Org Administrator permissions to update these settings. Calendar Application Configuration Locations Select conference room locations to appear in Calendar. Click Add to add locations. For more information, see Calendar Application Configuration. Notifications, Emails, and Alert Templates Emails and Notifications Notifications, Emails, and The notifications and alerts that are emailed to users when a Alert Templates Emails certain event occurs. To edit Email templates, see and Notifications Notifications, Emails, and Alert Templates. Premium Services Configuration Add/Delete Services Add premium services to WebEx Connect. For more information, see Premium Services Configuration. 3 To enable Click-to-Call feature, you also need to enable settings for the CUCM Account. From the Edit menu in WebEx Connect, select Settings. Select Click-to- Call, then Set Up Account. 4 Select Use default server and click OK. 5 Click Save. 23

Notifications, Emails, and Alert Templates WebEx Connect Admin Console provides templates for email notifications and alerts WebEx Connect users receive. These templates can be modified easily and quickly. See Email Templates on page 33 for details on the templates and their macros. To modify email templates: 1 Click the Configuration tab. The Configuration screen appears where you can enter settings for users. 2 Scroll down to Notifications, Email & Alert Templates section of the Configuration tab. 3 Select one of the templates and click Edit Mail Template. The Edit Email Template dialog box appears. 4 Enter the text you want to change in the bottom part of the screen. 5 Click Save. Email Templates The WebEx Connect Admin Console provides templates for email notifications and alerts WebEx Connect users receive. These templates can be modified easily and quickly. Note: WebEx Connect email templates are pre-populated with appropriate templates for out of the box use. Email Variables and Macros Welcome Message Default email %USERNAME% The name of the user. contains links to reset password, download the client, documentation, and community %CLIENTDOWNLOADURL% The URL links. that takes the user to the welcome message. 24

Space Invitation Message Connect User Default template includes information on how to get to the space and link to the community. Space Invitation Message Non-Connect User Default template includes information on where to get a WebEx Connect account, how to open a new space, and link to the community. Get or Reset Password Email Email is sent when WebEx Connect Administrator resets password. Notify Space Members Email Default template for manual notifications sent from within spaces. IT purchase notification to Guest Edition Users Email to notify Guest Edition users that their account will be deactivated. Add to Public Library Request A request to copy an application to the public library. Deny Add to Public Library Request A denied request to add to an application to the public library. Invitation to Guest Edition Users Email to invite Guest Edition users to upgrade to Business Edition. Department purchase Notification to Guest Edition Email to Guest Edition users to change their password. Storage Limit Exceeded Notify user that their storage limit has been exceeded. %NEWPASSWORDURL% The new password variable. %SPACEOWNER% Name of the space owner %SPACENAME% Name of the space %USERDEFINEDMESSAGE% Text entered by the space owner at the time of creating the space %SPACEOWNER% The name of the Space owner. %SPACENAME% The name of the user. %USERDEFINEDMESSAGE% %REGISTERURL% URL where the user can register as a Space user %NEWPASSWORDURL% URL that will take the user to reset password. %UserMessage% The message the user writes. %ObjectLink% The URL that takes the space member to a particular location specified by the user. %SpaceName% The name of the user s space. %USERNAME% The name of the user. %USERNAME% The name of the user. %APPNAME% The name of the application to copy to the library. %APPNAME% The name of the application to copy to the library. %LINKTOINVITATION% URL where the user can register as a Business Edition user. %NEWPASSWORDURL% URL where the user to reset password. %LIMIT% maximum amount of storage allowed. %ADMINEMAIL% WebEx Connect Administrator s email. 25

Email Sent when user provision job completes, is interrupted, or fails Email to notify user that the user import job completed, interrupted, or failed. Email sent when directory integration (group provisioning) job fails Email to notify user that the batch import job failed. Email sent when directory integration (group deletion) job fails Email to notify user that the batch group deletion job failed. Email sent when directory integration (user inactivation) job fails Email to notify user that the batch user inactivation job failed. %USERNAME% The name of the user. User is instructed to contact support for help. User is instructed to contact support for help. User is instructed to contact support for help. The following is an example of the Welcome email template that a new user receives: Premium Services Configuration The WebEx Connect Admin Console allows the administrator to add and configure premium services to WebEx Connect. To configure premium services: 1 Click the Configuration tab. The Configuration screen appears where you can enter settings for users. 2 Scroll down to the Premium Services Configuration part of the Configuration screen. 26

3 Check the box for each service you want to include. Use the buttons to the right of each service, to add, modify, or delete the service. 4 Click Save. Calendar Application Configuration The WebEx Connect Admin Console allows the administrator to add and configure premium services to WebEx Connect. To configure premium services: 1 Click the Configuration tab. 2 Scroll down to the Calendar Application Configuration section of Configuration. 3 Click the Add icon to add a calendar location. 4 Click Save. Migrating WebEx Connect The Migration tab allows you to set and control Migration settings WebEx Connect users. For example, users who belong to Acme Inc. use their business email address ending with @acme.com to register for WebEx Connect Guest Edition. Later, Acme Inc. purchases WebEx Connect. Acme Inc. wants to control WebEx Connect users. The administrator can view the list of WebEx Connect users who existed before the WebEx Connect purchase and can migrate their accounts into the organization. Users receive an email notification with a link allowing them to reset their password. The users are then migrated into the WebEx Connect organization. All space information and other data is carried over with the user account. Users who do not receive or accept the email invitation, are denied access to WebEx Connect. The email invitation looks something like this: 27

The administrator has exclusive control over the domain names used in Connect, configuration, and migration of users. Without administrator provisioning, users cannot use WebEx Connect team collaboration features. To configure WebEx Connect migration policy: 1 Click the Migration tab.. The Migration screen appears 2 Enter the information in the settings fields. 28

Using the Policy Editor You can set user policies for each group for using WebEx Connect features, such as transferring files between users and allowing users to share their desktop. A named action can be allowed or denied as the result of an assigned policy. A policy determines whether a user action is allowed or not. The Org Administrator assigns users to groups and then policies are applied to the groups. The policies determine which privileges are available to WebEx Connect users. WebEx Connect includes several default system-level policies that cannot be modified. You need to collect several pieces of information about the domains you administer. Additionally, you need to review the details about WebEx Connect features. This helps you set the policies appropriately. Note: You cannot set policies at the user level. The policies you set apply to all users of the group you select. Understanding the collaboration features WebEx Connect provides several collaboration features. By applying policies, you can turn these features on or off or limit their usage to users within the domain or enable features outside the domain. For a more detailed list of actions, see the Action Editor within the Policy Editor in the WebEx Connect Admin Console. Feature IM VoIP Video Desktop Share Description Instant messaging is a communication system that allows users to send and receive messages from colleagues. Use these settings to configure internal and external instant messaging and support for AES, SSL, or no encoding for instant messaging. Voice over Internet Protocol (VoIP) is phone service over the Internet. If you have a reliable and fast Internet connection, you can receive phone calls through your Internet connection instead of through your local phone company. Use these settings to configure internal and external VoIP. Adds video to one-on-one voice conferences.use these settings to configure internal and external Video. Using this feature, users share the contents of your computer screen with someone. Use these settings to configure internal and external desktop sharing. Desktop share features: Share any application with a guest. The guest does not need to have that particular program installed Give control of the mouse to the guest Ask the guest to share his or her desktop 29

File Transfer IM Catcher Workspaces Archiving Automatic Updates With this feature, users can send and receive files from a contact during an IM session. Use these settings to configure internal and external file transfers. Also, you can enable file transfer virus scans. Message filtering feature to catch instant messages from unknown senders. Use these settings to configure IM Catcher for internal and external communications. Workspaces are used to organize and share information, documents, and conversations. Use these settings to configure use of workspaces, including joining and inviting others to join workspaces. Use these settings to enable local archiving of files and instant messages. Use these settings to enable automatic installation of WebEx Connect updates. Using the Policy Editor Use the WebEx Connect Admin Console to set policies for the domains you administer. You can set different policies for each group and make changes to your policies at any time. ADDING POLICIES To add or edit policies: 1 Click the Policy Editor tab. The Policy List appears. 2 Click the Add button to add a new policy. New Policy appears as the policy name. Enter a unique name for the policy. 3 To add Actions for this policy, see Adding actions to a policy. 4 Check the Applied box for the policy you want to apply. ADDING ACTIONS TO A POLICY To add actions to a policy: 1 Click the Policy Editor tab. The Policy List appears. 30

2 Select the Policy Name to which you want to add actions. 3 To add actions, click on the Add Action button under the Action List. The Action Editor screen appears. 4 Select an action from the Action Tag Name dropdown list. The list of available action tags appears. For more information on these actions, see Understanding the Collaboration Features. 5 Select options to configure actions from the dropdown lists under the Action Details Configuration section. 6 Set the Element Description Type for each action as True or False. 31

7 Click Save. 8 Check the Applied box for the policy you want to apply. This applies to the entire organization. APPLYING POLICIES TO GROUPS To apply policies to a group: 1 Click the Group tab. The Policy List appears. 2 Enter the group name to find in the Group Name field. 3 Select the group name in the Search Results. 4 Click the Applied checkbox for the policies you want to apply to this group. Disabling Connect Spaces If you do not want users to access WebEx Connect Spaces, you can turn off the space feature by creating a policy. To disable Connect Spaces: 1 From the Policy tab, create a new policy (for example, Disable Spaces). 2 Create a new action for the policy by selecting Workspace Feature from the Action Tag Name dropdown list. 3 Set the Action Details Configuration to the following settings: Action Node Type Term Element Element Type False. 4 Click Save to save this policy. 32

5 Activate the policy by checking the Applied box next to the new policy in the Policy List. 6 To apply the policy to the group, click on the Group tab. 7 Search for a Top Level Group (by default, it is the name of the organization, for example, WEBEX in the following image). 8 Select the name of the organization in the Top Level Group and click the Applied checkbox next to the policy name. Disabling Auto Upgrade Org Administrators can create a policy that prevents user from being prompted about optional upgrades of WebEx Connect. For more information on creating policies, see Using the Policy Editor. To create a policy to disable auto upgrading: 1 From the Policy tab, create a new policy (for example, Disable Auto Upgrade). 2 Create a new action for the policy by selecting Automatic Updates from the Action Tag Name dropdown list. 3 Set the Action Details Configuration to the following settings. 4 Click Save to save this policy. 5 Activate the policy by checking the Applied box next to the new policy in the Policy List. 6 To apply the policy to the group, click on the Group tab. 7 Search for a Top Level Group (by default, it is the name of the organization, for example, WEBEX in the following image). 33

8 Select the name of the organization in the Top Level Group and click the Applied checkbox next to the policy name. 34

Single Sign On and Directory Integration This chapter includes information on the following: Single Sign-On (SSO) Directory Integration Single Sign-on In the standard configuration of WebEx Connect, the user s log in name and password are independent from the authentication credentials used by their corporation. This requires users to remember another set of log in credentials. Org Administrators also have to manage a separate set of user accounts. Single Sign-On (SSO) allows companies to use their on-premise SSO system to simplify the management of WebEx Connect. With SSO, users securely log in to WebEx Connect using their corporate log on credentials. The user s log on credentials are not sent to Cisco, which protects the user s corporate log on information. As an SSO configuration option, user accounts can be automatically created the first time a user logs into WebEx Connect. SSO also prevents users from accessing WebEx Connect if their corporate log in account is deactivated. WebEx Connect supports SSO systems based on the industry standard SAML protocol. Contact InterCall for more information on which SSO systems are supported and to determine the steps for setting up your company s SSO system to work with WebEx Connect. SINGLE SIGN-ON REQUIREMENTS The following items are required when implementing SSO with WebEx Connect: Your company must have a Single Sign-On system that is SAML 2.0 compliant or meets the WS Federation 1.0 standard. You must provide a corporate X.509 public key certificate to be imported into the WebEx Connect Admin Console. SAML assertions sent to the WebEx Connect system are signed with the certificate s private key. Your SSO system needs to be configured to provide a SAML assertion with the user account information and SAML system IDs needed by the WebEx Connect system. Provide the URL for the corporate SSO service to be entered in the WebEx Connect Admin Console. Users must install the WebEx Connect client with a command to configure the client for SSO and identify the name of your organization. SINGLE SIGN-ON CONFIGURATION OF THE ADMIN CONSOLE 35

The WebEx Connect Admin Console allows the administrator to configure single sign-on settings modify the security settings and certificates for WebEx Connect. 1 Click the Configuration tab. The Configuration screen appears. 2 Scroll down to Security Settings. 3 Click the Org Certificate Management link. This page is used to import your company s X.509 certificate. Complete these steps: a. In the Alias field, enter the company s Connect org name. b. Click Select File to select the certificate to import and click Import Certificate. 4 Click the WebEx Certificate Management link. This page is used to generate a WebEx certificate to export to your SSO system. Complete these steps: a. In the Alias field, enter your company s Connect org name. b. Enter a Valid for time in days. c. Click Generate WebEx Certificate. d. Export the certificate and import it to your corporate SSO system. 5 Click Federated Web SSO Configuration This page is used to configure SSO for WebEx Connect. Enter the following: a. WebEx SAML Issuer: ID that identifies Cisco to the SSO server. The ID is returned in the SAML assertion. 36

b. Issuer for SAML: ID that identifies the issuer of the SAML assertion. The ID is returned in the SAML assertion. c. Customer SSO Service Login URL: URL for your company s SSO service. d. Click Save. EXAMPLE FOR INSTALLING WEBEX CONNECT CLIENT FOR SSO When SSO is enabled, the WebEx Connect client must be installed with a command specifying the org name. This enables SSO in the client and identifies the org to be used for SSO. Use the following example for installing the WebEx Connect client: 1 Example for installing the MSI file: msiexec.exe /i filename.msi SSO_ORG_NAME=OrgName 2 Example for installing the.exe file: filename.exe SSO_ORG_NAME=OrgName Directory Integration In the standard configuration of WebEx Connect, user information comes from multiple sources. The Org Administrator manages user accounts, users add their own information to their user profile and the Microsoft Outlook Address Book is used to add IM contacts and invite users to spaces. Directory integration allows companies to integrate their corporate directory with WebEx Connect. This integration provides a single source of user data across the WebEx Connect system, providing several benefits: Accounts are automatically provisioned and updated from the corporate directory data The corporate directory data is used to add IM contacts and invite members to spaces. A friendly display name can be specified for users. The user s display name appears in the contact list and space instead of their screen name. 37