Getting Started & Deployment Best Practices
|
|
- Scarlett Beasley
- 6 years ago
- Views:
Transcription
1
2 Contact Center Enterprise SSO Getting Started & Deployment Best Practices Mudit Mathur (mudmathu), Technical Solutions Manager, Engineering
3 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot# 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
4 Agenda What s Single Sign-On (SSO)? Active Directory Federation Services (ADFS) o Identity Provider (IdP) SSO Support for Contact Center o Cisco Identity Server (IdS) SSO Message Flow UI/UX Walkthrough + Demo Best Practices, Tools, and Troubleshooting Summary and Q & A
5 Account: Username and Password 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
6 Multiple Accounts and Passwords Application 1 Application 2 Application Cisco and/or its affiliates. All rights reserved. Cisco Public 6
7 Multiple Attack Vectors Data Breach Application 1 Application 2 Application Cisco and/or its affiliates. All rights reserved. Cisco Public 7
8 The Problem With Passwords That s amazing! I ve got the same combination on my luggage! ~President Skroob 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
9 Managing Multiple Accounts and Passwords OK, I made this one up but this one s for real, y all Create a NEW password: Enter a new password for some.application.service.com. Your password must be at least eight but not more than nine characters long. It must contain one number and two letters, one upper case and one lower case. It must have the 2 nd letter of your childhood best friend s grandfather s dog s name. It must not contain a human name. It must contain the 6 th, 23 rd, 11 th, 4 th, and 9 th letters from Supercalifragilisticexpialidocious Cisco and/or its affiliates. All rights reserved. Cisco Public 9
10 Remembering Multiple Accounts and Passwords 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
11 Current Contact Center Interfaces Finesse CUIC ECE Media Sense CCE Administration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
12 A Common, Trusted Identity Is Needed Finesse CUIC EIM WIM SSO, please! Media Sense ISE CCE Administration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
13 Dude, Where s My Identity? Contact Center Users o System administrators o Serviceability users o Reporting users o Agents and supervisors Identity Storage o Database (SQL, Informix) o Active Directory / LDAP Authentication Methods o JDBC / ODBC o LDAP Administrators, Agents and Supervisors Finesse SQL UCCE Active Directory UCCX Informix Media Sense CUCM AXL 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
14 Defining Single Sign-On - Definition Single Sign-on (SSO) is a session/user authentication process that permits a user to provide credentials only once in order to access multiple applications. The process authenticates the user for all the applications they have been given rights to and eliminates further security prompts when switching applications in a particular session. With SSO, the barriers for deploying stronger authentication are much lower. With Single Sign On (SSO) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
15 Multiple Attack Vectors Data Breach Single sign-on account is less exposed and strongly protected CRM Hackers prefer the most vulnerable vectors Larger attack surface Smaller attack surface Biometrics Enforcement o Multi-factor authentication 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
16 Defining Single Sign-On - Protocols Available SSO Services and Protocols o o +25 flavors to choose from Security Assertion Markup Language (SAMLv2) o XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. o User authentication via either an external or internal Identity Provider (IdP) Open Authorization (OAuthv2) o Open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. o User authorization to resources (e.g. Finesse, CUIC) through an Identity Service (IdS) o Performs intra-token exchange and management of service providers/resources 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
17 Defining Single Sign-On Authentication and Authorization Authentication Authentication is the process of verifying that "you are who you say you are" This is your Identity Provider (IdP) Authorization Authorization is the process of verifying that "you are permitted to do what you are trying to do" This is your Cisco Identity Service (IdS) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
18 Defining Single Sign-On - Components Browser Session Federated Identity Services Service Provider / Resources OAUTH Cloud SAMLv2 Docs Identity Provider (IdP) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
19 You ve Been Using SSO XYZ Company Single Sign-on Services Trust Google / Facebook vouches for you XYZ Company trusts Google / Facebook Information is shared ( , name, picture) Authorization to perform tasks 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
20 Summary and Review of Terms Single Sign-on Term/Concept SSO IdP SAML Cisco IdS OAuth Definition Single Sign-on. Providing credentials only once. Identity Provider. Provides Federated authentication. Where credentials live. SAMLv2 XML-based, open-standard data format for exchanging authentication Cisco Identity Service. Provides Federated authorization using OAuth. Open standard protocol for authorization through resource token exchange Cisco and/or its affiliates. All rights reserved. Cisco Public 20
21 Active Directory Federation Services
22 Federation Services Federated Services allows for a single authentication credential--user ID and password, smart card, one-time password token or a biometric device--to access multiple or different systems within a single organization. A federated identity management system provides single access to multiple systems across different enterprises. : What is Federation or to be federated? o A trust process joining two distinct networks based upon a shared standard for access o Allowing users to send messages from one network to the other. o Does not imply that users can operate on both networks. o Example: In 2009, Google allowed Gmail users to log onto their AOL IM from Gmail but this didn t allow you to send messages from Google (Gtalk) to the AIM application Cisco and/or its affiliates. All rights reserved. Cisco Public 22
23 Microsoft Active Directory Federation Services Microsoft Active Directory Federation Services (ADFS or AD FS), a software component developed by Microsoft, can run on Windows Server operating systems to provide users with single sign-on access to systems and applications located across organizational boundaries. o This is your Identity Provider (IdP) o This is where your identity is authenticated (username, password, biometrics, etc.) o Third-party provided or in-house Active Directory Trusts vs. Federated Trust o Active Directory trusts such as external, 2-way, transitive, Forest (root), etc. are connected trusts. Meaning, there s constant data flow between two networks. o Federated trusts such as Relying-Party and Claims Provider are non-connected trusts. Expected token exchange formats are pre-defined between two networks via certificate and metadata exchange Cisco and/or its affiliates. All rights reserved. Cisco Public 23
24 Microsoft ADFS Protocols MS Federation Services Protocols o WS-Fed o SAML (Security Assertion Markup Language) o SOAP (Simple Object Access Protocol) o XML o WSDL (Web Services Description Language) o UDDI (Universal Description, Discovery and Integration) Federation Services Protocols Defines How Authentication Tokens/Claims Are Handled Across Federated Services o Federated trusts are a conduit for exchanging tokens/claims Cisco Contact Center SSO Uses SAML Authentication Protocol Multi-Factor Authentication Support in ADFS, Must Provide SAMLv2 Assertion 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
25 Summary and Review of Terms AD Federation Term/Concept Federation (IT) ADFS Trusts Relying-Party Trust ADFS Claim Definition Joining two distinct networks based upon a shared standard for authentication and access. Active Directory Federation Services. A software component developed by Microsoft running on Windows Server OS to provide users with single signon access to systems and applications located across organizational boundaries. Active Directory trusts are connected while Federated trusts are nonconnected. Built on claims. A relying party (RP) application consumes the tokens issued by a Security Token Service (STS) and extracts the claims from tokens to use them for identity related tasks. A statement an entity makes about itself in order to establish access. When you build an application that relies on claims, you are building claims aware applications and claims-based applications Cisco and/or its affiliates. All rights reserved. Cisco Public 28
26 SSO Comes to the Contact Center
27 Welcome Cisco Contact Center SSO! v11.6 Single Sign-On capability for Agents and Supervisors 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
28 Supported Identity Providers (IDP) Version 11.6 Roadmap We want YOU to make it happen 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
29 Contact Center SSO Specifications Unified Contact Center Enterprise o concurrent agents and supervisors (4000 in Ver. 11.5) o Deployment options: Non-SSO, Full-SSO, or Hybrid Packaged Contact Center Enterprise o Up to 2000 concurrent agents and supervisors (max. system limit) o Deployment options: Non-SSO, Full-SSO, or Hybrid HCS Contact Center Contact Director (Initial) Support for Agents and Supervisors only o Up to concurrent agents and supervisors per Instance. 24k Max o Deployment options: Non-SSO, Full-SSO, or Hybrid 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
30 Contact Center SSO Specifications CUIC login supported ECE gadget login supported MediaSense Search and Play gadget supported SocialMiner supported Cloud-based gadgets authenticate in the cloud, not against ADFS o Cisco Context Service o ECE Solve egain ECE gadget leverages JavaScript DK libraries located in the Finesse container o Currently not opened for general 3 rd party gadgets requires IdS registration NOTE: Customized Finesse Desktops via the API currently support SSO capability Cisco and/or its affiliates. All rights reserved. Cisco Public 33
31 UCCE Identity Server
32 UCCE SSO Cisco Identity Server (IdS) Cisco VOS Appliance OAuth Session and Token Management Across UCCE SSO Components Two-Node Redundant Cluster Deployment o Primary/Secondary Active/Active o Latency: 80ms RTT o Connects to ONLY one IdP Where s My IdS? o UCCE Co-resident on CUIC/LiveData servers or on separate VM hosts o PCCE Co-resident on CUIC/LiveData servers o UCCX Embedded with the CC application Remote Data Center (Global) Deployment Will Be Supported in Future Release 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
33 UCCE SSO Cisco Identity Server (IdS) Server Log On: Provides OAuth Federation of SP s o E.g. Finesse, CUIC, Principle AW 80MS RTT IdS IdS idsclientlib SSO Valve CC Applications 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
34 Defining Single Sign-On - Components Remember This Slide From Earlier? Browser Session Federated Identity Services Service Provider / Resources OAUTH Cloud SAMLv2 Docs Identity Provider (IdP) 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
35 Where The Cisco Identity Server (IdS) Sits Browser Session Federated Identity Provider (IdP) Federated Identity Service (IdS) Service Provider / Resources SAMLv2 IdP IdS OAuth CUIC ECE Relying-Party Trust MediaSense 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
36 Cisco Identity Server (IdS) Setup Step 1 of 4 1. Establish Trust Relationship Between IdP and Cisco IdS o Perform metadata exchange Download IdP metadata: Server>/federationmetadata/ /federationmetadata.xml Download Cisco IdS metadata: sp.xml 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
37 Cisco Identity Server (IdS) Setup - Step 2 of 4 2. Exchange metadata with the ADFS Identity Provider, IdP Import data about the relying party (Cisco IdS s sp.xml) resource into ADFS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
38 Cisco Identity Server (IdS) Setup - Step 3 of 4 3. Exchange metadata with the Cisco Identity Server, IdS Import the IdP federationmetadata.xml into the Cisco IdS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
39 Cisco Identity Server (IdS) Setup - Step 4 of 4 4. Test Cisco IdS SSO Setup 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
40 Cisco Identity Server (IdS) Setup - Step 4 of 4 Enter any ADFS UPN user account located on the IdP to generate a SAML assertion across the relying-party trust Cisco and/or its affiliates. All rights reserved. Cisco Public 43
41 Cisco Identity Server (IdS) Setup - Step 4 of Cisco and/or its affiliates. All rights reserved. Cisco Public 44
42 UCCE SSO UX Walkthrough Cisco IdS o o o o Refresh Token Expiry: Long-lived token used to obtain a new or renewed access token. CCE/IdS will issue a new token upon expiry. Authorization Code Expiry: Maximum time which the users must present the authorization code to the IdS server to get the OAuth tokens (access token & refresh token) for resource access. Access Token Expiry: Short-lived token that provides access to a resource. CCE uses a reference token whereas this token requires validation between the IdS and protected resource (Finesse, CUIC). Encrypt Token: Encrypts tokens using AES-128 CBC HMAC SHA-256 AES + CBC provides strong encryption HMAC + SHA-256 provides complex hashing 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
43 UCCE SSO UX Walkthrough Cisco IdS Use only for troubleshooting and/or re-creating the relying-party trust between ADFS IdP and Cisco IdS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
44 SSO Messaging and Event Flow
45 Finesse User IdS IdP SAML & Oauth flow for achieving SSO in Finesse with IdS 1 (1) Agent/Supervisor accesses the Finesse desktop URL 3 2 4b 4a (2) Finesse detects that authentication mode is SSO and redirects the browser to IDS (3) Browser sends the redirect authorize request to IDS. (4a) IdS detects user has invalid access token (4b) IdS redirects the browser to Idenity Provider (IdP) 4c (4c) Browser sends SAML GET to IdP 5a (5a) IdP provides login page for authenticating the user (5b) User enters their credential 5b (6a) IdP sends SAML assertion back to browser which has UID, IdP Cookie 6b 6a (6b) Browser sends SAML assertion to the IdS (6c) IdS validates SAML assertion, creates the access token & authcode and sends back to the Browser 7 8 6c (7) Browser issues GET of the Finesse desktop with access token (8) Finesse gets the access token and validates it with IdS (9) IdS sends back that token is valid 10 9 (10) Finesse checks user role and provides user access to resource 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
46 ECE Gadget in Finesse Interaction diagram ECE Gadget Finesse Browser IdS IdP ECE Service GetToken() ECE Req with Token GET /userinfo (token validation) OK userid (token validation) ECE response Role based access control +Cache 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
47 UX Walkthrough + Demo
48 CCE SSO UX Walkthrough Configuration Log in to CCE Web Administrator: Configure Single Sing-on Register CCE components Configure agents/supervisors Test SSO functionality across CCE components Set SSO type View current CCE SSO status 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
49 CCE SSO UX Walkthrough Configuration Register CCE Components UCCE - Manual Registration PCCE Auto Registration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
50 CCE SSO UX Walkthrough Configuration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
51 CCE SSO UX Walkthrough Configuration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
52 CCE SSO UX Walkthrough Configuration Cisco IdS Is Ready! Set The SSO Mode Non-SSO: Nothing changes. Hybrid: Designate SSO Agent/Supervisors. Non-SSO users may still log in via legacy username and password stored in CCE DB. SSO: All Agents/Supervisors must use UPN for login. All users will authenticate against Active Directory Max. UCCE SSO Users: Max. PCCE SSO Users: Cisco and/or its affiliates. All rights reserved. Cisco Public 55
53 CCE SSO UX Walkthrough Enable SSO Users Packaged CCE UCCE SSO Enabled: Users authenticate with ADFS SSO Not Enabled: Users authenticate with Finesse through AW DB 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
54 Non-SSO Deployment No experience change 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
55 UCCE SSO UX Walkthrough Cisco Finesse 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
56 Hybrid UCCE SSO Deployed Non-SSO User SSO User 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
57 UCCE SSO UX Walkthrough Cisco Finesse SSO user requires UPN username UCCE resources (Finesse, CUIC, etc) will never know or ask for user password! 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
58 SSO Deployed Must Use UPN For All CCE AD Account Logins 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
59 UCCE Agent Authentication Flow Non- SSO vs. SSO Demonstration
60 Non-SSO Agent Log In Demonstration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
61 SSO Enabled Agent Log In Demonstration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
62 SSO Enabled Supervisor Log In Demonstration 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
63 Best Practices and Troubleshooting
64 Planning For SSO In The Contact Center Understand The Deployment Options o CCE allows hybrid deployment but be aware of these Remote resources located outside the datacenter that contains the IdS is not supported. The move to SSO for an agent / supervisor is ONE-WAY. No tool for SSO Non-SSO! o CCX does not allow hybrid deployment SSO is enabled or disabled globally Active Directory Users Must Use UPN Username For Sign-On o E.g. username@cisco.com required for ALL CCE users, even non-sso! o This means Web Administrators as well even though they are not SSO enabled Migration Tool o No migration tool for CCX users. Current users (agents / supervisors) authenticating through CUCM DB via AXL will need to be recreated in ADFS and reconfigured in AppAdmin o Bulk migration tool IS provided for CCE users. CSV file provided via CCE WebAdmin 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
65 Planning For SSO In The Contact Center CCE Bulk Migration Tool Web Admin 1 Export UserName, FirstName, lastname, newusername 2 CSV File 3 Import (1) Download a list of Agents/Supervisor that are not SSO enabled (filtering by peripheral and team) as a CSV file (2) Update the list with their new SSO names ( addresses) 4 (3) Bulk import the list to apply the changes (4) Contact IdP admin to update the IdP with those users and add the appropriate credentials based on their policies in place Cisco and/or its affiliates. All rights reserved. Cisco Public 68
66 Planning For SSO In The Contact Center CCE Bulk Migration Tool Example Column Name username firstname lastname newusername Description The person's old non sso user name The person's first name. The person's last name. The new sso user name UserName, FirstName, lastname, newusername CSV File ssomigration.csv 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
67 CCE SSO Account Administrative Considerations Single Or Bulk Authentication (Credential) Management o Identity Provider (IdP) defines administration capabilities. o Identity Provider (IdP) must run Windows ADFS + SAMLv2 SSO Enabled Users Credentials Are Managed Within The IdP Non-SSO Enabled Users Credentials Continued To Be Managed Within CCE Changing A User s SSO Credential While Logged In o Periodic heartbeat between user s browser and IdP will update the SAML assertion token, however o Contact Center applications will continue to remain authorized for the user through OAuth token rules provided within the Cisco Identity Server (IdS) There s no active synchronization between IdP and IdS Authorization is updated the next time the user logs in or when the OAuth token expires based on values YOU set within the IdS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
68 Leveraging SSO In Multi-Forest Environments Microsoft Active Directory Multi-Forest Deployments CCE Still Only Supports a Single AD Forest Deployment Topology o AD trusts between forests are NOT supported o If you have Agents and Supervisors located across multiple Forests, you can leverage SSO to Federate these users! Root OU Cisco_ICM UCCE Servers Forest 1 X Forest 2 CCE Users X Agents and Supervisors CCE Users Config, Setup, Agents, Supervisors CCE Users X Agents and Supervisors 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
69 Leveraging SSO In Multi-Forest Environments SUPPORTED! Microsoft Active Directory Multi-Forest Deployments o Install ADFS servers between forests o Create relying-party trusts o Perform simple DNS forwarding to allow users across forests to access CCE URL s Root OU Cisco_ICM UCCE Servers Forest 1 ADFS Relying-Party Trust ADFS Forest 2 CCE Users Agents and Supervisors CCE Users Config, Setup, Agents, Supervisors CCE Users Agents and Supervisors 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
70 Hurray For Federation Services! Single Sign-On capability for Agents and Supervisors 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
71 Other Design Considerations CUCM, CCMP, CCDM, VIM Are SSO Supported o CUCM supports direct ADFS IdP integration via LDAP/Kerberos o CCMP or VIM supports SSO for Administrator logins and provide their own IdS that ONLY integrates with and ADFS 3.0 IdP o A single IdP may be used Third-Party Applications (Gadgets) Does Not Presently Support SSO IdS (OAuth) Token Expiry Is 10 hrs By Default o Remember to adjust both the Refresh and Access token timers to suit your needs Users Across Multiple Domains May Be Handled By IdP via ADFS Farm o This means that Cisco Contact Center and IdS are transparent to the Federation setup. o IdS will simply request Authentication to the trusted IdP (only one IdP is supported). Federation happens behind the ADFS IdP! 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
72 Troubleshooting SSO Debugging Tools Collect IdS Logs o Cisco Unified System CLI Server Side o Cisco Unified Real-time Monitoring Tool (RTMT) ADFS Event Log o Diagnose Relying Party trust issues o Diagnose Federated Token failures o Correlate and trace ActivityID s with CallerID s to claim values 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
73 Troubleshooting SSO Debugging Tools Cisco Identity Server (IdS) Logging o Dynamic o Default: Info o Debug and Trace for more detail o Use Trace ONLY if advised by Cisco TAC Server Side 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
74 Troubleshooting SSO Debugging Tools SAML Tracer For Firefox Client Side o Browser add-on and essential debugging tool for SAML developers o Captures SAML authentication requests and responses during the SSO login process. o Cisco and/or its affiliates. All rights reserved. Cisco Public 77
75 Troubleshooting SSO Debugging Tools Client Side SAML Message Decoder For Chrome o Chrome extension that captures SAML authentication requests and responses during the SSO login process. o Cisco and/or its affiliates. All rights reserved. Cisco Public 78
76 Troubleshooting SSO Debugging Tools Client Side SAML Message Decoder For Internet Explorer o Good ol HTTP Watch o You may also want to try Fiddler Web Debugger Cisco and/or its affiliates. All rights reserved. Cisco Public 79
77 Troubleshooting SSO Unified System CLI Log Collection How to Collect CUIC IdS Logs o show trace devicetype cuic absdatetime MM-DD-YYYY:hh:hh MM-DD-YYYY:hh:hh Collects specified date/time range o show trace devicetype cuic Collects past 24 hours by default 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
78 Troubleshooting SSO RTMT Log Collection How to Collect CUIC IdS Logs o Keep clicking on Next to navigate to Cisco Identity Service 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
79 Troubleshooting SSO RTMT Log Collection Recommended Logs to Collect From the Cisco IdS 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
80 Troubleshooting SSO SAML Tracer 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
81 Troubleshooting SSO SAML Tracer 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
82 Troubleshooting SSO SAML Tracer Event Flow Initial Finesse Login Request 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
83 Troubleshooting SSO SAML Tracer Event Flow Initial Finesse Login Request No valid access token, redirect to IdP 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
84 Troubleshooting SSO SAML Tracer Event Flow Initial Finesse Login Request No valid access token, redirect to IdP IdP login page 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
85 Troubleshooting SSO SAML Tracer Initial Finesse Login Request No valid access token, redirect to IdP IdP login page SAML assertion 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
86 Troubleshooting SSO SAML Tracer Initial Finesse Login Request No valid access token, redirect to IdP Redirect back to Finesse with authorization code to IdS IdP login page SAML assertion 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
87 Troubleshooting SSO SAML Tracer Initial Finesse Login Request No valid access token, redirect to IdP Redirect back to Finesse with authorization code to IdS Agent enters their extension IdP login page SAML assertion 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
88 Troubleshooting SSO Cisco IdS Logs Disable Cisco IdS token encryption User requesting Finesse access and Finesse checking OAuth token with the IdS Refresh and access tokens are not valid, IdS redirects user to IdP 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
89 Troubleshooting SSO Cisco IdS Logs This is the SAML request sent to the IdP Here is the SAML response relayed to the Cisco IdS This is the SAML cookie! You can view this cookie in SAML Tracer under the HTTP tab 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
90 Troubleshooting SSO Cisco IdS Logs Lastly, the Cisco IdS creates the OAuth tokens for resource access Resource Access Granted! 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
91 Troubleshooting SSO Summary Identify Components Involved o User Cisco Identity Server (IdS) ADFS Identity Provider (IdP) SAML Tracer for End-User Logging o Provides HTTP (GET, POST) and SAML exchanges Cisco CCE Unified System CLI / RTMT o Pull CUIC IdS logs Microsoft Windows AD FS Event Logs o Capture ADFS logs Parameters For Event Tracing o client_id token refresh-token access-token o Let SAML Tracer parameters be your guide! SAML for dummies Cisco and/or its affiliates. All rights reserved. Cisco Public 94
92 References and Session Summary
93 Contact Center SSO References Differences Between Federation and SSO UCCE Configuration Guide Configuring IdP and IdS terprise/icm_enterprise_11_5_1/configuration/guide/ucce_bk_u882d859_00_uccefeatures-guide/ucce_bk_u882d859_00_ucce-features-guide_chapter_0110.pdf Learn More About Microsoft AD FS Microsoft AD FS Multi-Factor Authentication Support Cisco and/or its affiliates. All rights reserved. Cisco Public 96
94 Contact Center SSO Summary First Supported in Contact Center 11.5(1) Reduce Your Attack Surface o Lessens the frequency of password exchanges o Secure tokens o SAML for authentication OAUTH for authorization Log In Once, Access Multiple Resources IdP Must Support SAMLv2 Running ADFS o Server 2008, 2012, and 2012 R2 IdS OAUTH Federation Provides Secure Token Exchange o Allows multiple resource access IdP Federation Avoids the Need to Create AD Trusts Federate Agent and Supervisor Logins Across Multiple AD Forests 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
95 Q & A 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
96 Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot# 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
97 Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at Cisco and/or its affiliates. All rights reserved. Cisco Public
98 Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tech Circle Meet the Engineer 1:1 meetings Related sessions 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
99 Thank you
100
SAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationConfigure the Identity Provider for Cisco Identity Service to enable SSO
Configure the Identity Provider for Cisco Identity Service to enable SSO Contents Introduction Prerequisites Requirements Components Used Background Information Overview of SSO Configuration Overview Configure
More informationCloud Secure Integration with ADFS. Deployment Guide
Cloud Secure Integration with ADFS Deployment Guide Product Release 8.3R3 Document Revisions 1.0 Published Date October 2017 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose CA 95134 http://www.pulsesecure.net
More informationUnity Connection Version 10.5 SAML SSO Configuration Example
Unity Connection Version 10.5 SAML SSO Configuration Example Document ID: 118772 Contributed by A.M.Mahesh Babu, Cisco TAC Engineer. Jan 21, 2015 Contents Introduction Prerequisites Requirements Network
More informationUnified Communications Manager Version 10.5 SAML SSO Configuration Example
Unified Communications Manager Version 10.5 SAML SSO Configuration Example Contents Introduction Prerequisites Requirements Network Time Protocol (NTP) Setup Domain Name Server (DNS) Setup Components Used
More informationFinesse APIs: Getting started with the REST APIs and XMPP events
Finesse APIs: Getting started with the REST APIs and XMPP events Denise Kwan, Software Engineer @ DevNet Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1.
More informationUnified Contact Center Enterprise (UCCE) Single Sign On (SSO) Certificates and Configuration
Unified Contact Center Enterprise (UCCE) Single Sign On (SSO) Certificates and Configuration Contents Introduction Requirements Components Used Part A. SSO Message Flow Part B. Certificates Used in IDP
More informationConfiguration Guide - Single-Sign On for OneDesk
Configuration Guide - Single-Sign On for OneDesk Introduction Single Sign On (SSO) is a user authentication process that allows a user to access different services and applications across IT systems and
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Task Flow, page 5 Reconfigure OpenAM SSO to SAML SSO Following an Upgrade, page 9 SAML SSO Deployment Interactions and Restrictions, page 9 Prerequisites NTP
More informationCONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE
GUIDE MARCH 2019 PRINTED 28 MARCH 2019 CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE VMware Workspace ONE Table of Contents Overview Introduction Audience AD FS
More informationQuick Start Guide for SAML SSO Access
Quick Start Guide Quick Start Guide for SAML SSO Access Cisco Unity Connection SAML SSO 2 Introduction 2 Understanding Service Provider and Identity Provider 2 Understanding SAML Protocol 3 SSO Mode 4
More informationFive9 Plus Adapter for Agent Desktop Toolkit
Cloud Contact Center Software Five9 Plus Adapter for Agent Desktop Toolkit Administrator s Guide September 2017 The Five9 Plus Adapter for Agent Desktop Toolkit integrates the Five9 Cloud Contact Center
More informationQuick Start Guide for SAML SSO Access
Standalone Doc - Quick Start Guide Quick Start Guide for SAML SSO Access Cisco Unity Connection SAML SSO 2 Introduction 2 Understanding Service Provider and Identity Provider 3 Understanding SAML Protocol
More informationCisco Finesse. The Next Generation Agent Experience. Ted Phipps Sr. Manager, CCBU Product Management
Cisco Finesse The Next Generation Agent Experience Ted Phipps Sr. Manager, CCBU Product Management Chris Del Grande Member of Technical Staff, Cisco IT Cisco Spark Ask Question, Get Answers www.ciscospark.com
More informationADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration
IBISTIC TECHNOLOGIES ADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration Magnus Akselvoll 19/02/2014 Change log 26/06/2012 Initial document 19/02/2014 Added
More informationNXOS in the Real World Using NX-API REST
NXOS in the Real World Using NX-API REST Adrian Iliesiu Corporate Development Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationSetting Up the Server
Managing Licenses, page 1 Cross-launch from Prime Collaboration Provisioning, page 5 Integrating Prime Collaboration Servers, page 6 Single Sign-On for Prime Collaboration, page 7 Changing the SSL Port,
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationCLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationInstall and Configure the F5 Identity Provider (IdP) for Cisco Identity Service (IdS) to enable SSO
Install and Configure the F5 Identity Provider (IdP) for Cisco Identity Service (IdS) to enable SSO Contents Introduction Prerequisites Requirements Components Used Install Configure Security Assertion
More informationSAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1)
SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1) First Published: 2017-08-31 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706
More informationSmall Contact Center Agent Deployment Model
Small Contact Center Deployment, page 1 Small Contact Center Deployment The Small Contact Center (SCC) deployment model splits your contact center into shared and dedicated components. It provides several
More informationCLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationSAML-Based SSO Configuration
Prerequisites, page 1 SAML SSO Configuration Workflow, page 5 Reconfigure OpenAM SSO to SAML SSO After an Upgrade, page 9 Prerequisites NTP Setup In SAML SSO, Network Time Protocol (NTP) enables clock
More informationWebthority can provide single sign-on to web applications using one of the following authentication methods:
Webthority HOW TO Configure Web Single Sign-On Webthority can provide single sign-on to web applications using one of the following authentication methods: HTTP authentication (for example Kerberos, NTLM,
More informationAll about SAML End-to-end Tableau and OKTA integration
Welcome # T C 1 8 All about SAML End-to-end Tableau and OKTA integration Abhishek Singh Senior Manager, Regional Delivery Tableau Abhishek Singh Senior Manager Regional Delivery asingh@tableau.com Agenda
More informationVIEVU Solution AD Sync and ADFS Guide
VIEVU Solution AD Sync and ADFS Guide Introduction This guide describes how to operate the VIEVU Solution AD Sync utility and configure Active Directory Federation Services (ADFS). Additional support material
More informationConfiguration Tab. Cisco WebEx Messenger Administration Guide 1
Overview, page 2 Organization Information, page 2 Domain Information, page 3 Resource Management Information, page 4 URL Configuration, page 5 Security Settings, page 6 Directory Settings, page 8 Password
More informationD9.2.2 AD FS via SAML2
D9.2.2 AD FS via SAML2 This guide assumes you have an AD FS deployment. This guide is based on Windows Server 2016. Third Light support staff cannot offer assistance with 3rd party tools, so while the
More informationArcGIS Enterprise Administration
TRAINING GUIDE ArcGIS Enterprise Administration Part 3 This session touches on key elements of Portal for ArcGIS setup, configuration and maintenance techniques. Table of Contents Portal for ArcGIS...
More informationCloud Access Manager Configuration Guide
Cloud Access Manager 8.1.3 Configuration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide
More informationIntroduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...
Oracle Access Manager Configuration Guide for On-Premises Version 17 October 2017 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing
More informationSingle Sign-On. Non-SSO - Continue to use existing Active Directory-based and local authentication, without SSO.
, on page 1 Flow, on page 4 Installation, on page 4 Installation Task Flow for Cisco Identity Service, on page 4 Configure the Cisco Identity Service, on page 16 Configure an Identity Provider (IdP), on
More informationSetting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1
Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1 Setting Up Resources in VMware Identity Manager (On Premises) You can find the most up-to-date
More informationConfiguring Alfresco Cloud with ADFS 3.0
Configuring Alfresco Cloud with ADFS 3.0 Prerequisites: You have a working domain on your Windows Server 2012 and successfully installed ADFS. For these instructions, I created: alfresco.me as a domain
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationHybrid Cloud Automation using Cisco CloudCenter API
Hybrid Cloud Automation using Cisco CloudCenter API Ray Doerr, Advanced Services Engineer Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationCA SiteMinder Federation
CA SiteMinder Federation Legacy Federation Guide 12.52 SP1 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationIntroduction to application management
Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to
More informationMicrosoft ADFS Configuration
Microsoft ADFS Configuration Side 1 af 12 1 Information 1.1 ADFS KMD Secure ISMS supports ADFS for integration with Microsoft Active Directory by implementing WS-Federation and SAML 2. The integration
More informationContact Center Enterprise Solutions SSO Overview, Design, Deployment and CSDL Overview
Contact Center Enterprise Solutions SSO Overview, Design, Deployment and CSDL Overview Vipin Palawat BRKCCT-1041 Cisco Spark Ask Question, Get Answers Use Cisco Spark to communicate with the speaker during
More informationManage SAML Single Sign-On
SAML Single Sign-On Overview, page 1 Opt-In Control for Certificate-Based SSO Authentication for Cisco Jabber on ios, page 1 SAML Single Sign-On Prerequisites, page 2, page 3 SAML Single Sign-On Overview
More informationSingle Sign-On Showdown
Single Sign-On Showdown ADFS vs Pass-Through Authentication Max Fritz Solutions Architect SADA Systems #ITDEVCONNECTIONS Azure AD Identity Sync & Auth Timeline 2009 2012 DirSync becomes Azure AD Sync 2013
More informationOffice 365 and Azure Active Directory Identities In-depth
Office 365 and Azure Active Directory Identities In-depth Jethro Seghers Program Director SkySync #ITDEVCONNECTIONS ITDEVCONNECTIONS.COM Agenda Introduction Identities Different forms of authentication
More informationDeploying OAuth with Cisco Collaboration Solution Release 12.0
White Paper Deploying OAuth with Cisco Collaboration Solution Release 12.0 Authors: Bryan Morris, Kevin Roarty (Collaboration Technical Marketing) Last Updated: December 2017 This document describes the
More informationSetting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.8 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationConfigure Single Sign-On using CUCM and AD FS 2.0 (Windows Server 2008 R2)
Configure Single Sign-On using CUCM and AD FS 2.0 (Windows Server 2008 R2) Contents Introduction Prerequisites Requirements Components Used Download and Install AD FS 2.0 on your Windows Server Configure
More informationIntegrating YuJa Active Learning into ADFS via SAML
Integrating YuJa Active Learning into ADFS via SAML 1. Overview This document is intended to guide users on how to setup a secure connection between YuJa (the Service Provider, or SP) and ADFS (the Identity
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationUpgrade from a Standalone Deployment to a Coresident Deployment (Cisco Unified Intelligence Center with Live Data and IdS)
Upgrade from a Standalone Deployment to a Coresident Deployment (Cisco Unified Intelligence Center with Live Data and IdS) Upgrade from a Standalone to a Co-resident Deployment, on page 1 Set Deployment
More informationIntegrating the YuJa Enterprise Video Platform with ADFS (SAML)
Integrating the YuJa Enterprise Video Platform with ADFS (SAML) Overview This document is intended to guide users on how to setup a secure connection between the YuJa Enterprise Video Platform referred
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationO365 Solutions. Three Phase Approach. Page 1 34
O365 Solutions Three Phase Approach msfttechteam@f5.com Page 1 34 Contents Use Cases... 2 Use Case One Advanced Traffic Management for WAP and ADFS farms... 2 Use Case Two BIG-IP with ADFS-PIP... 3 Phase
More informationCHAPTER 1 PREFACE... 1
v CHAPTER 1 PREFACE... 1 Why I wrote this book... 1 Who this book is for?... 1 A brief history of UCCX... 2 What is UCCX... 3 Assumptions... 3 Reference Lab... 3 CHAPTER 2 INSTALLATION... 5 Preparation...
More informationSetting Up Resources in VMware Identity Manager
Setting Up Resources in VMware Identity Manager VMware Identity Manager 2.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationIntegrating YuJa Active Learning with ADFS (SAML)
Integrating YuJa Active Learning with ADFS (SAML) 1. Overview This document is intended to guide users on how to setup a secure connection between the YuJa Active Learning Platform referred to as the Service
More informationForgeRock Access Management Core Concepts AM-400 Course Description. Revision B
ForgeRock Access Management Core Concepts AM-400 Course Description Revision B ForgeRock Access Management Core Concepts AM-400 Description This structured course comprises a mix of instructor-led lessons
More informationesignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5
esignlive SAML Administrator's Guide Product Release: 6.5 Date: July 05, 2018 esignlive 8200 Decarie Blvd, Suite 300 Montreal, Quebec H4P 2P5 Phone: 1-855-MYESIGN Fax: (514) 337-5258 Web: www.esignlive.com
More informationBRKCOC-2399 Inside Cisco IT: Integrating Spark with existing large deployments
Inside Cisco IT: Integrating Spark with existing large deployments Jan Seynaeve, Sr. Collaborations Engineer Luke Clifford, Sr. Collaborations Engineer Cisco Spark How Questions? Use Cisco Spark to communicate
More informationIntegration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)
Integration Guide PingFederate SAML Integration Guide (SP-Initiated Workflow) Copyright Information 2018. SecureAuth is a registered trademark of SecureAuth Corporation. SecureAuth s IdP software, appliances,
More informationDATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz
Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz Osman Akagunduz Consultant @ InSpark Microsoft Country Partner Of The Year Twitter: @Osman_Akagunduz What s in this session The role of Azure
More informationCA SiteMinder. Federation Manager Guide: Legacy Federation. r12.5
CA SiteMinder Federation Manager Guide: Legacy Federation r12.5 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationFive9 Plus Adapter for Microsoft Dynamics CRM
Cloud Contact Center Software Five9 Plus Adapter for Microsoft Dynamics CRM Administrator s Guide September 2017 This guide describes how to install and configure the Five9 Plus Adapter for Microsoft Dynamics
More informationCertificates for Live Data Standalone
Certificates and Secure Communications, on page 1 Export Self-Signed Live Data Certificates, on page 2 Import Self-Signed Live Data Certificates, on page 3 Produce Certificate Internally, on page 4 Deploy
More informationAccess Management Handbook
Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)
More informationContents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29
Oracle Access Manager Configuration Guide 16 R1 March 2016 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 8 Installing Oracle HTTP Server...
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationCA SiteMinder Federation
CA SiteMinder Federation Partnership Federation Guide 12.52 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationSetting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager
Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager Setting Up Resources in VMware Identity Manager (SaaS) You can find the most up-to-date technical documentation
More informationYour API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests
DEVNET-1631 Your API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests Adam Kalsey, Spark Developer Relations Cisco Spark How Questions? Use Cisco Spark to communicate
More informationArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT
ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication
More informationGuide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1
Guide to Deploying VMware Workspace ONE DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationOkta Integration Guide for Web Access Management with F5 BIG-IP
Okta Integration Guide for Web Access Management with F5 BIG-IP Contents Introduction... 3 Publishing SAMPLE Web Application VIA F5 BIG-IP... 5 Configuring Okta as SAML 2.0 Identity Provider for F5 BIG-IP...
More informationAuthentication in the Cloud. Stefan Seelmann
Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources
More informationakkadian Provisioning Manager Express
akkadian Provisioning Manager Express Version 4.10.08 Release Notes July 11 th, 2017 Copyright and Trademarks: I. Copyright: This website and its content is copyright 2017 Akkadian Labs, LLC. All rights
More informationSingle Sign-On (SSO)Technical Specification
Single Sign-On (SSO)Technical Specification Audience: Business Stakeholders IT/HRIS Table of Contents Document Version Control:... 3 1. Overview... 4 Summary:... 4 Acronyms and Definitions:... 4 Who Should
More informationGuide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1
Guide to Deploying VMware Workspace ONE VMware Identity Manager 2.9.1 VMware AirWatch 9.1 Guide to Deploying VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware
More informationVMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2
VMware Identity Manager Administration MAY 2018 VMware Identity Manager 3.2 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationOracle Access Manager Configuration Guide
Oracle Access Manager Configuration Guide 16 R2 September 2016 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...
More informationFive9 Plus Adapter for NetSuite
Cloud Contact Center Software Five9 Plus Adapter for NetSuite Administrator s Guide April 2018 This guide describes how to install and configure the Five9 Plus Adapter for NetSuite, which enhances the
More informationImplement SAML 2.0 SSO in WLS using IDM Federation Services
Implement SAML 2.0 SSO in WLS using IDM Federation Services Who we are Experts At Your Service > Over 60 specialists in IT infrastructure > Certified, experienced, passionate Based In Switzerland > 100%
More informationQualys SAML & Microsoft Active Directory Federation Services Integration
Qualys SAML & Microsoft Active Directory Federation Services Integration Microsoft Active Directory Federation Services (ADFS) is currently supported for authentication. The Qualys ADFS integration must
More informationVMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Manager
VMware AirWatch - Workspace ONE, Single Sign-on and VMware Identity Table of Contents Lab Overview - HOL-1857-03-UEM - Workspace ONE UEM with App & Access Management... 2 Lab Guidance... 3 Module 1 - Workspace
More informationISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University
Identity Management and Federated ID (Liberty Alliance) ISA 767, Secure Electronic Commerce Xinwen Zhang, xzhang6@gmu.edu George Mason University Identity Identity is the fundamental concept of uniquely
More informationEXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS 03 EXECUTIVE OVERVIEW 05 INTRODUCTION 07 MORE CLOUD DEPLOYMENTS MEANS MORE ACCESS 09 IDENTITY FEDERATION IN
More informationColligo Console. Administrator Guide
Colligo Console Administrator Guide Contents About this guide... 6 Audience... 6 Requirements... 6 Colligo Technical Support... 6 Introduction... 7 Colligo Console Overview... 8 Colligo Console Home Page...
More informationConfiguration Tab. Cisco WebEx Messenger Administration Guide 1
Overview, page 2 Organization Information, page 2 Domain Information, page 3 Resource Management Information, page 4 URL Configuration, page 5 Security Settings, page 6 Directory Settings, page 8 Password
More informationCloudCenter for Developers
DEVNET-1198 CloudCenter for Developers Conor Murphy, Systems Engineer Data Centre Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the
More informationAccess Manager Applications Configuration Guide. October 2016
Access Manager Applications Configuration Guide October 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights,
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationCloud Secure. Microsoft Office 365. Configuration Guide. Product Release Document Revisions Published Date
Cloud Secure Microsoft Office 365 Configuration Guide Product Release Document Revisions Published Date 8.3R3 2.0 November 2017 Pulse Secure, LLC 2700 Zanker Road, Suite 200 San Jose CA 95134 https://www.pulsesecure.net.
More informationGuide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE
Guide to Deploying VMware Workspace ONE with VMware Identity Manager SEP 2018 VMware Workspace ONE You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationAuthentication. Katarina
Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková
More informationSystem Administration
Most of SocialMiner system administration is performed using the panel. This section describes the parts of the panel as well as other administrative procedures including backup and restore, managing certificates,
More informationNETOP PORTAL ADFS & AZURE AD INTEGRATION
22.08.2018 NETOP PORTAL ADFS & AZURE AD INTEGRATION Contents 1 Description... 2 Benefits... 2 Implementation... 2 2 Configure the authentication provider... 3 Azure AD... 3 2.1.1 Create the enterprise
More informationREVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE
REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: VMware Workspace ONE Table of Contents Introduction.... 3 Purpose of This Guide....3 Audience...3 Before You Begin....3
More informationAdministering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1
Administering Workspace ONE in VMware Identity Manager Services with AirWatch VMware AirWatch 9.1.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationTACACs+, RADIUS, LDAP, RSA, and SAML
This chapter contains the following sections: Overview, page 1 RADIUS, page 1 TACACS+ Authentication, page 2 User IDs in the APIC Bash Shell, page 2 Login Domains, page 3 LDAP/Active Directory Authentication,
More information