SAML SSO Okta Identity Provider 2

Similar documents
Cisco Jabber for Android 10.5 Quick Start Guide

Cisco Jabber IM for iphone Frequently Asked Questions

Cisco Unified Communications Self Care Portal User Guide, Release 11.5(1)

Cisco Jabber Video for ipad Frequently Asked Questions

Application Launcher User Guide

Cisco Unified Communications Self Care Portal User Guide, Release

Migration and Upgrade: Frequently Asked Questions

Compatibility Matrix for Cisco Unified Communications Manager and IM & Presence Service, Release 11.x

User Guide for Cisco Jabber for Mac 11.6

Cisco UCS C-Series IMC Emulator Quick Start Guide. Cisco IMC Emulator 2 Overview 2 Setting up Cisco IMC Emulator 3 Using Cisco IMC Emulator 9

Cisco FindIT Plugin for Kaseya Quick Start Guide

Cisco UCS Performance Manager Release Notes

Cisco UC Integration for Microsoft Lync 9.7(4) User Guide

Compatibility Matrix for Cisco Unified Communications Manager and IM & Presence Service, Release 10.x

CPS UDC MoP for Session Migration, Release

Cisco TelePresence FindMe Cisco TMSPE version 1.2

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.2

Recovery Guide for Cisco Digital Media Suite 5.4 Appliances

Cisco Nexus 3000 Series NX-OS Verified Scalability Guide, Release 7.0(3)I7(2)

Flow Sensor and Load Balancer Integration Guide. (for Stealthwatch System v6.9.2)

Cisco Unified Communications Manager Device Package 10.5(1)( ) Release Notes

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.5

Cisco Unified Communications Manager Device Package 8.6(2)( ) Release Notes

Cisco TelePresence Management Suite Extension for Microsoft Exchange 5.6

IP Switching Configuring Fast Switching Configuration Guide Cisco IOS Release 15SY

Cisco CSPC 2.7x. Configure CSPC Appliance via CLI. Feb 2018

Cisco Proximity Desktop

Installation and Configuration Guide for Visual Voic Release 8.5

TechNote on Handling TLS Support with UCCX

Media Services Proxy Command Reference

Cisco Meeting App. Cisco Meeting App (ios) Release Notes. October 06, 2017

Cisco Prime Home Device Driver Mapping Tool July 2013

Cisco Connected Mobile Experiences REST API Getting Started Guide, Release 10.2

Validating Service Provisioning

Cisco Meeting App. Cisco Meeting App (Windows) Release Notes. March 08, Cisco Systems, Inc.

Host Upgrade Utility User Guide for Cisco UCS E-Series Servers and the Cisco UCS E-Series Network Compute Engine

Cisco Meeting App. Release Notes. WebRTC. Version number September 27, Cisco Systems, Inc.

Cisco Jabber for Windows 10.6 User Guide. User Guide 4 Availability 4 Create Custom Tabs 15 Accessibility 16 Troubleshooting 20

External Lookup (for Stealthwatch System v6.10.0)

Cisco Meeting App. Cisco Meeting App (OS X) Release Notes. July 21, 2017

Cisco Meeting App. What's new in Cisco Meeting App Version December 17

Tetration Cluster Cloud Deployment Guide

Cisco Report Server Readme

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 3.1

Cisco UCS Director F5 BIG-IP Management Guide, Release 5.0

Cisco StadiumVision Management Dashboard Monitored Services Guide

Cisco UCS Director API Integration and Customization Guide, Release 5.4

Cisco Discovery Protocol Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 920 Series)

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 5.7. User Guide July 2018

Cisco TelePresence Management Suite Extension for Microsoft Exchange Software version 5.0

How to Get Started with Cisco SBA

Cisco Evolved Programmable Network System Test Topology Reference Guide, Release 5.0

Downloading and Licensing. (for Stealthwatch System v6.9.1)

How to Get Started with Cisco SBA

Videoscape Distribution Suite Software Installation Guide

Cisco UCS Performance Manager Release Notes

Cisco Meeting Management

Cisco UCS Virtual Interface Card Drivers for Windows Installation Guide

Cisco Connected Grid Design Suite (CGDS) - Substation Workbench Designer User Guide

Authenticating Cisco VCS accounts using LDAP

Cisco WebEx Best Practices for Secure Meetings for Site Administrators and Hosts

Prime Service Catalog: UCS Director Integration Best Practices Importing Advanced Catalogs

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Cisco Prime Network Registrar IPAM 8.3 Quick Start Guide

Cisco Expressway Authenticating Accounts Using LDAP

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco UCS Performance Manager Release Notes

Cisco TEO Adapter Guide for SAP Java

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at

Cisco Meeting Management

Cisco Meeting Management

Deploying Devices. Cisco Prime Infrastructure 3.1. Job Aid

Quick Start Guide for Cisco Prime Network Registrar IPAM 8.0

IP Routing: ODR Configuration Guide, Cisco IOS Release 15M&T

Wireless Clients and Users Monitoring Overview

Method of Procedure for HNB Gateway Configuration on Redundant Serving Nodes

Cisco TEO Adapter Guide for

Cisco Business Edition 7000 Installation Guide, Release 11.5

Quantum Policy Suite Subscriber Services Portal 2.9 Interface Guide for Managers

User Guide for Accessing Cisco Unity Connection Voice Messages in an Application

Cisco TelePresence Video Communication Server. Getting started

Managing Device Software Images

Cisco Terminal Services (TS) Agent Guide, Version 1.1

Cisco WebEx Meetings Server FAQs Release 1.5

Cisco CIMC Firmware Update Utility User Guide

This document was written and prepared by Dale Ritchie in Cisco s Collaboration Infrastructure Business Unit (CIBU), Oslo, Norway.

Direct Upgrade Procedure for Cisco Unified Communications Manager Releases 6.1(2) 9.0(1) to 9.1(x)

FindMe. Cisco TelePresence Deployment Guide Cisco VCS X6 D

NNMi Integration User Guide for CiscoWorks Network Compliance Manager 1.6

Cisco Meeting App. Cisco Meeting App (Windows) Release Notes. March 08, Cisco Systems, Inc.

Cisco Instant Connect MIDlet Reference Guide

Cisco Meeting Server. Cisco Meeting Server Release 2.0+ Multi-tenancy considerations. December 20, Cisco Systems, Inc.

Cisco Unified Contact Center Express Historical Reporting Guide, Release 10.6(1)

Cisco Jabber for Mac 10.6 Release Notes. Release Notes 2 Release Information 2 Requirements 4 Limitations and restrictions 7 Caveats 8

Software Configuration Guide, Cisco IOS XE Everest 16.6.x (Catalyst 9300 Switches)

HTTP Errors User Guide

Cisco TelePresence Video Communication Server. Getting started

Cisco TEO Adapter Guide for Microsoft System Center Operations Manager 2007

Considerations for Deploying Cisco Expressway Solutions on a Business Edition Server

Cisco TelePresence Management Suite Provisioning Extension 1.6

Transcription:

SAML SSO Okta Identity Provider SAML SSO Okta Identity Provider 2 Introduction 2 Configure Okta as Identity Provider 2 Enable SAML SSO on Unified Communications Applications 4 Test SSO on Okta 4

Revised: October 6, 2017, SAML SSO Okta Identity Provider Note Refer to the SAML SSO Deployment Guide for Cisco Unified Communications Applications for your release to find out if Okta has been tested with your release. Introduction Single sign-on (SSO) is a session or user authentication process that enables a user to provide credentials to access one or more applications. The process authenticates the user for all applications they have been given rights to and eliminates further prompts when they switch applications during a particular session. For more information about the SAML SSO Solution, see: SAML SSO Deployment Guide for Cisco Unified Communications Applications. This document provides steps to configure Okta as SAML SSO Identity Provider (IdP) for Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM and Presence Service (IM and Presence Service), Cisco Unity Connection, or Cisco Prime Collaboration Assurance. Configure Okta as Identity Provider Use this procedure to configure Okta as the SAML SSO Identity Provider (IdP) for Cisco Unified Communications Manager. Okta is a cloud-hosted IdP. SAML SSO can be enabled using Okta IdP with the cluster-wide option only. The per node option is not available for Okta. Note For details on how to configure SAML SSO on Cisco Unified Communications Manager, refer to the SAML SSO Deployment Guide at https://www.cisco.com/c/en/us/support/unified-communications/ unified-communications-manager-callmanager/products-maintenance-guides-list.html. Procedure Step 1 Step 2 Step 3 Step 4 Log in to the Service Provider (Cisco Unified Communications Manager) and download the metadata XML file. Log in to the Okta server user interface and click Admin tab. From the Okta dashboard, select Applications > Applications. From the Applications window, click the Add Application button. 2

Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Various options to create an application or to choose from existing applications appear. Click Create New App to use wizard to create new application integration. On the Create a New Application Integration window, from the Platform drop-down list, choose Web and for the Sign On method field, choose SAML 2.0. Click Create. Enter a name for the application and click Next. On the Create SAML Integration window, enter the details for fields of the General Settings tab, and click Next. Enter details for the following mandatory fields for SAML Settings. These details are available in the metadata XML file that you downloaded from the Service Provider. Single sign on URL From the metadata file, enter the SSO URL of the publisher node. You can find this by searching for the information on index 0 of the AssertionConsumerService and enter the details for this field. Use this for Recipient URL and Destination URL Check this option to enable matching of the recipient and destination URLs. Allow this app to request other SSO URLs Check this option if you have multiple nodes in your UC deployment and you want to allow requests from other SSO URLs besides the publisher. Requestable SSO URLs This field appears only if you check the above check box. You can enter SSO URLS for your other nodes. You can find the ACS URLs in the metadata file by searching for all the AssertionConsumerService (ACS) addresses that use the HTTP-POST Binding. Add those details for this field. Click the Add Another button to add multiple URLs. Note You do not need to add HTTP-Redirect URLs to this field. Audience URI (SP Identity ID) From the metadata file, search for the entityid address and enter the details for this field. Name ID Format Choose Transient from this drop-down list. Application username Choose the username format that matches the UserID field that is available in the Cisco Unified Communications Manager cluster. Step 11 (Optional) Enter the attribute UID to the Cisco Unified Communications Manager cluster. Note Ensure that the attribute UID value matches the userid field value that is available in Cisco Unified CM Administration on the User Management > End User page. Following is an example where the userid is mapped to samaccountname via a UID string of String.substringBefore(user.email, "@"). Figure 1: Sample UID Mapping 3

Step 12 Step 13 Step 14 Step 15 On the Feedback tab, select I'm a software vendor. I'd like to integrate my app with Okta and click Finish. On the Import tab, assign the users or groups that you want to enable, and click Done. On the Sign On tab, click the Identity Provider metadata link to download the Okta metadata file. Open the downloaded metadata file, change the two lines of NameIDFormat to <md:nameidformat>urn:oasis:names:tc:saml:2.0:nameid-format:transient</md:nameidformat>, and then save the file. Enable SAML SSO on Unified Communications Applications When you have configured the IdP appropriately, follow these steps to enable SSO. Procedure Step 1 Navigate to the following page for each application: Cisco Unified Communications Manager Using a web browser, sign in to Unified CM as administrator, and navigate to System > SAML Single Sign On. Cisco Unified Communications Manager IM and Presence Service Using a web browser, sign in to Unified CM as administrator, and navigate to System > SAML Single Sign On. Cisco Unity Connection Using a web browser, sign in to Cisco Unity Connection as administrator, and navigate to System Settings > SAML Single Sign On. Cisco Prime Collaboration Assurance Using a web browser, sign in to Prime Collaboration Assurance as globaladmin, and navigate to Administration > System Setup > Single Sign On. Step 2 Click Enable SAML SSO and follow the steps. Note With Okta, you must use a Cluster wide agreement (one metadata file per cluster). Okta will not work with per node agreements. Note For detailed SAML SSO configuration steps, refer to the SAML SSO Deployment Guide for Cisco Unified Communications Applications. Test SSO on Okta After you have configured SAML SSO on both Okta and Cisco Unified Communications Manager, test the SSO connection. Procedure Step 1 Log in to Okta to authenticate the Okta service. 4

Step 2 Step 3 Step 4 A confirmation message, showing that the SSO configuration is successful, appears. Click Close and then click Finish Close the web browser and wait for a couple of minutes for the SAML SSO configuration changes to take effect on Cisco Unified Communications Manager. Enter the Cisco Unified Communications Manager URL in the address bar of the web browser to verify that SSO is enabled. The Recovery URL to bypass Single Sign On (SSO) link appears below the Cisco Unified Communications Manager link. The Recovery URL to bypass Single Sign On (SSO) link appears when the SSO is enabled. 5

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http:// www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) 2017 Cisco Systems, Inc. All rights reserved.

Americas Headquarters Cisco Systems, Inc. San Jose, CA 95134-1706 USA Asia Pacific Headquarters Cisco Systems (USA) Pte. Ltd. Singapore Europe Headquarters Cisco Systems International BV Amsterdam, The Netherlands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback