Update Webex relying party trust in ADFS

This task is specifically about updating AD FS with new SAML metadata from Webex. There are related articles if you need to configure SSO with AD FS, or if you need to update (a different) IdP with SAML Metadata for a New Webex SSO Certificate.

Before you begin

You need to export the SAML metadata file from Control Hub before you can update the Webex Relying Party Trust in AD FS.


Sign in to the AD FS server with administrator permissions.


Upload the SAML metadata file from Webex to a temporary local folder on the AD FS server, eg. //ADFS_servername/temp/idb-meta-<org-ID>-SP.xml.


Open Powershell.


Run Get-AdfsRelyingPartyTrust to read all relying party trusts.

Note the TargetName parameter of the Webex relying party trust. We use the example "Cisco Webex" but it could be different in your AD FS.


Run Update-AdfsRelyingPartyTrust -MetadataFile "//ADFS_servername/temp/idb-meta-<org-ID>-SP.xml" -TargetName "Cisco Webex".

Make sure to replace the file name and target name with the correct values from your environment.

See https://docs.microsoft.com/powershell/module/adfs/update-adfsrelyingpartytrust.


If you've downloaded the Webex SP 5 year certificate and have Signing or Encryption Certificate Revocation turned on, you need need to run these two commands: Set-AdfsRelyingPartyTrust -SigningCertificateRevocationCheck None -EncryptionCertificateRevocationCheck None.


Sign in to Control Hub, then test the SSO integration:

  1. Go to Management > Organization Settings, scroll to Authentication, and toggle on the Single Sign-On setting to start the configuration wizard.

  2. Click Next to skip the Import IdP Metadata page.

    You don't need to repeat that step, because you previously imported the IdP metadata.

  3. Test the SSO Connection before you enable it. This step works like a dry run and doesn't affect your organization settings until you enable SSO in the next step.


    To see the SSO sign-in experience directly, you can also click Copy URL to clipboard from this screen and paste it in a private browser window. From there, you can walk through signing in with SSO. This helps to remove any information cached in your web browser that could provide a false positive result when testing your SSO configuration.

  4. Sign in to complete the test.