Single Sign-On and Cisco Spark Overview
Single sign-on (SSO) is a session or user authentication process that permits a user to provide credentials to access one or more applications. The process authenticates users for all the applications that they are given rights to. It eliminates further prompts when users switch applications during a particular session.
The Security Assertion Markup Language (SAML 2.0) Federation Protocol is used to provide SSO authentication between the Cisco Collaboration Cloud platform and your identity provider (IdP).
SAML 2.0 is an industry protocol for the securely handling user authentication, sharing of user attributes, and user authorization between partners across domains.
The SAML 2 Protocol supports a number of profiles of which the Spark Platform only supports the Web Browser SSO Profile. In the Web Browser SSO Profile the Spark Platform supports the following bindings:
The SAML 2 Protocol supports a number of NameID formats for the purpose of communicating about a specific user. The Cisco Collaboration Cloud platform supports the following NameID formats.
In the metadata that you load from your IdP, the first entry is configured for use in the Spark Platform.
Integrate Cisco Spark with Microsoft Azure
Follow the tasks in this article to configure Single Sign-On (SSO) integration between Cisco Spark services and a deployment that uses Microsoft Azure as an identity provider (IdP).
This integration covers users of Cisco Spark message, meet, and call. A separate integration is required to enable SSO for Cisco WebEx.
Download the Cisco Spark Metadata to your Local System
|1||Sign in to Cisco Cloud Collaboration Management with your full administrator credentials.|
|2||Select Settings, and then select Modify from the Authentication section.|
|3||Select Integrate a 3rd-party identity provider. (Advanced) and go to the next screen.|
|4||Download the trusted metadata file and save the file in an easy-to-find location on your local system. |
The Cisco Spark metadata filename is idb-meta-<org-ID>-SP.xml.
|5||Keep your Cisco Cloud Collaboration Management session open in a browser tab; you will return to it later to upload your IdP metadata.|
Configure Single-Sign On Application Settings in Azure
To activate the IdP capabilities in Microsoft Azure, obtain an Azure Active Directory Premium License.
Configure Azure Active directory.
Create local users or synchronize with an on-premises active directory system.
Open the Cisco Spark metadata file that you downloaded from Cisco Cloud Collaboration Management.
|1||Sign in to the Azure AD Access Panel.|
|2||Choose the Azure Active Directory for your organization.|
|3||Go to Applications and then click Add.|
|4||Click Add an application from the gallery.|
|5||In the search box, type Cisco Spark.|
|6||In the results pane, select Cisco Spark, and then click Complete to add the application.|
|7||Configure Single-Sign On:|
|8||Modify the attributes:|
Import the IdP Metadata and Enable Single Sign-On After a Test
After you export the Cisco Spark metadata, configure your IdP, and download the IdP metadata to your local system, you are ready to import it into your Cisco Spark organization.