Single Sign-On with Cisco Spark Services and your Organization's Identity Provider

Document created by Cisco Documentation Team on Jul 31, 2015Last modified by Cisco Documentation Team on Aug 29, 2017
Version 26Show Document
  • View in full screen mode
 

Single Sign-On with Cisco Spark

If you have your own identity provider (IdP) in your organization, you can integrate the IdP with Cisco Spark services and your users have a single, common credential for all their corporate applications.

Identity Provider System Requirements

       
For SSO and Cisco Spark services, IdPs must conform to the SAML 2.0 specification. In addition, IdPs must be configured in the following manner:
  •       

    Configure the IdP to use Forms Based authentication.

          

  •       
    Set the NameID Format attribute to one of the following:
    •          

      urn:oasis:names:tc:SAML:2.0:nameid-format:transient

                

      Configure a claim on the IdP to include the uid attribute name with a value mapped to the user's email address in the SAML Assertion.

               

    •          

      urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified

                

      Configure a claim on the IdP to include the uid attribute name with a value mapped to the user's email address in the SAML Assertion.

               

    •          

      urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

               

          
     

Tested Single Sign-On Solutions with Cisco Spark Services

The following web access management and federation solutions were tested with Cisco Spark services. Keep checking back here for articles on new IdP integrations.
  

Set up Single Sign-On Between Cisco Spark Services and Your Identity Provider

   

Single sign-on (SSO) enables users to sign in to Cisco Spark securely by authenticating to your organizations common identity provider (IdP). You start configuration in Cisco Cloud Collaboration Management.

    
Before You Begin

These are high-level, generic steps for integrating a third-party IdP. You can find detailed integration guides for specific IdPs.

           
1    Sign in to Cisco Spark Control Hub with your full administrator credentials.
2    Select the Settings tab, and then select Modify under the Authentication section.
3    Select Integrate a 3rd-party identity provider. (Advanced) and then go to the next screen.
4    Download the trusted metadata file and upload it to your identity provider's management interface.
5    Select Next.
6    Import the trusted metadata file from your identity provider to enable single sign-on.
  • For more security, you can require that a certificate in metadata is signed by a certificate authority. We recommend that you use a publicly trusted certificate.
  • If you are using a self-signed certificate to sign the SAML assertion, select Allow self-signed certificate in Metadata (less secure); otherwise, leave the default selection and select Next.
 
Note      

This certificate is used to sign the assertion, not to establish secure communication to the IdP.

7    Select Test SSO Connection.
  • If the test is unsuccessful, disable single sign-on.
  • If the test is successful, enable single sign-on.
8    Select Finish.
 

Attachments

    Outcomes