How Auto Account Creation Works with SSO
All access to WebEx, except guest access, requires a WebEx account (attendee or host account). Support for attendee accounts is an optional feature that must be provisioned for your site and enabled. When you enable Single-Sign-On (SSO) Authentication, you can optionally specify the domains from which you want to authenticate users. Participants joining from any of these domains are routed to SSO and they must supply valid credentials. Participants who are not joining from any of these domains are not authenticated and join as guests.
After a successful SSO authentication, the Security Assertion Markup Language (SAML) assertion passes the request to WebEx. WebEx checks to see whether the participant already has an account. If the Auto Account Creation option is enabled, and the participant does not already have an account, the system creates a new account. The type of account created (attendee or host) depends on the SAML parameter. If you do not specify the parameter, or the option to create attendee accounts is not enabled, the default is to create a host account.
If you do not enable Auto Account Creation, successfully authenticated users who do not have a WebEx account cannot join.
Security Assertion Markup Language Parameter
Support for attendee accounts is an optional feature that must be provisioned for your site. You must also enable the feature to make full use of the Security Assertion Markup Language (SAML) parameter.
The SAML assertion controls whether the auto account creation feature creates an attendee or a host account. For the following example, WebEx automatically creates attendee accounts.
<ns2:Attribute Name="isattendeerole" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <ns2:AttributeValue>true</ns2:AttributeValue> </ns2:Attribute>
Valid entries for the AttributeValue parameter are: True, true, False, false, Yes, yes, No, and no.
Enable SSO Authentication for Attendees
You can require participants, who join from specific domains, to authenticate with Single-Sign-On (SSO). You can also create labels to identify authenticated participants and guests in the Participants Panel for
If you prefer to not display labels, leave the label fields blank to disable the label feature.