Configure Single-Sign-On (SSO) Authentication for Attendees

Document created by Cisco Documentation Team on Mar 23, 2016Last modified by Cisco Documentation Team on Sep 7, 2017
Version 4Show Document
  • View in full screen mode

 

How Auto Account Creation Works with SSO


All access to WebEx, except guest access, requires a WebEx account (attendee or host account). Support for attendee accounts is an optional feature that must be provisioned for your site and enabled. When you enable Single-Sign-On (SSO) Authentication, you can optionally specify the domains from which you want to authenticate users. Participants joining from any of these domains are routed to SSO and they must supply valid credentials. Participants who are not joining from any of these domains are not authenticated and join as guests.

After a successful SSO authentication, the Security Assertion Markup Language (SAML) assertion passes the request to WebEx. WebEx checks to see whether the participant already has an account. If the Auto Account Creation option is enabled, and the participant does not already have an account, the system creates a new account. The type of account created (attendee or host) depends on the SAML parameter. If you do not specify the parameter, or the option to create attendee accounts is not enabled, the default is to create a host account.

Important:

If you do not enable Auto Account Creation, successfully authenticated users who do not have a WebEx account cannot join.

Security Assertion Markup Language Parameter

Important:

Support for attendee accounts is an optional feature that must be provisioned for your site. You must also enable the feature to make full use of the Security Assertion Markup Language (SAML) parameter.

The SAML assertion controls whether the auto account creation feature creates an attendee or a host account. For the following example, WebEx automatically creates attendee accounts.

 <ns2:Attribute Name="isattendeerole"  NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">  <ns2:AttributeValue>true</ns2:AttributeValue>  </ns2:Attribute> 

Valid entries for the AttributeValue parameter are: True, true, False, false, Yes, yes, No, and no.

Enable SSO Authentication for Attendees

You can require participants, who join from specific domains, to authenticate with Single-Sign-On (SSO). You can also create labels to identify authenticated participants and guests in the Participants Panel for

  • Meetings

  • Training Sessions

  • Events

If you prefer to not display labels, leave the label fields blank to disable the label feature.


Note


If enabled, the SSO Authentication settings override the Display internal user tag in participant list setting for Meeting Center.



           
Step 1   Select Configuration > Common Site Settings > SSO Configuration.
Step 2   (Optional) Check Auto Account Creation to automatically create accounts.
Important:

If you do not enable Auto Account Creation, successfully authenticated users who do not have a WebEx account cannot join.

Step 3   Check SSO authentication for Attendees to enable SSO authentication.
Step 4   (Optional) Enter a label to display beside the names of authenticated participants (for example: Employee).
Step 5   (Optional) Enter a label to display beside the names of nonauthenticated participants (for example: Guest).
Step 6   In the Attendees Authenticated from Email Domains field, enter a domain (for example: my_domain.com).
Step 7   Select Add.
Step 8   Repeat Steps 5 and 6 for each of your company domains, from which you want to authenticate participants.

Participants who join from any of these domains are routed to SSO. All other participants join as guests.

Step 9   Select Update.

 


Attachments

    Outcomes