Control Hub-managed Webex sites

Control Hub is the administrative portal for all of Cisco's cloud collaboration products. You can manage every Webex service in one location. The benefits of managing sites in Control Hub include:

  • Unified license assignments across all Webex services.

  • Consistent security policies across all Webex services.

  • Common sign-in experience for all end users between different Webex services.

  • Modern administrator controls, such as Directory Connector, SCIM, and Active Directory groups.

  • License templates to assign multiple licenses to users automatically.

Site Administration-managed Webex sites

Site Administration is an administrative portal for only the Webex Meetings Suite. If your organization decides to add more products, such as the Webex App or Webex Calling, you'd have to manage those products in Control Hub while still using Site Administration to manage Webex Meetings.


 

If you initially chose Site Administration and want to switch over to Control Hub, you can convert to Control Hub at any time.

Compare administrator experiences between Control Hub and Site Administration

The following table explains the significant differences between managing a Webex site in Control Hub and Site Administration.

Administrative experience

Control Hub

Site Administration

User management

Users are managed centrally in Control Hub, including assigning licenses and configuring service levels.

Webex Meetings users and settings are managed in Site Administration. If you have other Webex products, such as Webex App, you have to manage the users and settings for that product in Control Hub.

Users will use the same credentials to sign in to both Webex App and Webex Meetings.

If the Webex site is linked, then users can sign in to Webex App using the same credentials as they use for their Webex Meetings site.

Users can request an account with host privileges or additional services from their Webex site landing page if an administrator allows it. For more information, see Allow host account self-sign up for a Webex Meetings site.

Users can request an account with host privileges or additional services from their Webex site landing page if an administrator allows it. For more information, see Allow host account self-sign up for a Webex Meetings site.

Users can be assigned licenses across any Webex service and multiple Webex sites in one operation, including when a user is first created with an automatic license template.

Users can only be assigned licenses for one Webex site at a time.

Users can be automatically created through People and SCIM APIs, Directory Connector, and Azure Active Directory.

Users can be automatically created through SSO automatic account creation and XML API.

Different groups of users in Active Directory can be assigned different licenses based on a license template.

Active Directory isn't available for Site Administration.

Deactivate or reactivate users on a Webex site by removing or adding licenses.

Deactivate or reactivate users on a Webex site with a check box.

External and internal participants

Administrators can identify internal participants with an internal tag option.

Administrators have to add a custom label to identify internal participants.


 

This option is only available for SSO-enabled sites.

Tracking codes

Tracking codes are optional for new hosts.

Administrators can make tracking codes required for new hosts.

Customize email templates

You can't customize account onboarding emails, such as welcome emails.

You can customize account onboarding emails.

Administrator licensing and hosting

Administrators can manage a Webex site without consuming a license, but a license is required in order to host meetings.

Full admins in the organization have write access to all Control Hub-managed Webex sites.


 

Administrators from partner organizations can host test meetings without consuming a license.

Administrators consume a license to become a site administrator and can host meetings.

Full admins in the organization owning multiple Webex sites don't automatically have administrative access to all Site Administration-managed sites.They must be explicitly granted administrative access to each Site Administration-managed Webex site.

Hosts in other companies or organizations

Users must be in the Control Hub organization to be assigned a host or attendee license in Webex Meetings.

A host on a Webex site can belong to any company or organization.

Multiple Webex sites

All Webex sites in Control Hub share common settings, such as user creation and how users authenticate to Webex.

Users can only have one password across all Webex services. The same user can't have different passwords on different Webex sites.

If an organization is configured for SSO, then all Control Hub-managed Webex sites in the same organization follow the same SSO.

Each Webex site is autonomous, and the same user can have different email addresses and passwords across different Webex sites.

A company with multiple Webex sites can choose the Webex sites on which to enable or disable SSO.

APIs** and integrations

Control Hub also uses People REST APIs for user management, such as creating or licensing users.

Webex XML APIs are forward- compatible with Control Hub- managed sites for user management. Modifications are generally unnecessary for most integrations after the site updates to Control Hub. For more information, see Cisco Webex Meetings API Updates Overview (API 41).

API integrations can be built entirely with Webex XML APIs.

Admins bypassing SSO

External admins can bypass SSO of the organization that owns the Webex site.

Admins can bypass a Webex site's SSO to sign in if the credentials are stored on the Webex site.

SSO configuration

All sites share the same SSO configurations and identity provider (IdP). You can either have the same SSO for all sites, or no SSO at all.

If the Control Hub-managed organization is configured with SSO, then linked Site Administration sites with a different IdP than the organization will use the same IdP as the one in Control Hub (the previous IdP used in Site Administration won't apply anymore).

Site Administration sites without SSO configured will have SSO enabled and will use the same IdP as the organization after being updated to Control Hub.

Each site can be set up with different SSO configurations and IdPs. A site can also have no SSO, even if the linked Control Hub-managed organization is using SSO.

SSO authentication for attendees

This feature is not available at this time for Control Hub-managed sites.

In the future, administrators will be able to configure Control Hub to require sign-in for all participants whose email addresses match domains claimed by the organization.

This will also apply to non-SSO organizations.

Administrators can require SSO authentication for attendees for participants whose email addresses match specific domains.


 

This requirement only applies to meetings on that site.

Review self-sign up requests

Administrators review requests in Alerts center.

Administrators review requests in Site Admin.

 

** API integrations for Site Administration-managed Webex sites may need to be modified in order to work in Control Hub-managed Webex sites if you update to Control Hub at a later date.

It is recommended that API integrations be tested thoroughly to make sure all features are working after Webex sites are updated from Site Administration to Control Hub.

Differences between password management features in Control Hub and Site Administration

The following table shows the differences between how password management works in Site Administration and Control Hub. For more information about password management in Control Hub, see this article.

Site Administration password featuresControl Hub
Configure password characteristics, such as minimum length and alphanumeric characters.

Configurable:

  • Minimum length—Range from 8 to 256.
  • Minimum number of numeric, alphabetic, and special characters. Minimum is 8.

Not configurable:

  • Repeat characters.
Do not allow re-use of last [N] passwords. Do not allow re-use of last [N] passwords. N must be 1-5.
Password Aging - Force users to change password every [N] days. Password Aging - Configure [N] Days. N must be greater than 90 and less than 1825 (5 years). Default is 1825.
Don't allow dynamic web page text for account passwords (site name, host's name, user name). Don't use value of common fields like site name or user name as your password.
Do not use password from a list. Do not allow account passwords from a list.
Require users to change password on next sign in. Not supported. A planned feature is allowing admins to require users to change their passwords.
Password lockout after [N] attempts. Built-in delay after repeated attempts and captcha.
Allow user to save account password in cookies. Not directly supported, but Webex Identity uses OAUTH and keeps users signed in.
Admin control to initialize or reset password, force change of passwords, or dealing with forgotten passwords. Password is directly controlled between users and Webex Identity (or SSO).
Admin handling of user forgot password requests Not supported. A planned feature is allowing admins to require users to change their passwords.
Users can configure a password per site. User passwords are configured with Webex Identity. The same passwords are applicable across all Webex sites and services.

User profile fields

Control Hub

User profile fields are centralized in Webex identity. The same user has the same values across multiple sites. Some values, such as address, aren’t synched yet from Webex identity to Meetings sites. These values will be synched to Webex identity in the future.

Site Administration

User profile fields are configured per site, so the same user can have different values across multiple sites.

Customized email templates

Some of the email templates in Site Administration aren’t applicable to Control Hub, so customization for those email templates isn't applicable in Control Hub-managed sites. For example, welcome emails are controlled through user licensing and admins aren't involved in user password management.

The following email templates aren't customizable in Control Hub-managed sites, but are customizable in Site Administration:

  • Export Finished or Aborted Notification

  • Import Finished or Aborted Notification

Comparison chart for user features in meetings

Feature

Control Hub

Site Administration

Pre-meeting features

Scheduling Option

N/A

If administrators configured the site with SSO authentication for attendees, then hosts can:

  • Restrict events to invited attendees only in the Webex Events (classic) scheduler.

  • Restrict meetings to invited attendees only in the Webex Meetings scheduler.

Join Audio Portion of PCN Before Host

N/A. Attendees have to wait in lobby until the host joins.

Yes

In-meeting features

Display Suffix in Participants List

If the Display internal user tag in participant list is enabled by the administrator, a suffix shows as internal for authenticated users. No suffix is shown for non-authenticated users. SSO isn't required for this feature.

Administrators can customize the suffix for authenticated and non-authenticated users. SSO is required for this feature.

End user sign-in experience

Consistent sign-in experience across all Webex sites and services. Users sign in with one email address for every service.

Users can have different email addresses or passwords across different Webex sites.