You can add Webex to the Okta Integration Network and then synchronize users from the directory in to your organization managed in Control Hub. No on-premises infrastructure or connectors are required. This integration keeps your user list in sync whenever a user is created, updated, or removed from the application in Okta.
System for Cross-domain Identity Management (SCIM)
The integration between users in the directory and Control Hub uses the System for Cross-domain Identity Management ( SCIM) API. SCIM is an open standard for automating the exchange of user identity information between identity domains or IT systems. SCIM is designed to make it easier to manage user identities in cloud-based applications and services. SCIM uses a standardized API through REST.
If your organization already uses Directory Connector to synchronize users, you cannot synchronize users from Okta.
The Okta integration supports the following attributes only:
Please remove these attributes from the Okta mapping or remove the update from the sync configuration.
This integration supports the following user synchronization features in Okta:
Create Users—Creates or links a user in Webex App when assigning the app to a user in Okta.
Update User Attributes—Okta updates a user's attributes in Webex App when the app is assigned. Future attribute changes made to the Okta user profile automatically overwrite the corresponding attribute value in the Webex cloud.
Deactivate Users—Deactivates a user's Webex App account when it is unassigned in Okta or their Okta account is deactivated. Accounts can be reactivated if you reassign the app to a user in Okta.
We do not support synchronizing groups from Okta with your Webex organization.
Add Webex to Okta
Before configuring Control Hub for automatic user provisioning with Okta, you need to add Webex from the Okta application gallery to your list of managed applications. You must also choose an authentication method. Currently, Webex services in Control Hub only supports Federated SSO with Okta.
Before you begin
Okta requires that you have a valid Okta tenant and a current license with their platform. You must also have a current paid subscription and a Webex organization.
In your Webex organization, you must configure automatic license assignment templates, otherwise newly synchronized users in Control won't be assign licenses for Webex services. For more information, see Set up automatic license assignment templates in Control Hub
Single Sign-On (SSO) integration in Control Hub is not covered in this document. You should start with an Okta SSO integration before you configure user provisioning. For guidance on SSO integration, see Control Hub single sign-on with Okta.
Sign in to the Okta Tenant (
If you already integrated Okta SSO in to your Control Hub organization, you can skip the above steps and just reopen the Cisco Webex entry in the Okta application list.
In a separate browser tab, go to the customer view in https://admin.webex.com, click your organization name, and then next to Company Information, copy your Organization ID.
Record the organization ID (copy and paste in a text file). You'll use the ID for the next procedure.
Configure Okta for user synchronization
Before you begin
Make sure you kept your organization ID from the previous procedure.
Make sure you have the Customer Full Administrator role when creating bearer tokens for your customers.
In Okta Tenant, go to Provisioning, click Configure API Integration, and then check Enable API Integration.
Enter the ID value in the Organization ID field.
Follow these steps to get the bearer token value for the Secret Token:
Return to Okta, paste the bearer token into the API Token field, and then clickTest API Credentials.
A message appears that says Webex was verified successfully.
Go toand then specify the user synchronization features that you want.
Click Assignments, and click Assign, and then choose one:
If you configured SSO integration, click Assign next to each user or group that you want to assign to the application, and then click Done.
Users that you chose are synchronized into the cloud and they'll appear in Control Hub under Users. Any time you move, add, change, or delete users in Okta, Control Hub picks up the changes.