Thanks for your feedback.
Data Exchange and Storage in Webex for Cisco BroadWorks
Feedback?Data Exchange and Storage
These sections provide detail on data exchange and storage with Webex. All data is encrypted both in transit and at rest. For additional details, see Webex App Security.
Service Provider Onboarding
When you configure clusters and user templates in Webex Control Hub during Service Provider onboarding, you exchange the following BroadWorks data which Webex stores:
-
Xsi-Actions URL
-
Xsi-Events URL
-
CTI interface URL
-
Authentication service URL
-
BroadWorks Provisioning Adaptor credentials
Service Provider User Provisioning
This table lists user and enterprise data that is exchanged as part of user provisioning through the Webex APIs.
|
Data Moving to Webex |
From |
Through |
Stored by Webex? |
|---|---|---|---|
|
BroadWorks UserID |
BroadWorks, by API |
Webex APIs |
Yes |
|
Email (if SP Provided) |
BroadWorks, by API |
Webex APIs |
Yes |
|
Email (if User Provided) |
User |
User Activation Portal |
Yes |
|
First name |
BroadWorks, by API |
Webex APIs |
Yes |
|
Last name |
BroadWorks, by API |
Webex APIs |
Yes |
|
Primary Phone Number |
BroadWorks, by API |
Webex APIs |
Yes |
|
Mobile Phone Number |
BroadWorks, by API |
Webex APIs |
Yes |
|
Primary Extension |
BroadWorks, by API |
Webex APIs |
Yes |
|
BroadWorks Service Provider ID & Group ID |
BroadWorks, by API |
Webex APIs |
Yes |
|
Language |
BroadWorks, by API |
Webex APIs |
Yes |
|
Time zone |
BroadWorks, by API |
Webex APIs |
Yes |
User Removal
Webex for Cisco BroadWorks APIs support both partial and full user removal. This table lists all user data that is stored during provisioning and what is deleted in each scenario.
|
User Data |
Partial Deletion |
Full Deletion |
|---|---|---|
|
BroadWorks UserID |
Yes |
Yes |
|
|
No |
Yes |
|
First name |
No |
Yes |
|
Last name |
No |
Yes |
|
Primary Phone Number |
Yes |
Yes |
|
Mobile Phone Number |
Yes |
Yes |
|
Extension |
Yes |
Yes |
|
BroadWorks Service Provider ID & Group ID |
Yes |
Yes |
|
Language |
No |
Yes |
User Login and Configuration Retrieval
Webex Authentication
Webex authentication refers to user sign-in to a Webex app by any of the Webex support authentication mechanisms. ( BroadWorks authentication is covered separately.) This table illustrates the type of data exchanged between the different components on the authentication flow.
|
Data Moving |
From |
To |
|---|---|---|
|
Email address |
User through Webex app |
Webex |
|
Limited access token and (independent) IdP URL |
Webex |
User browser |
|
User credentials |
User browser |
Identity provider (which already has user identity) |
|
SAML assertion |
User browser |
Webex |
|
Authentication code |
Webex |
User browser |
|
Authentication code |
User browser |
Webex |
|
Access and Refresh tokens |
Webex |
User browser |
|
Access and Refresh tokens |
User browser |
Webex app |
BroadWorks Authentication
BroadWorks authentication refers to user sign-in to a Webex app using their BroadWorks credentials. This table illustrates the type of data exchanged between the different components on the authentication flow.
|
Data Moving |
From |
To |
|---|---|---|
|
Email address |
User through Webex app |
Webex |
|
Limited access token and (Webex Bwks IdP proxy) IdP URL |
Webex |
User browser |
|
Branding information and BroadWorks URLs |
Webex |
User browser |
|
BroadWorks user credentials |
User through browser (branded sign-in page served by Webex) |
Webex |
|
BroadWorks user credentials |
Webex |
BroadWorks |
|
BroadWorks user profile |
BroadWorks |
Webex |
|
SAML assertion |
User browser |
Webex |
|
Authentication code |
Webex |
User browser |
|
Authentication code |
User browser |
Webex |
|
Access and Refresh tokens |
Webex |
User browser |
|
Access and Refresh tokens |
User browser |
Webex app |
BroadWorks Password Expiration Notification During Login
This feature enhances the login process and controls the login flow based:
Login warning and error message enhancement:
- At present the Wexbex for BWKS users who use BroadWorks authentication and login through the UAP do not get notification that their password is about to expire or that they are unable to login because the password has already expired. With this feature, if the password is about to expire in 10 days or less - the user receives warning that password is about to expire with indication how many days are left, and the user is advised to contact the Partner, or to follow the Forgot Password link on the login screen to reset their password.
- If the password has expired and the configuration in BroadWorks ‘enforcePasswordChangeOnExpiry’ is set to true then error “incorrect username and password” was thrown but now with this feature the error message is enhanced: The login attempt failed. The combination of the User ID and password provided does not match our records or your password needs to be updated. Try again or contact your administrator to update the password. Error code 100006
Control login flow:
- Partner can restrict the login by enabling a setting “w4bwks-password-expiry-fail-login". This setting “can be enabled by Cisco upon request from a partner. If BroadWorks password has expired, the configuration in BroadWorks ‘enforcePasswordChangeOnExpiry’ is set to false and the setting ‘w4bwks-password-expiry-fail-login' is enabled then error is thrown saying password got expired x days ago whereas if setting service is disabled, then login is allowed. By default, the setting is disabled.
The Forgot Password link on the login page is configurable by the partner as part of Customized Branding: Advanced Customization. Partners must configure the link to redirect users to the partner's portal for password management and reset.
This feature only improves the user login experience during login of activated user when the password is about to expire or has already expired. The feature does not handle if a password expires while the user is logged in the Webex app. The user will get notification for password expiration on their next login attempt.
Client Configuration Retrieval
This table illustrates the type of data exchanged between the different components while retrieving client configurations.
|
Data Moving |
From |
To |
|---|---|---|
|
Registration |
Client |
Webex |
|
Organization settings, including BroadWorks URLs |
Webex |
Client |
|
BroadWorks JWT token |
BroadWorks through Webex |
Client |
|
BroadWorks JWT token |
Client |
BroadWorks |
|
Device Token |
BroadWorks |
Client |
|
Device Token |
Client |
BroadWorks |
|
Config file |
BroadWorks |
Client |
Steady State Usage
This section describes the data moving between components during re-authentication after token expiry, either through BroadWorks or Webex.
This table lists data movement for calling.
|
Data Moving |
From |
To |
|---|---|---|
|
SIP signalling |
Client |
BroadWorks |
|
SRTP media |
Client |
BroadWorks |
|
SIP signalling |
BroadWorks |
Client |
|
SRTP media |
BroadWorks |
Client |
This table lists data movement for messaging, presence, and meetings.
|
Data Moving |
From |
To |
|---|---|---|
|
HTTPS REST messaging and presence |
Client |
Webex |
|
HTTPS REST messaging and presence |
Webex |
Client |
|
SIP signalling |
Client |
Webex |
|
SRTP media |
Client |
Webex |
|
SIP signalling |
Webex |
Client |
|
SRTP media |
Webex |
Client |
