You can use SAML to map user attributes from IDP to Webex identity attributes, and turn on just-in-time (JIT) auto account updates using SAML assertion.
Modify Single sign-on authentication in Control Hub
Before you begin
Ensure that the following preconditions are met:
-
SSO is already configured. For information on using the SSO configuration wizard, see the section "SSO Setup" here: https://help.webex.com/article/lfu88u/.
-
The domains have already been verified.
-
The domains are claimed, turned on. This feature ensures users from your domain are created and updated once each time they authenticate with your IDP.
-
If DirSync or AzureAD are enabled then SAML JIT create or update will not work.
-
"Block user profile update" is enabled. SAML Update Mapping is allowed because this configuration controls the user’s ability to edit the attributes. Admin-controlled methods of creation and update are still supported.
Newly created users won't automatically get assigned licenses unless the organization has an automatic license template set up. |
1 | From the customer view in https://admin.webex.com, go to Management > Organization Settings, and then scroll to Authentication. |
2 | The switch Modify your organization's SSO authentication should already be toggled on, and the SSO setup wizard should already have been followed. If it has not, follow the instructions in the section "SSO Setup" in: https://help.webex.com/article/lfu88u/, otherwise go to the next step. |
3 | Select Actions to expand the next section. |
The value you should enter in the In the example above, you would enter |
You can also find the attribute names in the Metadata Export from the IDP. |
1 | Select Configure SAML mapping to open the SAML response map.
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
2 | Set the required attributes.
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
3 | Set the profile attributes.
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
4 | Set the extension attributes. Map these attributes to extended attributes in Active Directory, Azure, or your directory, for tracking codes.
For a list of SAML assertion attributes for Webex Meetings, see https://help.webex.com/article/WBX67566. |
1 | From the customer view in https://admin.webex.com, go to Management > Organization Settings, and then scroll to Authentication. |
2 | Select Actions to view the just in time settings. |
3 | Configure the just in time settings:
|
4 | Confirm users can log in with a different, unidentifiable email address. |