You can use SAML to map user attributes from IDP to Webex identity attributes, and turn on just-in-time (JIT) auto account updates using SAML assertion.
Modify Single sign-on authentication in Control Hub
Before you begin
Ensure that the following preconditions are met:
SSO is already configured. For information on using the SSO configuration wizard, see the section "SSO Setup" here: https://help.webex.com/article/lfu88u/.
The domains have already been verified.
The domains are claimed, turned on. This feature ensures users from your domain are created and updated once each time they authenticate with your IDP.
DirSync or AzureAD Sync are enabled. SAML Update Mapping should be disabled for one of these configurations.
"Block user profile update" is enabled. SAML Update Mapping is allowed because this configuration controls the user’s ability to edit the attributes. Admin-controlled methods of creation and update are still supported.
Newly created users won't automatically get assigned licenses unless the organization has an automatic license template set up.
From the customer view in https://admin.webex.com, go to Management > Organization Settings, and then scroll to Authentication.
The switch Modify your organization's SSO authentication should already be toggled on, and the SSO setup wizard should already have been followed. If it has not, follow the instructions in the section "SSO Setup" in: https://help.webex.com/article/lfu88u/, otherwise go to the next step.
Select Actions to expand the next section.
The value you should enter in the
In the example above, you would enter
Select Configure SAML mapping to open the SAML response map.
Set the required attributes.
Set the profile attributes.
Set the extension attributes. Map these attributes to extended attributes in Active Directory, Azure, or your directory, for tracking codes.
For a list of SAML assertion attributes for Webex Meetings, see https://help.webex.com/article/WBX67566.
Configure the just in time settings:
Confirm users can log in with a different, unidentifiable email address.