SSO Profile

Specify how users access the Webex site. Select SP Initiated if users start at the Webex meeting site and are redirected to the corporate IdP system for authentication. Select IdP Initiated if users access the Webex site through the corporate IAM system.

Import SAML Metadata (link)

Click to open the Federated Web SSO Configuration - SAML Metadata dialog box. Imported metadata fields include the following:

• AuthnRequestSigned Destination

• Issuer for SAML (IdP ID)

• Customer SSO Service Login URL

Webex SAML Issuer (SP ID)

The URI identifies the Cisco Webex Messenger service as an SP. The configuration must match the settings in the customer Identity Access Management system. Recommended naming conventions: For Webex Meetings, enter the Webex Meetings site URL. For the Webex Messenger service, use the format "client-domain-name" (example: IM-Client-ADFS-WebexEagle-Com).

Issuer for SAML (IdP ID)

A URI uniquely identifies the IdP. The configuration must match the setting in the Customer IAM. Located in the IdP XML file (example: entityID=" http://adfs20-fed-srv.adfs.webexeagle.com/adfs/services/trust")

Customer SSO Service Login URL

URL for your enterprise's single sign-on services. Users typically sign in with this URL. Located in the IdP XML file (example: <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=" https://adfs20-fed-srv.adfs.webexeagle.com/adfs/ls/ " index="0" isDefault="true" />)

You can export a SAML metadata Webex configuration file

You can export some metadata, which can then be imported in the future. Exported metadata fields include the following:

• AuthnRequestSigned Destination

• Issuer for SAML (IdP ID)

• Customer SO Service Login URL

NameID Format

Must match the IAM configuration, with the following formats being supported:

• Unspecified

• Email address

• X509 Subject Name

• Entity Identifier

• Persistent Identifier

AuthnContextClassRef

The SAML statement that describes the authentication at the IdP. This must match the IAM configuration. ADFS examples: urn:federation:authentication:windows or urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Ping example: urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified Note: To use more than one AuthnContextClassRef value add a ";".For example: urn:federation:authentication:windows;urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

Default Webex Target page URL (optional)

Upon authentication, displays a target page assigned for the web application only.

Customer SSO Error URL (optional)

If an error occurs, redirects to this URL with the error code appended in the URL.

Single Logout (optional)

Check to require a sign-out and set the logout URL.

IdP initiated Single Logout is not supported.

Signature Algorithm for AuthnRequest

For enhanced security, you can now generate SHA-1, SHA-256, or SHA-512 signed certificates.

SSO authentication for Attendees

This feature provides additional levels of accountability to the SAML assertion user authentication for internal attendees using Webex Meetings, Webex Training, and Webex Events. When enabled, this feature supersedes the Webex Meetings "Display internal user tag in participant list" feature.

Auto Account Creation (optional)

Select to create a user account. UID, email, and first and last name fields must be present in the SAML assertion.

Auto Account Update (optional)

Webex accounts can be updated with the presence of an updateTimeStamp attribute in the SAML assertion. When modifications are made in the IAM, the new timestamp is sent to the Webex site, which updates the account with any attribute sent in the SAML assertion.

Remove uid Domain Suffix for Active Directory UPN

Removes the Active Directory domain from the User Principal Name (UPN) when selected.