Skip to main content

Cisco integrations

Webex OAuth SSO

Webex OAuth SSO

Introduction

You can activate an OAuth2.0 based Webex Single Sign On at Flexopus. With the Webex OAuth SSO, you basically allow login for all users in the world who have a Webex account, and you can restrict based on their domain settings which emails can or can not log in.

💡
IMPORTANT! Please check in advance whether you want to use this simple SSO configuration variant. We generally recommend Single Sign On connection via SAML2. With a direct SAML2 SSO configuration, you can restrict the access of possible users only to the ones that exists in your identity provider. Read the article here.

When setting up Flexopus with Webex for Single Sign-On (SSO):

  1. Activate Interface: Flexopus enables the Webex interface for your tenant, restricting logins to users with emails ending in @company.com.
  2. First Login: Upon first login with Webex credentials, a new Flexopus user is created with their name and email.
  3. Assign Rights: You can assign roles (e.g., Location Manager, Admin) or user groups to this new user in Flexopus.
  4. Subsequent Logins: Each login is authenticated to ensure access security.

This setup ensures seamless, domain-restricted access for your team.

Configuration Manual

STEP 1 - Activate Microsoft SSO

To configure Webex Single Sign-On in Flexopus:

  1. Go to Dashboard > Settings > Authentication in Flexopus.
  2. Select Create a new provider.
  3. In the pop-up, choose the Webex SSO option.

This setup will initiate Webex SSO configuration for your Flexopus environment.

Create a Webex provider
  1. Enable the Webex SSO integration.
  2. Under List of allowed domains for SSO, specify the domains that are permitted to log in, such as my-company.com and my-subcompany.de.

This will restrict access to users from these specific domains.

💡
Note:
If you want to enable access for everyone, set a *. However, this configuration is generally not recommended. It's better to specify who can or cannot log in.
Configure whitelist domain
  • Require existing user profile to log in through SSO: Activating this option restricts access to users with pre-existing accounts, requiring manual addition of new users.
  • Use UPN as email: Decide which Microsoft attribute to synchronize as the UPN (User Principal Name). The default setting is recommended unless a specific configuration is needed.
UPN configuration

Save your changes.

STEP 2 - Test the configuration

Open Flexopus in a new incognito window and test the login:
https://{your-company}.flexopus.com/ or in case you have a custom domain, then go to the custom domain.

You should be able to log in with an existing or a new user, depending on how you configured the access rights in your Azure Active Directory and Flexopus.

💡
Note: The Two-Factor Authentication (2FA) will be applied based on the user's Webex settings. In case you set in your Webex admin console the 2FA required, then users will be asked in the Webex authentication process to proceed with 2FA.

After configuring Webex SSO, you can enforce Single Sign-On by disabling other login methods:

  1. Disable password login: Disables all email and password login forms for users.
  2. Hide login form: Hides the main login form, but keeps a secondary login form accessible at ../dashboard/auth/login for a backup admin user.

Navigate to Dashboard > Settings > Authentication to enable these options.

Disable emails and password login

R0106