To configure OneLogin to sign in users into WebEx Enterprise using SAML, follow those steps.
Note: You will also want to contact WebEx since SAML is not enabled by default.
In OneLogin, do the following:
- In OneLogin, navigate to Apps > Add Apps and search for WebEx Enterprise.
- In the Add WebEx Enterprise SAML screen select for the app to be used by the Organization and select SAML 2.0 for the Connector Version. Press Continue.
- Type your WebEx Enterprise subdomain into the Subdomain field within the Configuration tab. Also include the Admin Email, Admin Password and Admin WebexID (Username value in Webex).
- Under the Single Sign-on tab copy the Issuer URL and the HTTP Endpoint under SAML Endpoints to the clipboard for use in WebEx later. Set the credentials to Configured by admin and select a default Email value of email or something equivalent to email to use as the WebEx credential.
- Under the Access Control tab choose which roles will have access to WebEx.
In WebEx, do the following:
- Click Site Administration in the Menu Bar, then SSO Configuration in the sidebar
- Under SSO Profile select IdP Initiated.
- Navigate to your WebEx app in OneLogin and copy the Issuer URL. Paste it into the browser to download your SAML Metadata xml file. Upload this in the Import SAML Metadata link.
- Complete the fields WebEx SAML Issuer (SP ID) with http://www.webex.com.
- In the field Issuer for SAML (IdP ID), paste the Issuer URL you previously copied into your clipboard.
- In the field Customer SSO Service Login URL, paste the SAML HTTP Endpoint you previously copied into your clipboard.
- In the NameID Format select Email address.
- In the AuthnContextClassRef field fill in "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport".
- Click "Update" to save the settings.
To test do the following:
- Login to OneLogin.
- Make sure you are logged out of WebEx Enterprise.
- Click the WebEx Enterprise icon on your dashboard. This should log you into WebEx Enterprise.
If you're not using the same Email in WebEx Enterprise as in OneLogin, do the following:
- Click Apps, then Company Apps.
- Edit the WebEx Enterprise application.
- Navigate to the Logins tab.
- Locate your user and click Edit.
- To use a different email with WebEx Enterprise, type it in the Email field and click Update.
- Navigate to the portal and re-test by clicking the WebEx Enterprise icon.
Note that the administrator can always log into WebEx Enterprise with username and password at this URL:
Just In Time Provisioning
WebEx Enterprise also supports Just in Time Provisioning, which will allow you to create users on the fly. Whenever a user is given access to WebEx Enterprise in the portal of OneLogin via Access Control that user can be created if he or she doesn't already have a WebEx Enterprise Account. The fields under configuration (First Name, Last Name, Phone, etc.) will be used in the creation of the user.