Adding WebEx to Your PingOne for Enterprise Dock
Add the WebEx application your PingOne for Enterprise Dock from the application catalog.
Steps
-
In the PingOne for Enterprise admin console, go to Applications → Application Catalog.
-
Optional: In the Search field, search for the application.
-
Click the WebEx application line to expand it, and then click Setup.
-
On the SSO Instructions tab, click Download to download the signing certificate.
-
In a separate tab or window, sign on to your WebEx account as an administrative user.
-
In WebEx, go to Site Administration → SSO Configuration.
-
Click Organization Certificate Management and upload the PingOne for Enterprise signing certificate you downloaded in step 4.
-
In the single sign-on (SSO) configuration form, enter the following information.
Field Action Federation Protocol
SAML 2.0
WebEx SAML Issuer (SP ID)
Issuer for SAML (IdP ID)
Enter the IdP ID from PingOne
Customer SSO Service Login URL
https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid=<IdP ID>
, replacing <IdP ID> with the IdP ID value from PingOne for Enterprise.Default WebEx Target Page URL
Leave blank
Customer SSO Error URL
Leave blank
NameID Format
Unspecified
AuthnContextClassRef
urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
SSO Profile
SP Initiated
Single Logout
Leave check box clear
AuthnRequest Signed
Leave check box clear
Auto Account Update
Leave check box clear
Remove uid Domain Suffix for Active Directory UPN
Leave check box clear
Next steps
In PingOne for Enterprise, click Continue to Next Step.
WebEx Connection Configuration
Steps
-
Import the metadata for WebEx:
Choose from:
-
Click Select File to upload the metadata file.
-
Click Or use URL to enter the URL of the metadata.
-
-
In the ACS URL field, replace ${parameter} with your WebEx subdomain.
-
In the Entity ID field, enter your entity ID.
The pre-populated value for this field should work for most configurations.
-
In the Target Resource field, enter a URL to redirect the user to after IdP-initiated SSO.
-
In the Single Logout Endpoint field, enter a URL for PingOne to send single logout (SLO) requests to.
-
In the Single Logout Response Endpoint field, enter a URL for PingOne to send SLO responses to.
-
To add a Primary Verification Certificate, click Browse to locate and upload a local certificate file used to verify SLO requests and responses coming from WebEx.
-
To add a Secondary Verification Certificate, click Browse to locate and upload a local certificate used to verify SLO requests and responses if the primary certificate fails.
-
Select the Force Re-authentication check box to require your identity bridge to re-authenticate users with an active SSO session.
-
Select the Encrypt Assertion check box to encrypt outgoing SAML assertions.
-
On the Signing line:
Choose from:
-
Click Sign Assertion to have PingOne sign outgoing SAML assertions. This is the default option.
-
Click Sign Response to have PingOne sign responses to incoming SAML assertions.
-
-
From the Signing Algorithm list, select an algorithm with which to sign SAML assertions.
-
Select the Use Custom URL check box to enter a customer URL to launch WebEx from the dock.
-
Select the Set Up Provisioning check box to configure user provisioning to WebEx.
Next steps
Click Continue to Next Step.
WebEx Provisioning
About this task
If you don’t need to set up user provisioning, proceed to WebEx Attribute Mapping. |
If you selected Set Up Provisioning on the Connection configuration tab:
Steps
-
In PingOne, clickContinue to Next Step.
-
On the Application Configuration tab, enter the following information.
-
In the webexid field, enter your WebEx administrator user name
-
In the password field, enter the WebEx administrator user password.
-
In the siteName field, enter your WebEx subdomain.
-
Optional: In the siteid field, enter your WebEx Account Site ID value.
You can find this value on the WebEx Administration Tool page.
-
In the partnerId field, enter your WebEx Account Partner ID value.
You can find this value on the WebEx Administration Tool page.
-
Next steps
In PingOne, click Continue to Next Step.
WebEx Attribute Mapping
About this task
PingOne for Enterprise will automatically populate required SAML attributes.
For WebEx, the following attributes are required for SSO:
-
SAML_SUBJECT
. Map to the username attribute. Email address is preferred. -
SAML_AUTHN_CTX
. Select the As Literal check box. Enter a value ofurn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
.
If you enabled provisioning, the following provisioning attributes are required:
-
firstname
-
lastname
-
password
-
email
All other provisioning attributes are optional.
Steps
-
To add an additional optional attribute, click Add new attribute.
-
In the Application Attribute field, enter the attribute name as it appears in the application.
-
In the Identity Bridge Attribute or Literal Value field, choose one of the following:
Choose from:
-
To map to the application attribute: Enter or select a directory attribute.
-
To assign to the application attribute: Select As Literal, then enter a literal value.
-
-
To create advanced attribute mappings, click Advanced.
For more information, see Create advanced attribute mappings.
Next steps
Click Continue to Next Step.
WebEx Customization
Steps
-
To change the application icon, click Select image and upload a local image file.
The image file must be:
-
PNG, GIF, or JPG format
-
312 x 52 pixels maximum
-
2 MB maximum file size
Images are scaled to 64 x 64 pixels for display.
-
-
To change the name of the application displayed on the dock, in the Name field, enter a new name.
-
To change the description of the application, in the Description field, enter the new description text.
-
To change the category to which the application is assigned on the dock, in the Category list, select a category.
For information about creating custom application categories, see Creating a custom application category.
Next steps
Click Continue to Next Step.
WebEx Group Access
About this task
The Group Access tab shows every user group that you have created.
For more information about creating user groups, see Add user groups.
Steps
-
To add a group’s access to the application, on the line for that group, click Add.
-
To remove a group’s access, on the line for that group, click Remove.
-
When you’re finished assigning groups, click Continue to Next Step.
Next steps
On the Review Setup tab, review your configuration, and click Finish to add the application to your PingOne Dock.