Technology: WebEx and Collaboration
Publisher: CirQlive
The approach recommended by Cisco for large organizations for authentication into the WebEx website is by using a directory service via SAML 2.0. With this method, the organizations use a directory service (Active Directory, eDirectory, OID, OpenLDAP, etc.) which either supports SAML itself or which is connected to an external SAML Identity Provider using LDAP to bind WebEx's authentication to their own.

Once a user's browser is authenticated with the organization's portal via their Directory Service or Identity Provider (IdP), they can be automatically signed into all systems which federate with it and support Single Sign-On (SSO).   CirQlive Qonnect connects to your organization's directory service, providing your users with secure access into WebEx via SAML 2.0. CirQlive Qonnect can also connect to existing SAML Identity Providers and act as an authentication relay towards WebEx.

CirQlive Qonnect provides a secure IdP/SP for authentication into WebEx via SAML 2.0.

Directory Service Authentication

With CirQlive Qonnect IdP, users are easily and securely authenticated into the WebEx website.

  1. A user logs in to the CirQlive Qonnect IdP
  2. Qonnect verifies the user's credentials by querying the Directory Service via LDAP
  3. Qonnect signs an assertion with a Private Key and uses SAML communication to send the assertion to WebEx via the user's browser
  4. WebEx validates the signed assertion against the corresponding Public Key
  5. The user is authenticated and the WebEx site appears in the user's browser

Authentication relay towards WebEx with existing SAML Identity Providers

CirQlive Qonnect can also connect to existing SAML Identity Providers and act as an authentication relay towards WebEx. This can facilitate authentication when an alternative IdP is needed for WebEx.

  1. A user logs in to the organization's IdP
  2. The IdP verifies the user's credentials by querying the Directory Service via LDAP
  3. The institution signs an assertion with a Private Key
  4. Rather than communicating with WebEx as the SP, the IdP uses SAML communication to send the assertion via the user's browser to the Qonnect SP instead
  5. The Qonnect SP uses the corresponding Public Key from the organization's IdP to validate the assertion, and passes it on internally to the Qonnect IdP
  6. The Qonnect IdP generates a second assertion with the exact same user data and signs it using a Private Key of its own
  7. The Qonnect IdP uses SAML communication to send its assertion to WebEx via the user's browser
  8. WebEx validates the signed assertion against Qonnect's corresponding Public Key
  9. The user is authenticated and the WebEx site appears in the user's browser

Security

CirQlive Qonnect mandates certain best practices which are in many other IdPs only considered optional (for example, requiring separate keys for each Service Provider). As such, it ensures that your setup is adhering strictly to the relevant security precautions.

WebEx Account Creation via SAML

CirQlive Qonnect allows WebEx user accounts to be automatically created for users not previously seen by WebEx who are authenticating via SAML.

Easy setup with WebEx

CirQlive Qonnect is easily configured to connect to WebEx. CirQlive provides expert guidance and best practices, ensuring a short and smooth configuration process with WebEx.

Setup and Support

CirQlive provides full setup and support services.

Office Facilities US & Canada, Asia-Pacific
Support Model null
Support Coverage Hours Standard business hours
TAC Hotline +1 973-521-5563
TAC Support Alias null
TAC URL http://cirqlive.com

Compatibility

Version Verified Compatible Cisco Product Date Tested
2.0 None N/A