Using SSO with the Cisco WebEx and Cisco WebEx Meeting applications
One of the goals of the Cisco WebEx services is to provide comprehensive management of user identities for an organization. User identity management involves providing secure mechanisms for passing credentials and related information between different websites that have their own authorization and authentication systems. These mechanisms facilitate ease of use and policy controls based on the user’s role and group affiliations inside the organization.
Federated Single sign-on standards such as SAML (Security Assertion Markup Language) and WS-Federation provide such secure mechanisms for managing user identities. SAML-compliant websites exchange user credential information via SAML assertions. A SAML assertion is an XML document containing trusted statements about a subject. Typically, these trusted statements include information such as user name, contact information, and access privileges. SAML assertions are digitally signed to ensure their authenticity.
Normally, enterprises deploy a federated Identity and Access Management system (IAM) to manage user identities. These IAM systems use SAML, and WS-Federation standards for user identity management activities. Some of the more prominent enterprise-class IAM systems include CA SiteMinder, Ping Federate, and Windows Active Directory Federation Services (ADFS). These IAM systems form part of an organization's corporate intranet which handles the user authentication and single sign-on requirements for employees and partners. IAM systems use the SAML or WS-Federation protocols to interoperate with partner websites outside their firewalls. Customers, partners, and vendors can utilize their IAM systems to automatically authenticate their users to Cisco WebEx services. This will increase efficiency as users are not required to recall their username and password to use Cisco WebEx meetings.
Additionally, employees leaving an organization do not have to be explicitly disabled in external administration tools. As soon as they are removed from the customers IAM system, they are not able to authenticate against any of the Cisco WebEx services.
|Top of Page|