WebEx Certificate Management
Used as a management tool for Organization Administrators to create service provider certificates, this tool is used for SP-initiated situations. A self-signed certificate by Cisco WebEx will be generated and will require upload to the IAM system. Certificates are generated:
- for signing the AuthnRequest
- for SAML assertion encryption
- to enable Single Logout
A self signed certificate or a certificate authority will have been previously generated and made available for import. Administrators can select which to apply to the organization.
- Select WebEx Certificate Management to open the WebEx Certificate Management dialog box displaying previously generated Cisco WebEx certificates.
- To generate a new certificate, select Generate New Certificate. New certificates are typically generated when an existing certificate is about to expire.
- In the WebEx Certificate Management dialog box, enter the following information:
An alias that identifies the WebEx Certificate.
The number of days the WebEx Certificate is valid. A WebEx Certificate is valid for a minimum of 90 days and maximum of 3652 days.
- Select a Certificate Alias to view the complete details of the generated certificate.
- In the generated certificate screen, select:
- Remove: to delete the certificate. Active certificates cannot be removed.
- Export: to export and save the certificate as a
.cer file to your computer.
- Select Close to return to the WebEx Certificate Management screen.
- Select the Active option to apply this (newly-generated) WebEx Certificate as the active certificate for single sign-on related authentication purposes.
- Select Save to save your WebEx Certificate changes and return to the SSO Related Options screen.
- Import the active Cisco WebEx certificate to the IdP.
Partner Delegated Authentication
When to configure partner delegate authentication?
Partner delegation allows administrators to setup up a single user name and password authentication sign on page for partner applications. Administrators should use this functionality to increase security and reduce multiple sign on and password requirements, eliminating the need for users to track multiple sign on credentials.
Requirements for partner delegated authentication
A trust must be established between a customer and a partner. The partner acts on behalf of its customer’s user to log on to the Cisco WebEx service via the partner route. Partner Delegated Authentication consists of the following attributes used to build trusted and consented relationships:
- Customer and Cisco WebEx service (trust)
- Partner and Cisco WebEx service (trust)
- Customer and Partner (trust and consent)
Configuring partner delegated authentication
- Use WebEx Certificate Management to upload the certificate.
- Use Partner Web SSO Configuration to configure SAML 2.0 settings.
- Select Partner Delegated Authentication to display the dialog for an administrator whose organization is not “Delegated Authentication”.
- Trust the partner to act as member or member plus an organization administrator
- Set the corresponding NameID field.