<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D50Z00008G7UvGSAVOkta Classic EngineSingle Sign-OnAnswered2024-04-17T13:20:54.000Z2016-03-17T17:58:01.000Z2018-08-12T04:16:10.000Z

  • Chris Dodds (Customer)

    We have it working. It's pretty clean on the user side, but a bit messy otherwise. Honestly, Cisco's SAML support sucks and we could never find anyone @ Cisco or Webex Connect that knew how it worked.

     

    A few issues w/ workarounds:

     

    1. You can't edit attributes on the Cisco side if SAML is enabled. Which is fine, except you can't set the user cluster via SAML. So users have to click the Jabber chiclet in Okta for their account to be created and then we have to go in after the fact and assign their cluster.

     

    2. We also had to push a custom attribute for "last_updated" (or something similar) or SAML provisioning would fail. Easy fix, but not documented anywhere that we could find.

     

    Otherwise, it's a standard SAML config.

    Expand Post

  • m4szs (m4szs)

    Chris, I appreciate the response.  If you don’t mind, I would like to ask you a few questions on how you went about configuring your Jabber to integrate with Okta.

     

    First question:

    Because Jabber is not part of the Okta Application Network, we used the Create New App wizard.

    Is that how you set yours up?

     

    I noticed that you mention SAML provisioning fails.  When using the Create New App wizard, we do not see the Provisioning tab as available.  Did you take another approach?

    Expand Post

  • Chris Dodds (Customer)

    The provisioning is done through the SAML assertion.

  • m4szs (m4szs)

    Thank you very much for your sharing this configuration information.  We are looking at it now to see if we can get our Jabber working.

  • m4szs (m4szs)

    Thanks again Chris.  We got it working with your help.

  • ct66v (ct66v)

    Did you get the Jabber Call Working (P2P)? we got Jabber working with Okta but Jabber call is not working.

  • ppcll (ppcll)

    For future reference the custom 'updateTimeStamp' attribute is required for auto update to work with Jabber user profiles.  We created a custom attribute on the Okta profile for this and push it dynamically whenever a user profile is updated from our external data source.  We spoke with Okta to see if we could use the 'lastUpdated' value from their API but it is not able to be mapped in a SAML assertion.

     

    More info:

     

    http://www.cisco.com/c/en/us/td/docs/collaboration/webex-connect/Messenger_Administration_Guide/WebEx_BK_C9864D4C_00_cisco-webex-messenger-administration-guide_chapter_011.html#ID-2140-00000a53

     

    Specify the “updateTimeStamp” attribute in the SAML assertion and check this field to update an existing user account.

    The “updateTimeStamp” value is the last update time of a user’s profile in the customer’s Identity store. For example, in Active Directory, the “whenChanged” attribute has this value. If “updateTimeStamp” is not in the attribute, the user profile would not be updated since the last update. It updates the first time when the user profile is updated via Auto Account Update or Auto Account Creation.

    Unchecked indicates no updates will occur.
    Expand Post
This question is closed.
Loading
Has anyone integrated Cisco Jabber with OKTA?