Okta

Configuring Provisioning for Webex

This guide provides the steps required to configure Provisioning for Webex.


Contents


Features

The following provisioning features are supported:


Requirements

Before you configure provisioning for Webex, make sure you have configured the Your Webex site name under the General Settings tab:

webex1.png” /></p>
</li>
<hr>

<a name=

Configuration Steps

  1. Configure your Provisioning settings for Webex as follows:

    • Check the Enable API Integration box.

    • Enter your Webex API credentials:

      • Enter the Username for the admin account.

      • Enter the Password for the Username account above.

    webexprovisioning1.png

  2. Select To App in the left panel, then select the Provisioning Features you want to enable:

    webexprovisioning2.png

  3. Click Save.

  4. You can now assign people to the app (if needed) and finish the application setup.



Note

Okta does not support Webex with Spark Meet provisioning (WBS30).


Schema Discovery

Notes

Webex UD is now Generally Available for all Preview orgs. Production orgs should contact Okta Support and ask them to enable the WEBEX_ENABLE_UD feature flag.


Schema Discovery for new app instances

If you want to use schema discovery for a non-UD Webex app, contact Okta Support and request that they migrate the app to UD after enabling Webex_ENABLE_UD, if applicable. See Start using Schema Discovery.



Schema Discovery limitations

OKTA allows you to select all Webex properties in their schema, however the attributes supported in your Webex account depend on the enabled features in your account. When selecting attributes you must only select only those that are enabled for your account. Adding unsupported features can lead to errors during user provisioning. (see the Common Errors section below for examples).

Schema discovery app (new app with Webex_ENABLE_UD feature flag enabled if applicable) doesn't have Mobile Phone, Second Email, and Personal Meeting Room URL attributes. The default attributes are shown below:

webexschema1.png

To add extra attributes to a User's Profile:

  1. In Okta, navigate to Directory > Profile Editor.

  2. Select APPS in the left navigation pane, find your app in the list, then select Profile.

  3. Check the list of attributes. If you decide you need more, click Add Attribute. A list of extended attributes appears.

  4. Select the attributes you want to add (for example all address fields), then click Save.

  5. webexschema2.png

Refresh the list of attributes to see those you have added. You can now import and push these user attributes to/from Webex:

webexschema3.png

You can set up mappings for your additional attributes as shown here:

webexschema4.png

webexschema5.png


Start using Schema Discovery

  1. Webex UD is now Generally Available for all Preview orgs. Production orgs should contact Okta Support and ask them to enable the WEBEX_ENABLE_UD feature flag.

  2. OPTIONAL: Contact Okta Support them to migrate an existing app to UD.

    Note: You should use the Republish Default (Additive) button during migration.

    webexschema6.png

    Another button will rewrite custom mappings.

    After migration Mobile Phone, Second Email and Personal Meeting Room URL will became part of the custom schema:

    webexschema7.png

  3. After migration you can remove Mobile Phone, Second Email and Personal Meeting Room URL from provisioning.

    Without migration these attributes are part of the base schema and cannot be removed from provisioning.

    webexschema8.png

  4. MANDATORY: Resave your Provisioning Settings:

    1. In Okta navigate to Applications > Your Webex application.

    2. Open the application and select the Provisioning tab.

    3. Open API Integration settings.

    4. Click Edit, then click Save without making any modifications:

    5. webexschema9.png

Notes for app migrated to Schema Discovery and has SupportedServices only on user level (not for groups)

If you want to manage SupportedServices for groups, follow the steps below:

  1. If you have SupportedServices in your schema then go to the Profile Editor and remove them:

    webexschema10.png

  2. Navigate to the Application tab and click More > Refresh Application Data:

    webexschema11.png

  3. Navigate to the Profile Editor, click Add Attributes, then in the popup dialog, select the flags for SupportedServices that were removed in step 1, then click Save:

    webexschema12.png


  4. Custom Attributes Notes

    PersonalURL

    This attribute can be applied only when you're making a user update. This is a Webex API limitation, so all created users will be populated with a PersonalUrl value generated by Webex. Following that, Okta can update this value.

    Personal Room URL

    This attribute is now part of the Schema Discovery. To add this attribute to new apps after September 2018, see Schema Discovery.

    Recently we've added support for pushing the Personal Room URL attribute for users in Webex. This change will be applied automatically if you create your Webex application after 9th of January 2018.

    If you have existing and configured Webex app before this date, but want to use this functionality, you need to perform the following steps:

    1. Navigate to Directory > Profile Editor:

      webex_new_a.png

    2. Search for your Webex app, then click Profile:

      webex_new_b.png

    3. Click Add Attribute:

      webex_new_c.png

    4. Add the following property: personalUrl.

      • Make sure you copy this value and enter it in the Variable name field.

      • Check the User personal checkbox.

      • Click Save:

      webex_new_d.png

    5. Navigate to Mappings:

      webex_new_e.png

    6. You will now see the personalUrl property in the list and you can use Okta expression language map it to your required string. There are some limitations: Max length is 64 chars, can include only alphanumeric chars and _ - . (underscore, dash and dot):

      webex_new_f.png


    7. Troubleshooting

      Common Errors

      • User limit exceeded for Session Type:

        webex4.png” /></p>
<p>To address this error, either extend your license limits or unassign other user(s) from the desired session type.</p>
</li>

<li><p><strong>Personal Room URL</strong> property contains restricted characters or is longer than 64 chars:</p>
<p><img style=

        To address this error, change the mapped value to only contain alphanumeric characters and/or to be under 64 characters in length.

      • Can't set field (for Schema Discovery enabled application):

        webexschema13.png

        To address this error, check the field value with the error, for example, timeZoneID. This error occurs when the field has the wrong value. You can see correct value types in Webex API Documentation.

      • Attribute X needs to be Y (for Schema Discovery enabled application)

        webexschema14.png

        To address this error, check that you are only mapping attributes for features enabled in your tenant. In this example remove the numAgentSession property or enable the feature in Webex that supports this attribute.

      Tips

      • Although the Primary Phone attribute does not appear in the mapping (Profile page), when pushing updates to users, Okta sets both the Mobile Phone and Primary Phone attributes.

      • If you set session types in Okta, and it doesn't change Webex, you need to set SupportedServices to true/false according to Webex specification. You should enable Schema Discovery for Webex (see Start using Schema Discovery) and add them in Profile Editor to manage it from Okta.

        webexschema15.png


      Supported Attributes

      The following attributes are supported:

        Name Description
        tspAccountTollFreeCallInNumberPersonalTeleconf: toll free call in number
        tspAccountAccountIndexPersonalTeleconf: specifies the personal telephony account
        tspAccountTollCallInNumberPersonalTeleconf: call in number
        tspAccountSubscriberAccessCodePersonalTeleconf: the teleconferencing subscriber access code
        tspAccountParticipantAccessCodePersonalTeleconf: participant access code
        tspAccountCreateOnBridgePersonalTeleconf: create on bridge
        tspAccountDefaultFlagPersonalTeleconf: determines if the account is to be used as the default account
        tspAccountCustom1PersonalTeleconf: custom value 1
        tspAccountCustom2PersonalTeleconf: custom value 2
        tspAccountCustom3PersonalTeleconf: custom value 3
        tspAccountTollFreeCallInDataPersonalTeleconf: toll free call in data
        tspAccountTollCallInDataPersonalTeleconf: toll call in data
        tspAccountNbrDialOutPersonalTeleconf: dial out number
        titleUser's title
        categoryIdA reference to the office category for the user’s office
        descriptionA description of the user’s virtual office
        officeGreetingOffice Greeting
        companyThe user’s company name
        addressAddressTypeAddress type
        addressAddress1First line of address
        addressAddress2Second line of address
        addressCityCity
        addressStateState
        addressZipCodeZip or postal code
        addressCountryCountry
        phonesPhone2Indicates the second phone number for the user
        phonesMobilePhone2The attendee’s second mobile phone number
        phonesPagerThe user’s Office Profile pager number
        phonesPhoneOffice phone
        phonesMobilePhoneThe attendee’s mobile phone number
        phonesFaxThe contact’s fax number
        email2The second email address of the user
        officeurlOffice url
        passwordHintThe question for which passwordHintAnswer is an answer for the user
        passwordHintAnswerThe answer to the passwordHint for the user
        personalUrlThe user’s website
        expirationDateThe date and time after which a meeting that was set to automatically repeat stops repeating
        commOptionsProdAnnounceIndicates product/service announcements
        commOptionsTrainingInfoIndicates training information
        commOptionsElectronicInfoIndicates electronic information
        commOptionsPromosIndicates promotions and special offers
        commOptionsPressIndicates press releases
        commOptionsEmailIndicates email
        commOptionsFaxIndicates fax
        commOptionsPhoneIndicates phone
        commOptionsMailIndicates mail
        optionsFirstNameVisibleToggles the first name of the user
        optionsLastNameVisibleToggles the last name of the user
        optionsAddressVisibleToggles the address for the user
        optionsWorkPhoneVisibleToggles the work phone number for the user
        optionsCellPhoneVisibleToggles the cell phone number for the user
        optionsPagerVisibleToggles the pager number for the user
        optionsFaxVisibleToggles the fax number for the user
        optionsOfficeUrlVisibleToggles the URL for the user office
        optionsPictureVisibleToggles the pictures of the user office
        optionsNotifyOnNewMessageToggles the feature of notification upon new messages’ arrival
        optionsNotifyOnMeetingToggles the feature of notification upon the meeting’s start time
        optionsFollowMeEnableToggles the follow-me wizard for the meeting
        optionsEmailVisibleToggles the feature of displaying email addresses
        optionsListInCategoryToggles the feature of listing in categories
        optionsTitleVisibleToggles the feature of displaying the user’s title
        optionsFolderReadToggles the read accessibility of the folder
        optionsFolderWriteToggles the write accessibility of the folder
        optionsMessageVisibleToggles the feature of displaying messages
        optionsIconSelect1Toggles the feature of selecting icons 1
        optionsIconSelect2Toggles the feature of selecting icons 1
        optionsAcceptLinkRequestToggles the feature of accepting link requests
        optionsHoldOnLinkRequestToggles the feature of holding on link requests
        optionsNotifyOnLinkRequestToggles the feature of notifying on link request
        optionsSupportVideoToggles the feature of supporting video for the meeting
        optionsSupportAppToggles the feature of supporting applications
        optionsSupportFileShareToggles the feature of supporting file sharing
        optionsSupportDesktopShareToggles the feature of supporting desktop sharing
        optionsSupportMeetingRecordToggles the feature of supporting meeting recording
        optionsSupportAppshareRemoteToggles the feature of supporting remote application sharing
        optionsSupportWebTourRemoteToggles the feature of supporting remote web tour
        optionsSupportDesktopShareRemoteIndicates whether remote desktop sharing is supported for meetings of this type
        optionsSubscriptionOfficeToggles the feature of subscription office
        optionsIsEnableCETIs CET Enabled
        optionsWorkPhoneCallbackWork phone callback
        optionsCellPhoneCallbackCell phone callback
        optionsFaxCallbackFax callback
        optionsPagerCallbackPager callback
        timeZoneIDDetermines the time zone for the geographic location of the meeting
        timeZoneDetermines the time zone for the geographic location of the user or user’s office
        timeZoneWithDSTA timezone description which is adjusted by DST
        trackingTrackingCode1Tracking code 1
        trackingTrackingCode2Tracking code 2
        trackingTrackingCode3Tracking code 3
        trackingTrackingCode4Tracking code 4
        trackingTrackingCode5Tracking code 5
        trackingTrackingCode6Tracking code 6
        trackingTrackingCode7Tracking code 7
        trackingTrackingCode8Tracking code 8
        trackingTrackingCode9Tracking code 9
        trackingTrackingCode10Tracking code 10
        serviceThe type of service that the user has
        privilegeHostIndicates whether the user can be a host for the meeting
        privilegeTeleConfCallOutIndicates whether conference calling out of meetings is supported for the user
        privilegeTeleConfCallOutInternationalIndicates whether international calling out of meetings is supported for the meeting
        privilegeTeleConfCallInIndicates whether conference calling into meetings is supported for the meeting
        privilegeTeleConfTollFreeCallInIndicates whether toll-free calling into meetings is supported for the user
        privilegeSiteAdminIndicates whether the user has administrative privilege for the meeting
        privilegeVoiceOverIpIndicates voice communications over Internet protocols is supported for the meeting
        privilegeRoSiteAdminIndicates whether the current user is a site administrator with view only privilege
        privilegeLabAdminIf TRUE, then user has access to the Hands-on Lab administration pages
        privilegeOtherTelephonySpecifies whether a user account has the privilege to schedule a session with “other teleconferencing” feature enabled
        privilegeTeleConfCallInInternationalAllows a user to access WebEx teleconferencing via international local call-in telephone numbers
        privilegeAttendeeOnlyIf TRUE, then indicates that the user’s role is attendee only
        privilegeRecordingEditorIndicates whether a user has the privilege to download WebEx Recording Editor from My WebEx Support
        privilegeMeetingAssistPrivilege meeting assist
        privilegeHQvideoHQ video
        privilegeAllowExtAttendeesAllow external attendees
        privilegeHDvideoHD video
        privilegeIsEnableCETEnable CET
        privilegeIsEnablePMREnable PMR
        privilegeTeleCLIAuthEnabledTele CLI Auth Enabled
        privilegeTeleCLIPINEnabledTele CLI PIN Enabled
        languageSets the preferred language for the user
        localeHolds user locale information
        schedulingPermissionScheduling Permission
        supportedServicesMeetingCenterIf TRUE, enables Webex Meetings service for the user
        supportedServicesTrainingCenterIf TRUE, enables Webex Training service for the user
        supportedServicesSupportCenterIf TRUE, enables Webex Support service for the user
        supportedServicesEventCenterIf TRUE, enables Webex Events service for the user
        supportedServicesSalesCenterEnables the Sales Center service if available on the site for the user
        myWebExIsMyWebExProIf TRUE, then user has access to additional My WebEx Pro features
        myWebExMyContactEnables the My WebEx, My Contacts feature for the user
        myWebExMyProfileEnables the My WebEx, My Profile feature for the user
        myWebExMyMeetingsEnables the My WebEx, My Meetings feature for the user
        myWebExMyFoldersEnables the My WebEx, My Folders feature for the user
        myWebExTrainingRecordingsEnables the My WebEx, My Files: Training Recordings feature for the user
        myWebExRecordedEventsEnables the My WebEx, My Files: Recorded Events feature for the user
        myWebExTotalStorageSizeDefault My WebEx file storage size for the user
        myWebExMyReportsEnables the My WebEx, My Reports feature for the user
        myWebExMyComputerEnables the My WebEx, Access Anywhere feature and sets the number of Access Anywhere computers for the user
        myWebExPersonalMeetingRoomEnables the My WebEx, Personal Meetings Page feature for the user
        myWebExMyPartnerLinksIndicates whether the partner links for a host are displayed in My WebEx
        myWebExMyWorkspacesDefines whether or not My Workspaces is enabled for WebOffice integration
        myWebExAdditionalRecordingStorageAdditional recording storage
        personalMeetingRoomWelcomeMessagePMR welcome message
        personalMeetingRoomPhotoURLPMR Photo URL
        personalMeetingRoomHeaderImageBrandingPMR header image branding
        personalMeetingRoomHeaderImageURLPMR header image URL
        personalMeetingRoomURLPMR URL
        personalMeetingRoomSipURLPMR SIP URL
        personalMeetingRoomAccessCodePMR access code
        personalMeetingRoomHostPINPMR host PIN
        personalMeetingRoomPilotNumberPMR pilot number
        personalMeetingRoomHeaderImageURLPMR header image URL
        personalMeetingRoomApplyPMRForInstantMeetingApply PMR for instant meeting
        personalMeetingRoomPmrAutoLockPMR auto lock
        personalMeetingRoomPmrAutoLockWaitTimePMR auto lock wait time
        sessionOptionsDefaultSessionTypeSession info of a Default session type
        sessionOptionsDefaultServiceTypeService info of a Default session type
        sessionOptionsAutoDeleteAfterMeetingEndAutomatically deletes the meeting from calender after this user's meeting ends
        sessionOptionsDisplayQuickStartHostDetermines whether or not to show QuickStart to the Host and the Presenter
        sessionOptionsDisplayQuickStartAttendeesDetermines whether or not to show QuickStart to the Attendees
        mpProfileNumberProfile number
        securityForceChangePasswordDetermines if a user is forced to change their password on their next login
        securityResetPasswordResets the user’s password to a random string and notifies the user of the change
        securityLockAccountPrevents a user from being able to login
        languageIDThe ID of a language in the database
        webACDPrefsNumAgentSessionsThe number of agent sessions allowed
        webACDPrefsAgentMonitorAllRSQueuesA agent who can monitor queues and agents
        webACDPrefsManagerMonitorAllRSQueuesA manager who can monitor queues and agents
        webACDPrefsMonitorAllRSAgentsA manager who can monitor agents
        webACDPrefsIsAgentDetermines if a user is considered an agent
        webACDPrefsIsMgrDetermines if a user is considered a manager