To reconfigure any of the General Settings or Sign-On Options, uncheck the Enable provisioning features box, and use the Previous and Next buttons to navigate through the configuration screens.
This guide provides the steps required to configure Provisioning for Webex.
The following provisioning features are supported:
Import New Users
New users created in the third party application will be downloaded and turned in to new AppUser objects, for matching against existing OKTA users.
Import Profile Updates
Push New Users
New users created through OKTA will also be created in the third party application.
Push Password Updates
Updates made to the user's password through OKTA will be pushed to the third party application.
Push Profile Updates
Updates made to the user's profile through OKTA will be pushed to the third party application.
Push User Deactivation
Deactivating the user or disabling the user's access to the application through OKTA will deactivate the user in the third party application.
Reactivating the user through Okta will reactivate the user in the 3rd party application.
Import User Schema
User schema in the third party application will be downloaded into Okta.
Before you configure provisioning for Webex, make sure you have configured the Your Webex site name under the General Settings tab:
Configure your Provisioning settings for Webex as follows:
Check the Enable API Integration box.
Enter your Webex API credentials:
Enter the Username for the admin account.
Enter the Password for the Username account above.
Select To App in the left panel, then select the Provisioning Features you want to enable:
You can now assign people to the app (if needed) and finish the application setup.
Okta does not support Webex with Spark Meet provisioning (WBS30).
Webex UD is now Generally Available for all Preview orgs. Production orgs should contact Okta Support and ask them to enable the WEBEX_ENABLE_UD feature flag.
If you want to use schema discovery for a non-UD Webex app, contact Okta Support and request that they migrate the app to UD after enabling Webex_ENABLE_UD, if applicable. See Start using Schema Discovery.
OKTA allows you to select all Webex properties in their schema, however the attributes supported in your Webex account depend on the enabled features in your account. When selecting attributes you must only select only those that are enabled for your account. Adding unsupported features can lead to errors during user provisioning. (see the Common Errors section below for examples).
Schema discovery app (new app with Webex_ENABLE_UD feature flag enabled if applicable) doesn't have Mobile Phone, Second Email, and Personal Meeting Room URL attributes. The default attributes are shown below:
To add extra attributes to a User's Profile:
In Okta, navigate to Directory > Profile Editor.
Select APPS in the left navigation pane, find your app in the list, then select Profile.
Check the list of attributes. If you decide you need more, click Add Attribute. A list of extended attributes appears.
Select the attributes you want to add (for example all address fields), then click Save.
Refresh the list of attributes to see those you have added. You can now import and push these user attributes to/from Webex:
You can set up mappings for your additional attributes as shown here:
Webex UD is now Generally Available for all Preview orgs. Production orgs should contact Okta Support and ask them to enable the WEBEX_ENABLE_UD feature flag.
OPTIONAL: Contact Okta Support them to migrate an existing app to UD.
Note: You should use the Republish Default (Additive) button during migration.
Another button will rewrite custom mappings.
After migration Mobile Phone, Second Email and Personal Meeting Room URL will became part of the custom schema:
After migration you can remove Mobile Phone, Second Email and Personal Meeting Room URL from provisioning.
Without migration these attributes are part of the base schema and cannot be removed from provisioning.
MANDATORY: Resave your Provisioning Settings:
In Okta navigate to Applications > Your Webex application.
Open the application and select the Provisioning tab.
Open API Integration settings.
Click Edit, then click Save without making any modifications:
Notes for app migrated to Schema Discovery and has SupportedServices only on user level (not for groups)
If you want to manage SupportedServices for groups, follow the steps below:
This attribute can be applied only when you're making a user update. This is a Webex API limitation, so all created users will be populated with a PersonalUrl value generated by Webex. Following that, Okta can update this value.
Personal Room URL
This attribute is now part of the Schema Discovery. To add this attribute to new apps after September 2018, see Schema Discovery.
Recently we've added support for pushing the Personal Room URL attribute for users in Webex. This change will be applied automatically if you create your Webex application after 9th of January 2018.
If you have existing and configured Webex app before this date, but want to use this functionality, you need to perform the following steps:
Navigate to Directory > Profile Editor:
Search for your Webex app, then click Profile:
Click Add Attribute:
Add the following property: personalUrl.
Make sure you copy this value and enter it in the Variable name field.
Check the User personal checkbox.
Navigate to Mappings:
You will now see the personalUrl property in the list and you can use Okta expression language map it to your required string. There are some limitations: Max length is 64 chars, can include only alphanumeric chars and _ - . (underscore, dash and dot):
User limit exceeded for Session Type:
To address this error, change the mapped value to only contain alphanumeric characters and/or to be under 64 characters in length.
Can't set field (for Schema Discovery enabled application):
To address this error, check the field value with the error, for example, timeZoneID. This error occurs when the field has the wrong value. You can see correct value types in Webex API Documentation.
Attribute X needs to be Y (for Schema Discovery enabled application)
To address this error, check that you are only mapping attributes for features enabled in your tenant. In this example remove the numAgentSession property or enable the feature in Webex that supports this attribute.
Although the Primary Phone attribute does not appear in the mapping (Profile page), when pushing updates to users, Okta sets both the Mobile Phone and Primary Phone attributes.
If you set session types in Okta, and it doesn't change Webex, you need to set SupportedServices to true/false according to Webex specification. You should enable Schema Discovery for Webex (see Start using Schema Discovery) and add them in Profile Editor to manage it from Okta.
The following attributes are supported:
|Name||Description||tspAccountTollFreeCallInNumber||PersonalTeleconf: toll free call in number||tspAccountAccountIndex||PersonalTeleconf: specifies the personal telephony account||tspAccountTollCallInNumber||PersonalTeleconf: call in number||tspAccountSubscriberAccessCode||PersonalTeleconf: the teleconferencing subscriber access code||tspAccountParticipantAccessCode||PersonalTeleconf: participant access code||tspAccountCreateOnBridge||PersonalTeleconf: create on bridge||tspAccountDefaultFlag||PersonalTeleconf: determines if the account is to be used as the default account||tspAccountCustom1||PersonalTeleconf: custom value 1||tspAccountCustom2||PersonalTeleconf: custom value 2||tspAccountCustom3||PersonalTeleconf: custom value 3||tspAccountTollFreeCallInData||PersonalTeleconf: toll free call in data||tspAccountTollCallInData||PersonalTeleconf: toll call in data||tspAccountNbrDialOut||PersonalTeleconf: dial out number||title||User's title||categoryId||A reference to the office category for the user’s office||description||A description of the user’s virtual office||officeGreeting||Office Greeting||company||The user’s company name||addressAddressType||Address type||addressAddress1||First line of address||addressAddress2||Second line of address||addressCity||City||addressState||State||addressZipCode||Zip or postal code||addressCountry||Country||phonesPhone2||Indicates the second phone number for the user||phonesMobilePhone2||The attendee’s second mobile phone number||phonesPager||The user’s Office Profile pager number||phonesPhone||Office phone||phonesMobilePhone||The attendee’s mobile phone number||phonesFax||The contact’s fax number||email2||The second email address of the user||officeurl||Office url||passwordHint||The question for which passwordHintAnswer is an answer for the user||passwordHintAnswer||The answer to the passwordHint for the user||personalUrl||The user’s website||expirationDate||The date and time after which a meeting that was set to automatically repeat stops repeating||commOptionsProdAnnounce||Indicates product/service announcements||commOptionsTrainingInfo||Indicates training information||commOptionsElectronicInfo||Indicates electronic information||commOptionsPromos||Indicates promotions and special offers||commOptionsPress||Indicates press releases||commOptionsEmail||Indicates email||commOptionsFax||Indicates fax||commOptionsPhone||Indicates phone||commOptionsMail||Indicates mail||optionsFirstNameVisible||Toggles the first name of the user||optionsLastNameVisible||Toggles the last name of the user||optionsAddressVisible||Toggles the address for the user||optionsWorkPhoneVisible||Toggles the work phone number for the user||optionsCellPhoneVisible||Toggles the cell phone number for the user||optionsPagerVisible||Toggles the pager number for the user||optionsFaxVisible||Toggles the fax number for the user||optionsOfficeUrlVisible||Toggles the URL for the user office||optionsPictureVisible||Toggles the pictures of the user office||optionsNotifyOnNewMessage||Toggles the feature of notification upon new messages’ arrival||optionsNotifyOnMeeting||Toggles the feature of notification upon the meeting’s start time||optionsFollowMeEnable||Toggles the follow-me wizard for the meeting||optionsEmailVisible||Toggles the feature of displaying email addresses||optionsListInCategory||Toggles the feature of listing in categories||optionsTitleVisible||Toggles the feature of displaying the user’s title||optionsFolderRead||Toggles the read accessibility of the folder||optionsFolderWrite||Toggles the write accessibility of the folder||optionsMessageVisible||Toggles the feature of displaying messages||optionsIconSelect1||Toggles the feature of selecting icons 1||optionsIconSelect2||Toggles the feature of selecting icons 1||optionsAcceptLinkRequest||Toggles the feature of accepting link requests||optionsHoldOnLinkRequest||Toggles the feature of holding on link requests||optionsNotifyOnLinkRequest||Toggles the feature of notifying on link request||optionsSupportVideo||Toggles the feature of supporting video for the meeting||optionsSupportApp||Toggles the feature of supporting applications||optionsSupportFileShare||Toggles the feature of supporting file sharing||optionsSupportDesktopShare||Toggles the feature of supporting desktop sharing||optionsSupportMeetingRecord||Toggles the feature of supporting meeting recording||optionsSupportAppshareRemote||Toggles the feature of supporting remote application sharing||optionsSupportWebTourRemote||Toggles the feature of supporting remote web tour||optionsSupportDesktopShareRemote||Indicates whether remote desktop sharing is supported for meetings of this type||optionsSubscriptionOffice||Toggles the feature of subscription office||optionsIsEnableCET||Is CET Enabled||optionsWorkPhoneCallback||Work phone callback||optionsCellPhoneCallback||Cell phone callback||optionsFaxCallback||Fax callback||optionsPagerCallback||Pager callback||timeZoneID||Determines the time zone for the geographic location of the meeting||timeZone||Determines the time zone for the geographic location of the user or user’s office||timeZoneWithDST||A timezone description which is adjusted by DST||trackingTrackingCode1||Tracking code 1||trackingTrackingCode2||Tracking code 2||trackingTrackingCode3||Tracking code 3||trackingTrackingCode4||Tracking code 4||trackingTrackingCode5||Tracking code 5||trackingTrackingCode6||Tracking code 6||trackingTrackingCode7||Tracking code 7||trackingTrackingCode8||Tracking code 8||trackingTrackingCode9||Tracking code 9||trackingTrackingCode10||Tracking code 10||service||The type of service that the user has||privilegeHost||Indicates whether the user can be a host for the meeting||privilegeTeleConfCallOut||Indicates whether conference calling out of meetings is supported for the user||privilegeTeleConfCallOutInternational||Indicates whether international calling out of meetings is supported for the meeting||privilegeTeleConfCallIn||Indicates whether conference calling into meetings is supported for the meeting||privilegeTeleConfTollFreeCallIn||Indicates whether toll-free calling into meetings is supported for the user||privilegeSiteAdmin||Indicates whether the user has administrative privilege for the meeting||privilegeVoiceOverIp||Indicates voice communications over Internet protocols is supported for the meeting||privilegeRoSiteAdmin||Indicates whether the current user is a site administrator with view only privilege||privilegeLabAdmin||If TRUE, then user has access to the Hands-on Lab administration pages||privilegeOtherTelephony||Specifies whether a user account has the privilege to schedule a session with “other teleconferencing” feature enabled||privilegeTeleConfCallInInternational||Allows a user to access WebEx teleconferencing via international local call-in telephone numbers||privilegeAttendeeOnly||If TRUE, then indicates that the user’s role is attendee only||privilegeRecordingEditor||Indicates whether a user has the privilege to download WebEx Recording Editor from My WebEx Support||privilegeMeetingAssist||Privilege meeting assist||privilegeHQvideo||HQ video||privilegeAllowExtAttendees||Allow external attendees||privilegeHDvideo||HD video||privilegeIsEnableCET||Enable CET||privilegeIsEnablePMR||Enable PMR||privilegeTeleCLIAuthEnabled||Tele CLI Auth Enabled||privilegeTeleCLIPINEnabled||Tele CLI PIN Enabled||language||Sets the preferred language for the user||locale||Holds user locale information||schedulingPermission||Scheduling Permission||supportedServicesMeetingCenter||If TRUE, enables Webex Meetings service for the user||supportedServicesTrainingCenter||If TRUE, enables Webex Training service for the user||supportedServicesSupportCenter||If TRUE, enables Webex Support service for the user||supportedServicesEventCenter||If TRUE, enables Webex Events service for the user||supportedServicesSalesCenter||Enables the Sales Center service if available on the site for the user||myWebExIsMyWebExPro||If TRUE, then user has access to additional My WebEx Pro features||myWebExMyContact||Enables the My WebEx, My Contacts feature for the user||myWebExMyProfile||Enables the My WebEx, My Profile feature for the user||myWebExMyMeetings||Enables the My WebEx, My Meetings feature for the user||myWebExMyFolders||Enables the My WebEx, My Folders feature for the user||myWebExTrainingRecordings||Enables the My WebEx, My Files: Training Recordings feature for the user||myWebExRecordedEvents||Enables the My WebEx, My Files: Recorded Events feature for the user||myWebExTotalStorageSize||Default My WebEx file storage size for the user||myWebExMyReports||Enables the My WebEx, My Reports feature for the user||myWebExMyComputer||Enables the My WebEx, Access Anywhere feature and sets the number of Access Anywhere computers for the user||myWebExPersonalMeetingRoom||Enables the My WebEx, Personal Meetings Page feature for the user||myWebExMyPartnerLinks||Indicates whether the partner links for a host are displayed in My WebEx||myWebExMyWorkspaces||Defines whether or not My Workspaces is enabled for WebOffice integration||myWebExAdditionalRecordingStorage||Additional recording storage||personalMeetingRoomWelcomeMessage||PMR welcome message||personalMeetingRoomPhotoURL||PMR Photo URL||personalMeetingRoomHeaderImageBranding||PMR header image branding||personalMeetingRoomHeaderImageURL||PMR header image URL||personalMeetingRoomURL||PMR URL||personalMeetingRoomSipURL||PMR SIP URL||personalMeetingRoomAccessCode||PMR access code||personalMeetingRoomHostPIN||PMR host PIN||personalMeetingRoomPilotNumber||PMR pilot number||personalMeetingRoomHeaderImageURL||PMR header image URL||personalMeetingRoomApplyPMRForInstantMeeting||Apply PMR for instant meeting||personalMeetingRoomPmrAutoLock||PMR auto lock||personalMeetingRoomPmrAutoLockWaitTime||PMR auto lock wait time||sessionOptionsDefaultSessionType||Session info of a Default session type||sessionOptionsDefaultServiceType||Service info of a Default session type||sessionOptionsAutoDeleteAfterMeetingEnd||Automatically deletes the meeting from calender after this user's meeting ends||sessionOptionsDisplayQuickStartHost||Determines whether or not to show QuickStart to the Host and the Presenter||sessionOptionsDisplayQuickStartAttendees||Determines whether or not to show QuickStart to the Attendees||mpProfileNumber||Profile number||securityForceChangePassword||Determines if a user is forced to change their password on their next login||securityResetPassword||Resets the user’s password to a random string and notifies the user of the change||securityLockAccount||Prevents a user from being able to login||languageID||The ID of a language in the database||webACDPrefsNumAgentSessions||The number of agent sessions allowed||webACDPrefsAgentMonitorAllRSQueues||A agent who can monitor queues and agents||webACDPrefsManagerMonitorAllRSQueues||A manager who can monitor queues and agents||webACDPrefsMonitorAllRSAgents||A manager who can monitor agents||webACDPrefsIsAgent||Determines if a user is considered an agent||webACDPrefsIsMgr||Determines if a user is considered a manager|