McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 17

↗ View in doc context
page
17
source
cucm/v15/saml-sso/saml-sso.md
chunk_id
cucm::v15::saml-sso::saml-sso::13

To support SAML SSO for Cisco Unified OS Administration and Disaster Recovery System, the Level 4 administrator creates the Level 0 and Level 1 administrators in the active directory. The Level 4 administrator adds the platform administrators in all the nodes of a cluster. With this addition, the platform administrators are synchronized between the active directory and the platform database. While configuring users in platform database, the administrator must configure the uid value for the user. Cisco Unified OS Administration and Disaster Recovery System applications use the uid value to authorize a user. The IdP server authenticates their credentials against the active directory server and sends a SAML response. After authentication, Unified Communications Manager authorizes the users from the platform database using the uid value. For details on uid value, see Configure Unique Identification Value for Platform Users, on page 7 procedure. If SAML SSO is enabled for the existing release and you upgrade from earlier release to the new release, the SAML SSO support is available for Unified OS Administration and Disaster Recovery System applications in the new release. The SAML SSO support for these applications is also enabled when you enable SAML SSO for any Unified Communications Manager web applications. To enable the SAML SSO support for the new release, see the SAML SSO Enablement topic from the SAML SSO Deployment Guide for Cisco Unified Communications Applications at http://www.cisco.com/c/en/us/support/unified-communications/ unified-communications-manager-callmanager/products-maintenance-guides-list.html. When SAML SSO support is enabled for a Unified Communications Manager administrator, it is applicable across the cluster. However, for the Cisco Unified OS Administration and Disaster Recovery System applications, each platform administrator is specific to a node and these user details are not replicated across the cluster. So, each platform user is created in each subscriber node of a cluster. Note Configure Unique Identification Value for Platform Users The unique identification (UID) value is used to authorize a platform user to do SSO login on platform pages. The Level 4 administrator can configure this value for platform administrators in one of the following ways: • While creating the platform users by using the set account name command on the CLI. • While updating the existing uid value. For details, see the set account name and set account ssouidvalue commands in the Command Line Interface Reference Guide for Cisco Unified Communications Solutions. Note Recovery URL Sign-in Option for Cisco Unified OS Administration With this release, platform administrators can access Cisco Unified OS Administration either by signing in to one of the SAML SSO-enabled applications or by using the recovery URL option. This option is available as Recovery URL to bypass Single Sign On link on the main page of the SSO-enabled nodes. Platform users can sign in to Cisco Unified OS Administration if they have Recovery URL access. SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 7 SAML-Based SSO Solution Configure Unique Identification Value for Platform Users