McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 18

↗ View in doc context
page
18
source
cucm/v15/saml-sso/saml-sso.md
chunk_id
cucm::v15::saml-sso::saml-sso::14

If you only enable SSO and not the Recovery URL, and an authenticating user has insufficient access privileges they will only receive a 403 Error (Access Denied Response). However, if you enable Recovery URL, the error occurrence will redirect an authenticating user to the Recovery URL page. Note The Level 4 administrator configures the recovery URL sign-in option for platform users. The administrator can enable this option while the platform administrators are being created through CLI or when their details are being updated using the CLI command. For details on the CLI commands for recovery URL login for new and existing platform administrators, see the set account ssorecoveryurlaccess command in the Command Line Interface Reference Guide for Cisco Unified Communications Solutions. By default, the Recovery URL to bypass Single Sign On link is enabled for the Level 4 administrator. This link is enabled for the platform administrators Level 0 and Level 1 in case of upgrade from earlier release to the new release. Note Software Requirements The SAML SSO feature requires the following software components: • Cisco Unified Communications applications, release 10.0(1) or later. • An LDAP server that is trusted by the IdP server and supported by Cisco Unified Communications applications. • An IdP server that complies with SAML 2.0 standard. • Login flow supported by Unified Comunications Manager is SP-initiated. Selecting an Identity Provider (IdP) Cisco Collaboration solutions use SAML 2.0 (Security Assertion Markup Language) to enable SSO (single sign-on) for clients consuming Unified Communications services. SAML-based SSO is an option for authenticating UC service requests originating from inside the enterprise network, and it is now extended to clients requesting UC services from outside via Mobile and Remote Access (MRA). If you choose SAML-based SSO for your environment, note the following: • SAML 2.0 is not compatible with SAML 1.1 and you must select an IdP that uses the SAML 2.0 standard. • SAML-based identity management is implemented in different ways by vendors in the computing and networking industry, and there are no widely accepted regulations for compliance to the SAML standards. • The configuration of and policies governing your selected IdP are outside the scope of Cisco TAC (Technical Assistance Center) support. Please use your relationship and support contract with your IdP Vendor to assist in configuring the IDP properly. Cisco cannot accept responsibility for any errors, limitations, or specific configuration of the IdP. SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 8 SAML-Based SSO Solution Software Requirements