McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 41

↗ View in doc context
page
41
source
cucm/v15/saml-sso/saml-sso.md
chunk_id
cucm::v15::saml-sso::saml-sso::38

Procedure Step 1 In Windows PowerShell®, run the following command for each Expressway-E's <EntityName> once per Relying Party Trust created on ADFS: Set-ADFSRelyingPartyTrust -TargetName "<EntityName>" -SAMLResponseSignatureMessageAndAssertion where <EntityName> must be a display name for the Relying Party Trust of Expressway-E as set in ADFS. Step 2 In ADFS, add a Claim Rule for Each Relying Party : a) Open the Edit Claims Rule dialog, and create a new claim rule that sends AD attributes as claims. b) Select the AD attribute to match the one that identifies OAuth users to the internal systems, typically email or SAMAccountName. c) Enter uid as the Outgoing Claim Type. Configure SSO Login Behavior for Cisco Jabber on iOS Procedure Step 1 From Cisco Unified CM Administration, choose System > Enterprise Parameters. Step 2 To configure the opt-in control, in the SSO Configuration section, choose the Use Native Browser option for the SSO Login Behavior for iOS parameter: Note The SSO Login Behavior for iOS parameter includes the following options: • Use Embedded Browser—If you enable this option, Cisco Jabber uses the embedded browser for SSO authentication. Use this option to allow iOS devices prior to version 9 to use SSO without cross-launching into the native Apple Safari browser. This option is enabled by default. • Use Native Browser—If you enable this option, Cisco Jabber uses the Apple Safari framework on an iOS device to perform certificate-based authentication with an Identity Provider (IdP) in the MDM deployment. Note We don't recommend to configure this option, except in a controlled MDM deployment, because using a native browser is not as secure as the using the embedded browser. Step 3 Click Save. Access the Recovery URL Use the recovery URL to bypass SAML Single Sign-On and log in to the Cisco Unified Communications Manager Administration and Cisco Unified CM IM and Presence Service interfaces for troubleshooting. For SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 15 and SUs 31 SAML SSO Configuration Configure SSO Login Behavior for Cisco Jabber on iOS