/mcpSet the value of OAuth Access Token for Devices to Explicit:Activation Code device onboarding required to disable implicitly receiving tokens for SIP OAuth registration and only support receiving tokens through activation code. The tokens can then be used for SIP OAuth registration if indicated in the security profile. From Release 14 onwards, the default value of the enterprise parameter OAuth Access Token for Devices is Implicit:Already registered devices. Step 3 Click Save. Configure Refresh Logins Use this procedure to configure Refresh Logins with OAuth access tokens and refresh tokens for Cisco Jabber clients. Procedure Step 1 From Cisco Unified CM Administration, choose System > Enterprise Parameters. Step 2 Under SSO and OAuth Configuration, set the OAuth with Refresh Login Flow parameter to Enabled. Step 3 (Optional) Set any other parameters in the SSO and OAuth Configuration section. For parameter descriptions, click on the parameter name. Step 4 Click Save. Configure OAuth Ports Use this procedure to assign the ports that are used for SIP OAuth. Procedure Step 1 From Cisco Unified CM Administration, choose, System > Cisco Unified CM. Step 2 Do the following for each server that uses SIP OAuth. Step 3 Select the server. Step 4 Under Cisco Unified Communications Manager TCP Port Settings, set the port values for the following fields: • SIP Phone OAuth Port Default value is 5090. Acceptable configurable range is 1024–49151. • SIP Mobile and Remote Access Port Default value is 5091. Acceptable configurable range is 1024–49151. Note Cisco Unified Communications Manager uses SIP Phone OAuth Port (5090) to listen for SIP line registration from Jabber on-premises devices over TLS. However, Unified CM uses SIP Mobile Remote Access Port (default 5091) to listen for SIP line registrations from Jabber over Expressway through mTLS. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 99 Basic System Security Configure Refresh Logins