The Cisco WebEx Messenger Administration Tool enables
Organization Administrators to monitor, manage, control, and enhance user
access to Cisco WebEx. The Cisco WebEx administrator is known as the
Organization Administrator. The Organization Administrator controls what
features are available to Cisco WebEx users and determines how they can use
The Cisco WebEx
Connect service has been rebranded as Cisco WebEx Messenger. The Cisco WebEx
Administration Tool will be updated shortly to reflect this change.
The client application is branded as Cisco Jabber.
This section includes a summary of tasks to quickly get started
using the Cisco WebEx Messenger Administration Tool.
Single Sign-On or Directory Integration enabled need to contact a Cisco WebEx
representative for assistance in getting started with launching Cisco WebEx
Messenger Administration Tool.
The following are the minimum and recommended desktop
requirements to install and run the following Cisco WebEx Applications:
Cisco Jabber for
Please refer to the Cisco Jabber Windows application
for the minimum and recommended desktop requirements to install and run the
Cisco Jabber application.
Cisco Jabber for
Please refer to the Cisco Jabber Mac application documentation
the minimum and recommended desktop requirements to install and run the Cisco
Please refer to the following Cisco Jabber Mobile applications
documentation for the minimum and recommended desktop requirements to install
and run the Cisco Jabber applications.
Cisco Jabber for iPhone and iPad:
Cisco Jabber for Android:
The following network requirements are required to access the
Cisco WebEx Messenger service. The application computer must have Internet
connectivity and be able to connect to the following hosts and ports.
Note: Cisco WebEx Jabber application uses the Web Proxy
information configured in Internet Explorer to access the application
configuration service. If the proxy in the customer network is an authenticated
proxy, the proxy is appropriately configured to allow access to this URL
without requiring any authentication.
You need to open connectivity over ports 80 and 443 for the
The sub-domains of above: *.webex.com and *.webexconnect.com.
If you intend to use third-party XMPP applications such as
http://adium.im, you need to open port 5222 as well. For more information about
using third-party XMPP applications, see
Third Party XMPP IM Application Support.
Certificate Revocation List (CRL)
The Cisco Jabber clients check x509 CRLs or use online certificate status protocol (OCSP) when establishing TLS
connections to the servers. These lists are obtained by following URL addresses
embedded in the x509 certificate. These URLs are controlled by the certificate
Cisco periodically updates these x509 certificates and changes
certificate authorities due to normal maintenance or security concerns and
reserves the right to change certificates and certificate authorities without
Below is the current list of certificate provider domains which should be
white-listed in firewall rules:
WebEx services are offered over the following IP ranges:
188.8.131.52 - 184.108.40.206
220.127.116.11 – 18.104.22.168
22.214.171.124 – 126.96.36.199
188.8.131.52 - 184.108.40.206
220.127.116.11 - 18.104.22.168 (Subnet)
It is generally not recommended to restrict access based on IP
ranges as WebEx may acquire new IP addresses or reassign IP addresses.
To receive notifications from Cisco WebEx, set your SPAM Filter
to allow emails from mda.webex.com. Notifications typically include important
information about new Cisco WebEx accounts, password resets and similar
information, communicated to users through emails.
This section lists the recommended port and bandwidth
requirements for the Video sessions initiated from the Cisco WebEx Jabber
P2P refers to the ability to make Jabber to Jabber calls.
In general, audio and video functionality is offered over the following
A/V Server port
80 and 443
P2P port/audio and video media/Jabber to Jabber Calling
If you choose a different port range for Jabber to Jabber calling, you must change the port range in the Cisco WebEx Messenger Administration tool and then open the company network ports based on those changes.
Sign in to the WebEx Messenger Administration tool, select P2P Settings > Configure Ports Manually.
The UDP port 5101 is used to establish the server connection. If
the connectivity fails, ports 80/443 are used to establish connectivity.
Jabber to Jabber calling always uses UDP ports it will never default to TCP ports.
Any customer that wants to enable Jabber to Jabber calling needs to have their organization synced with the Cisco Common Identity system, which controls access to the Spark platform. Contact your Customer Success Manager for information or assistance.
WebEx with Other IM
Cisco WebEx Messenger can federate with users of leading
instant messaging providers such as AIM, IBM Lotus Sametime, Microsoft Lync,
and XMPP-based IM networks like GoogleTalk and Jabber.org. A list of public
XMPP-based IM networks is available at the XMPP Standards Foundation website:
with XMPP-based IM networks or IM solutions that support XMPP
between Cisco WebEx and XMPP-based Instant Messaging networks or IM solutions
that support XMPP requires the publishing of a Service (SRV) record in DNS.
Examples of XMPP-based IM networks include Google Talk, and Jabber.org. For
more information on enabling XMPP federation, refer to Specifying IM Federation
example shows how XMPP federation is provisioned for an organization called
If acme.com wants
federation with external domains (domains not within the Cisco WebEx
Collaboration cloud), it publishes the following Service (SRV) records in DNS:
_xmpp-server._tcp.acme.com. 86400 IN SRV 5 0 5269 s2s.acme.com.webexconnect.com
The TCP port,
5269 should be open to enable XMPP federation.
Configuring a DNS
The following are
sample IM Federation settings for each of the options available:
acme.com (domain name)
Priority = 5
Weight = 0
Port = 5269
encryption with Federation
If encryption is
required then this can only be accomplished by using the
the AOL IM Network
Cisco WebEx Messenger can federate with AOL’s IM network.
Contact your Cisco WebEx account representative if you would like to federate
with AOL’s IM network.
with IBM Lotus Sametime
NextPlane federation services to
federate between Cisco WebEx Messenger and IBM Lotus Sametime.
Cisco does not
provide support for the IBM Lotus Sametime XMPP Gateway. This is due to
numerous known issues that exist with the Gateway, and our inability to provide
support for another company's product.
with Microsoft Lync
NextPlane federation services to
federate between Cisco WebEx Messenger and Microsoft Lync.
Cisco does not
provide support for the Migrosoft Lync XMPP Gateway. This is due to numerous
known issues that exist with the gateway, and our inability to provide support
for another company's product.
Third Party XMPP IM
Instead of the Cisco Jabber for Windows application, third
party applications (for example, Pidgin for Linux) that support XMPP can also
be used for basic IM communication. However, organization policies cannot be
enforced on third party XMPP applications. Additionally, features such as
end-to-end encryption, desktop sharing, video calls, computer-to-computer
calls, and teleconferencing are not supported with third party applications. A
list of third party applications that support XMPP is available at the XMPP
Standards Foundation website http://xmpp.org/software/clients.shtml.
To allow the use of third party applications with the Cisco
WebEx Messenger service, you need to enable a setting in Cisco WebEx
Administration Tool. For more information refer to Specifying IM Federation
You will also need to publish a Service (SRV) record in DNS to
enable third party XMPP applications to work with the Cisco WebEx Collaboration
cloud. For example, the Cisco WebEx Organization, acme.com publishes the
following SRV record in DNS to allow the use of third party XMPP applications:
_xmpp-client._tcp.acme.com. 86400 IN SRV 5 0 5222
The SRV records for your domain can be found in IM Federation
under the Configuration tab. For more information, see
IM Federation Settings.
The TCP port 5222 should also be opened to enable the use of
third party XMPP applications.
Polices cannot be enforced when users in your Cisco WebEx
Organization use third party XMPP applications to connect to your domain.
Policies can only be enforced on users who use Cisco Jabber clients.
Sign in to the
Important: If your Cisco WebEx Messenger organization is
enabled with Single sign-on integration, the URL that you need to type in your
Web browser should be in the format:
https://<WAPIserver>/wbxconnect/sso/acme.com/orgadmin.app where acme.com
is the Cisco WebEx Messenger organization enabled with Single sign-on
To sign in go to http://www.webex.com/go/connectadmin.
Cisco WebEx Messenger Administration Tool page
Enter your sign in details in the Username and Password fields.
Remember Username to avoid typing in the username
each time you sign in.
The following tabs are available in the Cisco WebEx Messenger
Add and configure user information.
Configure settings for various features of Cisco WebEx such
as general information about your organization, domains, password enforcement,
user provisioning, IM settings, and additional services such as IM federation,
IM archiving, and unified communications.
Set policies and rules for users.
Assign group policies.
View usage reports on users.
View Cisco WebEx Messenger Administration Tool version
View Cisco WebEx Messenger Administrator's Guide.
Administrative Tools tab, you can:
Customize various system-generated emails sent to Cisco WebEx
Add new Cisco WebEx users and assign Roles and Groups to these
Enforce password requirements.
Import and export users from or to comma-separated value (CSV)
Define and apply policies and policy actions.
When a User-Only administrator signs into Organization
Administration, only the User, Report, About, and Help tabs are displayed.