Contents
SAML SSO Okta Identity Provider
NoteRefer to the SAML SSO Deployment Guide for Cisco Unified Communications Applications for your release to find out if Okta has been tested with your release.
Introduction
Single sign-on (SSO) is a session or user authentication process that enables a user to provide credentials to access one or more applications. The process authenticates the user for all applications they have been given rights to and eliminates further prompts when they switch applications during a particular session.
For more information about the SAML SSO Solution, see: SAML SSO Deployment Guide for Cisco Unified Communications Applications.
This document provides steps to configure Okta as SAML SSO Identity Provider (IdP) for Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM and Presence Service (IM and Presence Service), Cisco Unity Connection, or Cisco Prime Collaboration Assurance.
Configure Okta as Identity Provider
ProcedureUse this procedure to configure Okta as the SAML SSO Identity Provider (IdP) for Cisco Unified Communications Manager.
Okta is a cloud-hosted IdP. SAML SSO can be enabled using Okta IdP with the cluster-wide option only. The per node option is not available for Okta.
NoteFor details on how to configure SAML SSO on Cisco Unified Communications Manager, refer to the SAML SSO Deployment Guide at https://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-callmanager/products-maintenance-guides-list.html.
Enable SAML SSO on Unified Communications Applications
Procedure
Step 1 Navigate to the following page for each application:
- Cisco Unified Communications Manager— Using a web browser, sign in to Unified CM as administrator, and navigate to .
- Cisco Unified Communications Manager IM and Presence Service— Using a web browser, sign in to Unified CM as administrator, and navigate to .
- Cisco Unity Connection— Using a web browser, sign in to Cisco Unity Connection as administrator, and navigate to .
- Cisco Prime Collaboration Assurance— Using a web browser, sign in to Prime Collaboration Assurance as globaladmin, and navigate to .
Step 2 Click Enable SAML SSO and follow the steps.
Note With Okta, you must use a Cluster wide agreement (one metadata file per cluster). Okta will not work with per node agreements.
NoteFor detailed SAML SSO configuration steps, refer to the SAML SSO Deployment Guide for Cisco Unified Communications Applications.
Test SSO on Okta
ProcedureAfter you have configured SAML SSO on both Okta and Cisco Unified Communications Manager, test the SSO connection.
Step 1 Log in to Okta to authenticate the Okta service. A confirmation message, showing that the SSO configuration is successful, appears. Step 2 Click Close and then click Finish Step 3 Close the web browser and wait for a couple of minutes for the SAML SSO configuration changes to take effect on Cisco Unified Communications Manager. Step 4 Enter the Cisco Unified Communications Manager URL in the address bar of the web browser to verify that SSO is enabled. The Recovery URL to bypass Single Sign On (SSO) link appears below the Cisco Unified Communications Manager link. The Recovery URL to bypass Single Sign On (SSO) link appears when the SSO is enabled.
Copyright © 2017, Cisco Systems, Inc. All rights reserved.