Configure an Identity Provider (IdP)
To support SSO for the contact center solution, configure an Identity Provider (IdP) that is compliant with the Security Assertion Markup Language 2.0 (SAML v2) Oasis standard. The IdP stores user profiles and provides authentication services to the contact center solution.
For a current list of supported Identity Provider products and versions, see the HCS for CC Compatibility Information at https://www.cisco.com/c/en/us/support/unified-communications/hosted-collaboration-solution-contact-center/products-device-support-tables-list.html.
This section provides sample configuration information for Microsoft AD FS.
Follow this sequence of tasks to configure the Identity Provider.
Sequence |
Task |
---|---|
1 |
|
2 |
Set Authentication Type. See Authentication Types. |
Install and Configure Active Directory Federation Services
Follow Microsoft instructions and guidelines to install Microsoft Active Directory Federation Services (AD FS).
For example, see Active Directory Federation Services Overview at https://technet.microsoft.com/en-us/library/hh831502(v=ws.11).aspx
-
For AD FS 2.0, see AD FS Content Map at http://aka.ms/adfscontentmap.
-
For AD FS in Windows Server (AD FS 3.0), see the AD FS Content Map at http://aka.ms/adfscontentmap and AD FS Technical Reference at https://technet.microsoft.com/en-us/library/dn303410(v=ws.11).aspx.
Note |
Cisco IdS does not support AD FS Automatic Certificate Rollover. If the AD FS certificate gets rolled over, then re-establish the trust relationship between the IdS and AD FS. |
Authentication Types
Cisco Identity Service supports form-based authentication of the Identity Provider.
For information on enabling form-based authentication in ADFS, see Microsoft documentation:
-
For ADFS 2.0 see https://social.technet.microsoft.com/wiki/contents/articles/1600.ad-fs-2-0-how-to-change-the-local-authentication-type.aspx
-
For ADFS 3.0 see https://blogs.msdn.microsoft.com/josrod/2014/10/15/enabled-forms-based-authentication-in-adfs-3-0/
For Kerberos authentication to work, ensure to disable the form-based authentication and follow the steps provided in the section Kerberos Authentication (Integrated Windows Authentication) at https://www.cisco.com/c/en/us/support/docs/customer-collaboration/unified-contact-center-express/200612-Configure-the-Identity-Provider-for-UCCX.html#anc19.
-
In AD FS on Windows Server , set the Authentication Type to Forms-based authentication (FBA). Refer to the following Microsoft TechNet article, http://social.technet.microsoft.com/wiki/contents/articles/1600.ad-fs-2-0-how-to-change-the-local-authentication-type.aspx
-
In AD FS on Windows Server, set the Authentication Policy to Forms Authentication. Refer to the following Microsoft TechNet article, https://blogs.msdn.microsoft.com/josrod/2014/10/15/enabled-forms-based-authentication-in-adfs-3-0/