Webex (Cisco)
This connectivity package provides support for managing people, licenses, groups, and license assignments in Webex (Cisco).
Supported objects and operations
| System objects | Omada Identity Data Model | Operations |
|---|---|---|
| People | Account | Create, read, update, delete |
| Licenses | Resource | Read |
| Groups | Resource | Read |
| Group memberships (people) | Resource Assignment | Create, read, delete |
| License assignments | Resource Assignment | Create, read, delete |
Minimum required permissions
Minimum scopes:
spark-admin:workspaces_write
spark-admin:resource_groups_read
Identity:one_time_password
spark:people_read
spark-admin:organizations_write
spark-admin:people_write
spark-admin:roles_read
spark-admin:organizations_read
identity:tokens_write spark:people_write
spark:organizations_read
spark:xapi_statuses
spark-admin:workspaces_read
spark-admin:resource_group_memberships_read
spark-admin:resource_group_memberships_write
spark:xapi_commands
identity:groups_rw
spark:kms spark-admin:devices_read
identity:groups_read
identity:tokens_read
spark-admin:licenses_read
spark-admin:devices_write
spark-admin:people_read
Implementation notes
None.
Network requirements
N/A
Prerequisites
Get a refresh token:
- Log in to your Webex developer environment.
- Retrieve the Client ID and regenerate the Client secret.
- Use the OAuth Authorization URL to get a code.
Once you use the link, the system will ask you to login to your developer account. That will generate a code in the URL. - Use that code to make a call to generate a refresh token:
https://{environmentName}.com/v1/access_token?grant_type=authorization_code&client_id=****&client_secret=****&code=****&redirect_uri= {developer environment}
Set up the token in Omada:
- In the system onboarding view, go to Connection details.
- Enter the following details:
- Authentication type: OAuth2 Custom
- Token endpoint:
https://{environmentName.com}/v1/access_token - Authentication request body:
grant_type=refresh_token&client_id=***&client_secret=***&refresh_token=*** - Authentication request content type:
application/x-www-form-urlencoded - Authentication server response format: json
- Access Token Location: access_token
- Authorization header: Authorization
Create an extension attribute:
To provision multiple licenses in an array, create an attribute that is resolved by the attribute value resolver. Configure the RoPE file:
-
Create a new value property. See Creating value property.
-
Go to Setup --> Attributes and create a new attribute with the property specified above. Add it to the Webex attribute set.
-
Go to RoPE config file to configure RoPE:
- On-prem:
\Omada Identity Suite\Role and Policy Engine\Service\ConfigFiles - Cloud: In the Cloud Management Portal, navigate to Environments. In the environment row, from the drop-down menu, select Configure. Choose the RoPE configuration tab.
- On-prem:
-
Add a new attribute under the
AttributeValueResolver:
<add key="setting105" name="Cisco Webex Account:C_WEBEXLICENSES" extraInfo="Type:ReferencePath;MultiValue:True"
value="/#ASSIGNMENTS_PER_RESOURCETYPE/Webex Licenses:[DESCRIPTION]"/>
Create a role
In order to update a user, the Free share screen license has to be part of the request body. Create a role and import all licenses belonging to the Organization, and assign the Free screen share license when an identity gets a Webex personal account:
- In Omada Identity, go to Setup --> Resource types.
- Click the New button. Enter the following details and click OK:
- Name: Webex
- Resource category: Role
- Go to Resources and click New. Enter the following details:
- Resource ID: WEBEX.ACCOUNT.ROLE
- Name: Webex account role
- Resource type: Webex Role
- System: Webex
- Child resources: Free screen share and Webex personal account
- Resource folder: Webex
When an account is created, the user automatically gets 4 licenses. Only the Free screen share license is mandatory. If all users need access to more licenses from the moment they get an account, add those licenses to the child resources field on the Webex account role.
When using the Request Access process, you can either request the above-mentioned role (but that requires you to set the customer setting AccessRequestRequireAccountForPermission to false), or request both the personal account resource and the Webex license resource Free share screen.