While talking with Webex customers, we learned customers are facing problems on-boarding from Azure AD. We have built a new solution for customers who intend to provision users or other types of identities to Webex.
Customer requests
Some customer feedback and request resulted in the following:- Customers need a simple way to complete the configuration to automatically provisioning users.
- Customers need to synchronize groups from Azure AD to Webex to use license template and feature template functions.
- Avatar as an important identical property in profile and customers need to synchronize user’s avatar to Webex from Azure AD.
- Customers want to migrate from AD to Azure AD to manage their users.
- Webex Administrators want to be able to see clearly which users to add, delete and update.
- Webex Administrators need to know about the changes in the recent synchronization.
- Customers want to configure and sync users from multiple Azure AD tenants.
- Customers desire to complete user provision and single sign-on configuration integrated in the same process so that they can easily finish on-boarding.
- Customers already manage verified domains in Azure AD, and they want to add them to Webex Control Hub in a simple way
An innovative solution
Considering these user requests, we decided to innovate a solution that supports users’ automatic provisioning. Before, it could take more than 11 steps to complete the configuration for automatic user provisioning following the Microsoft standard template. For now, we created a new solution leveraging the MSFT Graph API, which can simplify the configuration introduced by the standard template. Furthermore, Webex’s new solution can enable more abilities the Azure AD enterprise app template doesn’t support. Here are the highlights:- A wizard-based configuration can make the process straightforward. The admin doesn’t need to read a long article to learn how to complete the configuration step-by-step. They only need to follow the wizard to complete the necessary steps. The procedure provides necessary checking and tips to prevent mistakes.
- Very few clicks to complete the configuration. The Azure Wizard App provides two models for different sizes of customers. If you’re an SMB customer (detected users count is less than 1,000), the admin could finish the configuration in 2 steps. Both SMB customers and large enterprise customers have the flexibility to manually configure each step. Even if the customer chooses to complete the configuration manually, it takes only 5 steps.
- Support configuration to sync groups of users and Group objects themselves. The admin can decide to only sync users from select groups and enable syncing group objects by turn on feature option. It can give the admin more flexibilities for the synchronization configuration.
- Enhanced to support more attributes mapping. The admin can easily map the attributes between Azure AD and Webex Identity Directory. In the current version, it can support 14 attributes. In the future, more and more attributes will be added to the mapping table for configuration.
- Support syncing user avatars to Webex. The admin can configure the option to synchronize user avatars from Azure AD to Webex. The users will then see the same avatar images in different Webex applications, such as Webex App, Webex Meeting, user profiles, and so on.
- Supports the sync on-demand utility. The admin can initialize synchronization for a specific user on Control Hub. The user can be provisioned to Webex without waiting for the periodic synchronization cycle. Furthermore, the admin can see the sync results at once so that they can troubleshoot the issue during syncing up users. It can save times for the customers during setup for trial purpose.
- View sync summary. The admin can review the recent sync results in Control Hub. They can know the users that were added, deleted, and updated as well as the changes to the group objects.
- Enable SSO (Single sign-On) in configuration. The Azure Wizard App integrates Single sign-on configuration. The Wizard App support OpenID Connector for Single sign-on authentication. During the configuration, the admin can enable Single sign-on through easily turning on an option.
- Add verified domains with Azure AD. The admin can use add Azure AD verified domains to Control Hub if these domains have been verified in Azure AD already. It can save admin repeating works about adding the verified domains across different services.