Synchronize Users against Cisco Webex Control Hub

Imagicle UCX Cloud Suite can import users from Webex Control Hub, thanks to available Cisco Webex (XSI) APIs for this purpose.

Provided Webex APIs allow to import users from multiple Webex Organizations, if required.

Before configuring such import connector, please mind below-listed requirements:

• Imagicle UC Cloud Suite must be in place, with a valid license subscription.
• Imagicle UC Cloud Suite must be authenticated against Imagicle Cloud Services, as described in this article.
• A Full Admin user belonging to Webex customer organization 

OAuth2 token for UCX Suite integration with Webex Calling Users' Synch

Customer must authorize Imagicle Webex Cloud Integration application called Imagicle Users Synchronization Connector to access own Webex organization data. The following permissions are granted to the Imagicle Webex Calling Integration application:

• spark-admin:people_read
• spark-admin:organizations_read
• spark-admin:locations_read
• spark-admin:telephony_config_read
• spark-admin:xsi

These are the minimum permissions required to retrieve basic user information and read organizations information. Without granting such permission, we cannot provide the feature.

Procedure

Please connect to the Imagicle Onboarding Web Portal for Webex Calling MT and enter customer's data, including above mentioned Full Admin Webex user.

Once customer data has been entered, please proceed to next page and authorize the following application highlighted in red:

Please note that other tokens might be required for Webex Calling Native Call Control and to retrieve presence status from Webex Control Hub. Please consult relevant KB articles.

Once you have authorized all required tokens, please click on "COMPLETE REQUEST" to trigger the Imagicle internal process to enable the tokens.

Remarks

Imagicle apps authorization requires Webex apps integrations to be enabled by default. If not, you might get the following error message:

In this case, you can selectively authorize Imagicle applications by accessing Webex Control Hub ⇒ Apps ⇒ Integrations and locate Imagicle apps by Integration ID:

• Imagicle UCX Suite Users' Synch from Control Hub:

C89a4ba3aa80c33dd80bfc17a1572c5026049234c0aa90b7793b47dac37d7fa6c

• Imagicle Attendant Console Webex Presence Retrieval:

C1468e046a54f78620ca6d1b16eda8096165d0f960078c8e38c5ac09fb7f7f120

• Imagicle Attendant Console Call Control:

C143958d8c8645673914400fbf4b06fa022da2a7caeac67b5eb48d062709cf24e

• Imagicle Call Analytics CDRs retrieval from Control Hub:

C2b09ee9cb8a3ae94ae0e6417d7dcf7e33351ae00bbb22fb9937a79796a8371b5

Please consult relevant Cisco documentation here.

Admin User Authorizer

The authorization process involves a Full Admin user from the customer that, through his/her Webex account, authorize Imagicle Integration. The above mentioned authorization may automatically expire as soon as the authorizing user change his/her password. Once the authorization is removed, UCX Suite will no more be able to retrieve events related to that authorization (Webex users data). To recover the feature, a new authorization process must be executed. 

This limitation does not apply if the SSO for Webex is enabled.

If SSO in not enabled, a user password by default expires after five years, as per Cisco documentation (and an admin user can be created without requiring additional licenses).

This limitation is related to the authentication flow implemented by Webex, namely OAuth2 Authorization Code flow, that implies impersonating a user while accessing the Webex APIs. We are working with Cisco to remove this limitation.

The token is invalidated also in these two cases:

• Authorizing Webex user is deactivated
• Full Admin privileges are removed from the authorizing Webex user

Enabling Webex Users' Synch from Imagicle Web Portal

Once above OAuth2 token has been issued, you can proceed with actual Webex Cloud users' synch enablement.

Please access to Imagicle UC Suite web portal as Administrator and go to ADMIN ⇒ User Management ⇒ Synchronize users with an external data source » ⇒ Configure Data Sources >>

Select "Cisco Webex" and flag relevant entry, as per below screenshot:

If the "STATUS" indicator goes green, then it means Imagicle UCX Cloud Suite can reach Webex Cloud. Otherwise, please check below table for most typical error messages appearing underneath the red STATUS indicator:

Proxy Support

If your Imagicle UCX Suite can reach Internet through a proxy, please configure it by following this KB article. Webex import connector supports proxy configuration.

Configuring Synchronization Rules

Please access to Imagicle UCX Suite web portal as Administrator and go to ADMIN ⇒ User Management ⇒ Synchronize users with an external data source » ⇒ Configure Synch Rules >>

Select "Cisco Webex", as per below screenshot:

The sync service uses the Webex Calling user's email as primary key. The username included in the email address populates the Active directory username field, while the domain (after @) populates the Domain field.

For all other users' fields, they are imported from a fixed Webex field or you can choose from which Webex field to populate them. See below table including Webex specific field mapping:

* Imagicle supports overlapping extension numbers by selecting to import ESN instead of Extension Number. ESN includes a location prefix + Webex Calling Extension, so Imagicle Advanced Queuing can transfer calls to overlapping operators' internal numbers, without having to leverage +E.164 Phone Numbers.

** AvatarURL points to a server on Webex Cloud, which should be reachable by Imagicle UC Suite to retrieve each picture through a http request. User images can be in the most common formats, e.g. png, jpg, jpeg and bmp.

Note: If Webex user's email is changed, at the next synchronization relevant UCX Suite user is removed and another UCX Suite user is created with the new Active directory username and Domain values.