Synchronize Users against Cisco Webex Control Hub
Imagicle UCX Cloud Suite can import users from Webex Control Hub, thanks to available Cisco Webex (XSI) APIs for this purpose.
Provided Webex APIs allow to import users from multiple Webex Organizations, if required.
Before configuring such import connector, please mind below-listed requirements:
- Imagicle UC Cloud Suite must be in place, with a valid license subscription.
- Imagicle UC Cloud Suite must be authenticated against Imagicle Cloud Services, as described in this article.
- A Full Admin user belonging to Webex customer organization
OAuth2 token for UCX Suite integration with Webex Calling Users' Synch
Customer must authorize Imagicle Webex Cloud Integration application called Imagicle Users Synchronization Connector to access own Webex organization data. The following permissions are granted to the Imagicle Webex Calling Integration application:
- spark-admin:people_read
- spark-admin:organizations_read
- spark-admin:locations_read
- spark-admin:telephony_config_read
- spark-admin:xsi
These are the minimum permissions required to retrieve basic user information and read organizations information. Without granting such permission, we cannot provide the feature.
Procedure
Please connect to the Imagicle Onboarding Web Portal for Webex Calling MT and enter customer's data, including above mentioned Full Admin Webex user.
Once customer data has been entered, please proceed to next page and authorize the following application highlighted in red:
Please note that other tokens might be required for Webex Calling Native Call Control and to retrieve presence status from Webex Control Hub. Please consult relevant KB articles.
Once you have authorized all required tokens, please click on "COMPLETE REQUEST" to trigger the Imagicle internal process to enable the tokens.
Remarks
Imagicle apps authorization requires Webex apps integrations to be enabled by default. If not, you might get the following error message:
In this case, you can selectively authorize Imagicle applications by accessing Webex Control Hub ⇒ Apps ⇒ Integrations and locate Imagicle apps by Integration ID:
- Imagicle UCX Suite Users' Synch from Control Hub:
C89a4ba3aa80c33dd80bfc17a1572c5026049234c0aa90b7793b47dac37d7fa6c
- Imagicle Attendant Console Webex Presence Retrieval:
C1468e046a54f78620ca6d1b16eda8096165d0f960078c8e38c5ac09fb7f7f120
- Imagicle Attendant Console Call Control:
C143958d8c8645673914400fbf4b06fa022da2a7caeac67b5eb48d062709cf24e
- Imagicle Call Analytics CDRs retrieval from Control Hub:
C2b09ee9cb8a3ae94ae0e6417d7dcf7e33351ae00bbb22fb9937a79796a8371b5
Please consult relevant Cisco documentation here.
Admin User Authorizer
The authorization process involves a Full Admin user from the customer that, through his/her Webex account, authorize Imagicle Integration. The above mentioned authorization may automatically expire as soon as the authorizing user change his/her password. Once the authorization is removed, UCX Suite will no more be able to retrieve events related to that authorization (Webex users data). To recover the feature, a new authorization process must be executed.
This limitation does not apply if the SSO for Webex is enabled.
If SSO in not enabled, a user password by default expires after five years, as per Cisco documentation (and an admin user can be created without requiring additional licenses).
This limitation is related to the authentication flow implemented by Webex, namely OAuth2 Authorization Code flow, that implies impersonating a user while accessing the Webex APIs. We are working with Cisco to remove this limitation.
The token is invalidated also in these two cases:
- Authorizing Webex user is deactivated
- Full Admin privileges are removed from the authorizing Webex user
Enabling Webex Users' Synch from Imagicle Web Portal
Once above OAuth2 token has been issued, you can proceed with actual Webex Cloud users' synch enablement.
Please access to Imagicle UC Suite web portal as Administrator and go to ADMIN ⇒ User Management ⇒ Synchronize users with an external data source » ⇒ Configure Data Sources >>
Select "Cisco Webex" and flag relevant entry, as per below screenshot:
If the "STATUS" indicator goes green, then it means Imagicle UCX Cloud Suite can reach Webex Cloud. Otherwise, please check below table for most typical error messages appearing underneath the red STATUS indicator:
Issue |
Error message |
ClientID/secret wrong configured |
Client ID or Client Secret are misconfigured |
Suite not enabled on Imagicle Cloud to users sync |
UC Suite is not enabled in the Imagicle Cloud to synchronize users. Check OAuth2 token enablement. |
the Imagicle Cloud is not reachable (on-prem UC Suite only) |
Imagicle Cloud unreachable |
Other |
An unexpected error occurred while checking Imagicle Cloud connection |
Proxy Support
If your Imagicle UCX Suite can reach Internet through a proxy, please configure it by following this KB article. Webex import connector supports proxy configuration.
Configuring Synchronization Rules
Please access to Imagicle UCX Suite web portal as Administrator and go to ADMIN ⇒ User Management ⇒ Synchronize users with an external data source » ⇒ Configure Synch Rules >>
Select "Cisco Webex", as per below screenshot:
The sync service uses the Webex Calling user's email as primary key. The username included in the email address populates the Active directory username field, while the domain (after @) populates the Domain field.
For all other users' fields, they are imported from a fixed Webex field or you can choose from which Webex field to populate them. See below table including Webex specific field mapping:
UCX Suite Display Name | Mapping criteria | Synched from | Example Value |
Active Directory username | Import every time from source | username coming from Email field | john.smith |
Domain | Import every time from source | domain coming from Email field | company.com |
First Name | Import every time from source | firstname | John |
Last Name | Import every time from source | lastname | Smith |
User PIN | Only when adding, set this value | 1234 | |
Single Sign-On Id |
|
Webex Mail | john.smith@company.com |
Conversational AI Username |
|
Webex Mail | john.smith@company.com |
First extension number* |
|
ESN = location.routingPrefix + webexCalling.extension Phone Number = webexCalling.countryCode + webexCalling.number |
33 + 6623 or +447259856623 |
First extension number Alias* |
|
Extension = webexCalling.extension Phone Number = webexCalling.countryCode + webexCalling.number ESN = location.routingPrefix + webexCalling.extension Work Phone = workPhone email = Webex Mail |
6623 or +447259856623 or 33 + 6623 or +44984664564 or john.smith@company.com |
Device name |
|
webexCalling.nativeUserId | jsmith |
Preferred Device name |
|
webexCalling.nativeUserId | jsmith |
PBX Username |
|
webexCalling.nativeUserId |
jsmith |
|
Webex Mail | john.smith@company.com | |
Department |
|
Organization Name = organization.name Location Name = location.name |
ACME Inc. |
Recording Group name |
|
Organization Name = organization.name Location Name = location.name |
ACME Inc. |
Cost Center |
|
Organization Name = organization.name Location Name = location.name |
Paris |
Office Location |
|
Organization Name = organization.name Location Name = location.name |
France |
VoiceMail Number |
|
*55 + ESN (location.routingPrefix + webexCalling.extension) |
*55 + 33 + 6623 |
VoiceMail Address |
|
Webex Mail | john.smith@company.com |
Home Phone |
|
workPhone | +44984664564 |
Mobile Business Number |
|
mobilePhone | +44702465646 |
Fax Number |
|
faxNumber | +44984664564 |
Fax Group Username |
|
Fax Number = faxNumber Organization Name = organization.name Location Name = location.name |
France |
Fax Company Name |
|
organization.name | ACME Inc. |
Fax to email address |
|
Webex Mail | john.smith@company.com |
Rich Presence SIP URI |
|
Webex Mail | john.smith@company.com |
Microsoft URI |
|
Webex Mail | john.smith@company.com |
Webex URI |
|
Webex Mail | john.smith@company.com |
Picture |
|
AvatarURL** | Max 200KBytes size (default) |
* Imagicle supports overlapping extension numbers by selecting to import ESN instead of Extension Number. ESN includes a location prefix + Webex Calling Extension, so Imagicle Advanced Queuing can transfer calls to overlapping operators' internal numbers, without having to leverage +E.164 Phone Numbers.
** AvatarURL points to a server on Webex Cloud, which should be reachable by Imagicle UC Suite to retrieve each picture through a http request. User images can be in the most common formats, e.g. png, jpg, jpeg and bmp.
Note: If Webex user's email is changed, at the next synchronization relevant UCX Suite user is removed and another UCX Suite user is created with the new Active directory username and Domain values.
|
||
This article was: |
Prev | Next | |
Sync Users with CuCM | Contact Pictures Display on Jabber clients |