Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
780
Views
1
Helpful
3
Replies

Webex Control Hub Duo SSO

khudson1
Level 1
Level 1

‎11-12-2021 07:43 AM

I am having an issue with getting Duo SSO to work with webex and control hub:

I followed the documentation very carefully multiple times: Duo Single Sign-On for Cisco Webex (with Control Hub) | Duo Security

The error I get by following the above documentation is: “Single Sign On failed. Name Identifier format is incorrect”

I checked the xml Idp file and it does have the nameID that webex requires. I rebuilt the application multiple times to no avail.

Eventually I tried setting up the “Generic duo hosted SSO” application. using this I was able to get “SSO successful” in the test for Webex. Unfortunately, when I tried to sign into control hub “admin.webex.com” I got an error that I was not authorized and to contact my admin.

-Assuming this was due to an attribute issue?

Any help is appreciated. I created both a tac case and a duo support case, but they both have not been responsive this past week…

0 Helpful
3 Replies 3

khudson1
Level 1
Level 1

‎11-12-2021 07:44 AM

I would like to also add: Our webex control hub had SSO set up originally for OneLogin. We are trying to move away from it. Not sure if related but I did remove all connections our onelogin environment had with webex control hub already

0 Helpful

jamieis
Cisco Employee
Cisco Employee
In response to khudson1

‎11-12-2021 12:47 PM

Hi @Kurt,

I’m Jamie, an engineer on the SSO team!

Thanks for the information! We’ve seen this happen before with the named application for Webex ControlHub when the account is older and the backend of the Webex ControlHub account wasn’t upgraded to support the emailAddress NameIDFormat.

If you reach out to the Webex support team, they should be able to upgrade your Webex account to support the newer NameIDFormat on their side.

For the attribute error using the Generic SAML application, I’d double-check that the NameID value you’ve populated is the attribute that has the email address in it.

Feel free to contact support@duo.com and they should be able to help you in more detail!

khudson1
Level 1
Level 1
In response to jamieis

‎11-15-2021 09:13 AM

Thanks for the response, this is the most helpful info I’ve been given on the subject. I asked about this upgrade last week in my TAC case but have yet to hear back unfortunately. My tac engineer doesn’t seem to be the most responsive

Also still awaiting first contact from duo support. Created the case a week ago with no response.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents