Webex Control Hub SSO with Azure AD and Cisco Duo

timhughsmith · ‎07-08-2023

Hi,

I have Cisco Duo setup using Azure AD as the identity source (via SAML).

I have Cisco Webex Control Hub.
Webex integrates directly to Azure AD.
Webex can sync users from Azure AD to Webex
And it can also perform SSO using Azure AD as the IDP.

I’d like to introduce Duo into this mix.
What would be the best way to do that?

I’m assuming it might be… disable the SSO portion of the Webex integration to Azure AD.
And setup SAML SSO from Webex Control Hub to Cisco Duo?

That way I sync users from AAD to Webex
And I authenticate users with the magic of Duo
But my first factor is from Azure AD

(Bonus points) - I’ve also wondered whether I might use JumpCloud as the SAML SSO source for Duo. My issue is that I don’t think I can sync users from JumpCloud to Duo this way. (not without some kind of gateway / proxy)

Thanks,

Tim

raphka · ‎07-08-2023

Hi TimSmith, Welcome to the Duo Community!

You have a couple of options:

1: You can indeed “disable the SSO portion of the Webex integration to Azure AD.
And setup SAML SSO from Webex Control Hub to Cisco Duo”

This may break syncing users from Azure to Webex, but i am not sure.

2: You could also use Azure CA policies to apply Duo to Webex authentications without re-federating Webex from Azure to Duo.

This will likely not break syncing users from Azure to Webex.
But it does require your Azure licenses to include conditional access.

Bonus points - JumpCloud can be used as a SAML IDP for Duo SSO, but as you note, to sync the users to Duo would require a proxy.