can we allow sign in to webex only using defined company account ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

can we allow sign in to webex only using defined company account ?

L3 Networker

 I have followed below article and tried to configure http header insertion in URL filtering profile , but still able to login using other company account.

https://help.webex.com/en-us/m0jby2/Configure-a-List-of-Allowed-Domains-to-Access-Webex-While-on-You...

 

Also in url filtering log, no logs showing for http header. We have enabled decryption for any destination and any service but no luck.

Also as per finding , cisco-spark app traffic is not showing decrypted in url filtering logs. It could be due to ssl decryption exclusion for cisco-spark.

4 REPLIES 4

L0 Member

 If you are having login issues with Webex Meetings, we have some Click the Can't access your account? link to access sign-in assistance.

Cyber Elite
Cyber Elite

@Deepak25,

Have you taken a packet capture and verified that the header is actually being inserted when it traverses the firewall? WebEx is where that header actually gets read to determine if the account should be able to login or not, and if you're able to login with a domain not specified in the header it would point towards your insertion not working. 

We can't do pcap as traffic is https. I am suspecting header used in cisco webex login.

In my testing I am using http header "CiscoSpark-Allowed-Domains" , not sure whether this header correct or not.

Did decryption. Also in Device > decryption exclusion , disabled webex related domains to allow decryption for those domains, but no luck.

Deepak25_0-1628716653674.png

 

L1 Bithead

++You need to configure decryption to be able to read http header insertion by firewall.

++Then follow below steps Ref Link : https://help.webex.com/en-us/article/m0jby2/Configure-a-list-of-allowed-domains-to-access-Webex-whil...

 

++Add the HTTP header CiscoSpark-Allowed-Domains: and include a comma separated list of allowed domains. You must include the destination domains: identity.webex.com, identity-eu.webex.com, idbroker.webex.com, idbroker-secondary.webex.com, idbroker-b-us.webex.com, idbroker-eu.webex.com, atlas-a.wbx2.com and your proxy server includes the custom header for requests sent to these destination domains.

For example, to allow users from the example.com domain, add:

  • CiscoSpark-Allowed-Domains:example.com

    for domain(s):identity.webex.com, identity-eu.webex.com, idbroker.webex.com, idbroker-secondary.webex.com, idbroker-b-us.webex.com, idbroker-eu.webex.com, atlas-a.wbx2.com

    ++Create a rule for Webex and add webex in applications and applicable security policy which we created as ttp header insertion

    Attached few snapcisco.PNG

  • 4063 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!