This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

can we allow sign in to webex only using defined company account ?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

can we allow sign in to webex only using defined company account ?

Deepak25
L3 Networker

‎07-18-2021 12:31 PM - edited ‎07-18-2021 12:32 PM

 I have followed below article and tried to configure http header insertion in URL filtering profile , but still able to login using other company account.

https://help.webex.com/en-us/m0jby2/Configure-a-List-of-Allowed-Domains-to-Access-Webex-While-on-You...

 

Also in url filtering log, no logs showing for http header. We have enabled decryption for any destination and any service but no luck.

Also as per finding , cisco-spark app traffic is not showing decrypted in url filtering logs. It could be due to ssl decryption exclusion for cisco-spark.

0 Likes Likes
4 REPLIES 4

Barber52
L0 Member

‎07-19-2021 05:20 AM

 If you are having login issues with Webex Meetings, we have some Click the Can't access your account? link to access sign-in assistance.

0 Likes Likes

BPry
Cyber Elite
Cyber Elite

‎07-19-2021 10:17 AM

@Deepak25,

Have you taken a packet capture and verified that the header is actually being inserted when it traverses the firewall? WebEx is where that header actually gets read to determine if the account should be able to login or not, and if you're able to login with a domain not specified in the header it would point towards your insertion not working. 

0 Likes Likes

Deepak25
L3 Networker
In response to BPry

‎08-11-2021 02:20 PM

We can't do pcap as traffic is https. I am suspecting header used in cisco webex login.

In my testing I am using http header "CiscoSpark-Allowed-Domains" , not sure whether this header correct or not.

Did decryption. Also in Device > decryption exclusion , disabled webex related domains to allow decryption for those domains, but no luck.

Deepak25_0-1628716653674.png

 

0 Likes Likes

OmkarM
L1 Bithead

‎07-16-2022 01:26 AM

++You need to configure decryption to be able to read http header insertion by firewall.

++Then follow below steps Ref Link : https://help.webex.com/en-us/article/m0jby2/Configure-a-list-of-allowed-domains-to-access-Webex-whil...

 

++Add the HTTP header CiscoSpark-Allowed-Domains: and include a comma separated list of allowed domains. You must include the destination domains: identity.webex.com, identity-eu.webex.com, idbroker.webex.com, idbroker-secondary.webex.com, idbroker-b-us.webex.com, idbroker-eu.webex.com, atlas-a.wbx2.com and your proxy server includes the custom header for requests sent to these destination domains.

For example, to allow users from the example.com domain, add:

  • CiscoSpark-Allowed-Domains:example.com

    for domain(s):identity.webex.com, identity-eu.webex.com, idbroker.webex.com, idbroker-secondary.webex.com, idbroker-b-us.webex.com, idbroker-eu.webex.com, atlas-a.wbx2.com

    ++Create a rule for Webex and add webex in applications and applicable security policy which we created as ttp header insertion

    Attached few snapcisco.PNG

0 Likes Likes
  • 4062 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks