This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.
Single sign-on failed. Invalid status code in response. I can't sign into my account at signin.webex.com. Sign in or get your username and password. Sign into Webex Meetings. How do I retrieve a Webex user ID and password. Cisco Webex Best Practices for Secure Meetings: Hosts. Cisco Webex Identity Services can deliver single sign-on to all Cisco Webex collaboration tools using Microsoft Azure AD as the identity provider. End users can seamlessly sign-in to Cisco Webex collaboration tools alongside Office 365 with the same credentials. The first time you sign in to the Webex app for Windows or Mac you recieve a six-digit confirmation PIN to verify your email address. Then, you can create your password and sign in. This increases the safety and security of the sign-in process.
Read this before you enable SAML
Enabling SAML will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service.
Backup URL
Cisco Webex Teams does not provide backup log-in URL where users can sign-in using their normal username and password. You can email Cisco Webex support to turn off SAML, if necessary.
Contents
Webex Teams Online
Supported Features
The Okta/Cisco Webex Teams SAML integration currently supports the following features:
- SP-initiated SSO
Log Into Webex Teams
For more information on the listed features, visit the Okta Glossary.
Can't Sign Into Webex Teams
Configuration Steps
Login to the Cisco Webex Control Hub at https://admin.webex.com as an administrator
Navigate to Settings > Authentication, then click Modify:
Select Integrate a 3rd-party provider. (Advanced), then click Next:
Click Download Metadata File, then click Next:
Open the downloaded Metadata file in a text editor. Locate and make a copy of the value of entityID:
The value should look like this: https://idbroker.webex.com/1a2b3c...
In Okta, select the Sign On tab for the Cisco Webex Teams app, then click Edit.
Scroll down to the ADVANCED SIGN-ON SETTINGS section.
Organization ID: Enter the last part of the entityID value you just copied from the Metadata file.
For example, if the value for the entityID is: https://idbroker.webex.com/1a2b3c...
Then the value you should enter in the Organization ID field is: 1a2b3c...
Click Save.
Copy and paste the following IDP Metadata into a file and save as metadata.xml (do not use any spaces in the file name).
Go back to the Enterprise Settings page. Click file browser to locate and upload the metadata.xml file you've just saved. Check Require certificate signed by a certificate authority in Metadata (more secure), then click Next:
Click Test SSO Connection.
Note: A new browser window will open - make sure that your browser allows for pop-ups.
You should see a Single Sign-on succeeded message in a new browser tab. Close this tab.
Select the The test was successful. Enable Single Sign On. option, then click Save:
Done!
Notes
The following SAML attributes are supported:
| Name | Value |
|---|---|
| uid | user.email |
| user.email |
For SP-initiated SSO
Go to https://teams.webex.com/.
Enter your email address.
Click Next:
This is an example error message:
When you click the error, you'll see a more detailed message, typically including a suggested fix.
Sign In To Webex Teams Blank Screen
Error Code | Message | Fix |
|---|---|---|
| Unknown = 1 | Unknown Error: 1000:1 | For SSO environments, start a new session in the Phone Service settings. For non-SSO environments, open Phone Service settings and sign in again. |
| UnknownStartFeatureSetFailure = 2 | Sign into your account to use your phone services. Error: 1000:2 | |
| FeatureSetNotProvisioned = 3 | Sign into your account to use your phone services. Error: 1000:3 | |
| UnknownAuthenticator = 4 | Sign into your account to use your phone services. Error: 1000:4 | |
| ErrorReadingConfig = 6 | Sign into your account to use your phone services. Error: 1000:6 | |
| InvalidStartupHandlerState = 7 | Sign into your account to use your phone services. Error: 1000:7 | |
| InvalidLifeCycleState = 8 | Phone service registration failed. Error:1000:8 | |
| ConfigChangeSignout = 99 | Sign into your account to use your phone services. Error: 1000:99 | |
| ConfigChangeReset = 100 | Sign into your account to use your phone services. Error:1000:100 | |
| InvalidCertRejected = 101 | Your connection to the server has been rejected due to an invalid certificate. Error: 1000:101 | |
| SSOPageLoadError = 400 | Can't load SSO browser page. Try again later. Error: 1000:400 | |
| SSOStartSessionError = 500 | Failed to start a new SSO session. Try again. Error: 1000:500 | |
| SSOUnknownError = 600 | Can't load SSO browser page. Try again. Error: 1000:600 | |
| SSOCancelled = 601 | Sign into your account to use your phone services. Error: 1000:601 | |
| SSOWebexCloudError = 602 | Failed to start a new SSO session. Try again. Error: 1000:602 | |
| SSOCertificateError = 603 | Cannot start a new session due to a certificate problem. Contact your administrator. Error: 1000:603 | |
| SSOInvalidUserSwitch = 604 | Sign into your account to use your phone services. Error: 1000:604 | |
| SSOWhoAmIFailure = 605 | Failed to start a new session. Try signing into your phone service again. Error: 1000:605 | |
| SSOSessionExpired = 606 | Your session has expired. Try signing into your phone service again. Error: 1000:606 | |
| SSOEdgeConfigNeeded = 607 | Sign into your account to use your phone services. Error: 1000:607 | |
| InvalidBrowserResponse = 608 | Your session has expired. Try signing into your phone service again. Error: 1000:608 | |
| CredentialsRequired = 611 | Sign into your account to use your phone services. Error: 1000:611 | |
| CommonIdentityProvisioningUser = 701 | Phone service registration failed. Error:1000:701 | |
| ServiceDiscoveryFailure = 1001 | Can't find your phone service. Check your phone service preferences. Error: 1000:1001 | |
| ServiceDiscoveryAuthenticationFailure = 1002 | Incorrect username or password. Error: 1000:1002 | |
| ServiceDiscoveryCannotConnectToCucmServer = 1003 | Can't communicate with Unified CM server. Check your phone service preferences. Error: 1000:1003 | |
| ServiceDiscoveryNoCucmConfiguration = 1004 | Can't find your phone service. Check your phone service preferences. Error: 1000:1004 | |
| ServiceDiscoveryNoSRVRecordsFound = 1005 | Can't find your SRV record. Check your phone service preferences. Error: 1000:1005 | |
| ServiceDiscoveryCannotConnectToEdge = 1006 | Cannot communicate with the server. Check your phone service preferences. Error: 1000:1006 | |
| ServiceDiscoveryNoNetworkConnectivity = 1007 | You're not connected to the internet. Check your network settings. Error: 1000:1007 | |
| ServiceDiscoveryUntrustedCertificate = 1008 | No service discovered due to an untrusted certificate from server. Error: 1000:1008 | |
| ServiceDiscoveryPrimaryAuthChanged = 1009 | Your administrator has changed your setup. If you lose your connection, you may need to sign into your phone services again. Error: 1000:1009 | |
| ServiceDiscoveryNoUserLookup = 1010 | Your account configuration is invalid. Contact your administrator. 1000:1010 | |
| ConnectionFailedByMRAPolicy = 1100 | Phone service failed due to MRA policy setting. Error: 1000:1100 | |
| ServiceDiscoveryAuthorizationModeChanged = 1012 | Your phone service has been disconnected due to a change in the authorization mode. Try restarting Webex Teams. Error: 1000:1012 | |
| ServiceDiscoveryHomeClusterChanged = 1013 | Your phone service has been disconnected because your home Unified CM cluster has changed. Try restarting Webex Teams. Error: 1000:1013 |