As bad as this sounds you may need to reach out to Cisco on this one. In my experiences with managing WebEx on macOS its hot garbage. Cisco has designed WebEx to not respect /Library/Managed Preferences which is where configuration profiles drop.
You can try to manually create the plist, put it in /Library/Preferences, package it up with JAMF and deploy it and see if that works. This is what we do to deploy our OrganizationID and it works well. Though its more so politely asking than managing as a user can just change the value. This is a limitation with WebEx, not MacOS or JAMF.
As bad as this sounds you may need to reach out to Cisco on this one. In my experiences with managing WebEx on macOS its hot garbage. Cisco has designed WebEx to not respect /Library/Managed Preferences which is where configuration profiles drop.
You can try to manually create the plist, put it in /Library/Preferences, package it up with JAMF and deploy it and see if that works. This is what we do to deploy our OrganizationID and it works well. Though its more so politely asking than managing as a user can just change the value. This is a limitation with WebEx, not MacOS or JAMF.
@AJPinto
Thank you very much for your reply!
I am not sure, if it would be really necessary to create an own plist for SSO for Webex
. Maybe it could be necessary, because there is no official team identifier for Webex , but I found an identifier called "com.cisco.webex" and some extensions (like for example "meetingmanager") . If I am right, it would be enough, to attach the first part of the - let me say - global team identifier (like "com.cisco.webex.") to the list of allowed applications to the Single Sign-On function, to get the Microsoft login screen. I did this and it works flawless, but I did not find a way to fill in the user credentials automaticly (its email address and password). The Microsoft login screen comes up, but the users email address and its password is not filled in. Would this be possible with a separate plist, like you wrote?
When you deploy a configuration profile, it creates a plist in /Library/Managed Applications. Think of this like GPO making Registry Keys on Windows. .plists are how macOS keeps up with settings, preferences and configurations. The Preference Domain (com.cisco.webexmeetings.config.plist) is how macOS knows what Application the plist pertains to. However, as with most things on macOS apple does not force standards or best practices. Generally speaking an Application should respect a few directories for plists, one of which being /Library/Managed Applications. However, Cisco does not design their products "correctly" for macOS. Because of this Configuration Profiles will not work for WebEx, the application is simply not “listening” for them.
WebEx does have a TeamID, but you would not need it for this.
- BundleID: Cisco-Systems.Spark
- TeamID: DE8Y96K9QP
Cisco is in the middle of shifting products with WebEx, I could see there being more than one preference domain that WebEx is listening to, but I don’t think it is. Either way if it works it works. It stands to reason whatever the key is for Window should be the same key for macOS, but that is assuming Cisco follows and standards themselves.
What does your configuration profile look like?
If you have the right preference domain, its a matter of figuring out what the correct key pair is. Unfortunately only Cisco and answer that, unless someone happens to have already have done this. We keep JAMF and Intune far apart because Azure is an unwieldy beast.
When you deploy a configuration profile, it creates a plist in /Library/Managed Applications. Think of this like GPO making Registry Keys on Windows. .plists are how macOS keeps up with settings, preferences and configurations. The Preference Domain (com.cisco.webexmeetings.config.plist) is how macOS knows what Application the plist pertains to. However, as with most things on macOS apple does not force standards or best practices. Generally speaking an Application should respect a few directories for plists, one of which being /Library/Managed Applications. However, Cisco does not design their products "correctly" for macOS. Because of this Configuration Profiles will not work for WebEx, the application is simply not “listening” for them.
WebEx does have a TeamID, but you would not need it for this.
- BundleID: Cisco-Systems.Spark
- TeamID: DE8Y96K9QP
Cisco is in the middle of shifting products with WebEx, I could see there being more than one preference domain that WebEx is listening to, but I don’t think it is. Either way if it works it works. It stands to reason whatever the key is for Window should be the same key for macOS, but that is assuming Cisco follows and standards themselves.
What does your configuration profile look like?
If you have the right preference domain, its a matter of figuring out what the correct key pair is. Unfortunately only Cisco and answer that, unless someone happens to have already have done this. We keep JAMF and Intune far apart because Azure is an unwieldy beast.
@AJPinto thank you so much for your reply and your patience.
As I re readed my post above, I recognized, that I confounded something.
We are using Cisco Webex for telephonie (instead of Jabber ) and meetings.
I set up a configuration profile for SSO. At this configuration profile, I had to upload a plist file for the settings. In that plist file, there is a parameter for the allowed applications for SSO.
Here is the screenshot:
Here is the plist (to be uploaded for the alowed applications):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AppPrefixAllowList</key>
<string>com.microsoft.,com.apple.,com.google.Chrome,org.mozilla.firefox,com.cisco.webex.,com.cisco.webex.Cisco-WebEx-Start,</string>
<key>browser_sso_interaction_enabled</key>
<true/>
<key>disable_explicit_app_prompt</key>
<true/>
</dict>
</plist>
When the user is starting Webex, the user have to fill in his email address in the first webex login window. That is ok for us, After he clicked on "continue", the Microsoft (Single Sign On) Login window appears.
The behaviour is, that the user has to fill in his email address, again and his password to authenticate himself. In our MS Office applications, these valuables are filled in automated. But in Cisco Webex , this does not work.
@AJPinto thank you so much for your reply and your patience.
As I re readed my post above, I recognized, that I confounded something.
We are using Cisco Webex for telephonie (instead of Jabber ) and meetings.
I set up a configuration profile for SSO. At this configuration profile, I had to upload a plist file for the settings. In that plist file, there is a parameter for the allowed applications for SSO.
Here is the screenshot:
Here is the plist (to be uploaded for the alowed applications):
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AppPrefixAllowList</key>
<string>com.microsoft.,com.apple.,com.google.Chrome,org.mozilla.firefox,com.cisco.webex.,com.cisco.webex.Cisco-WebEx-Start,</string>
<key>browser_sso_interaction_enabled</key>
<true/>
<key>disable_explicit_app_prompt</key>
<true/>
</dict>
</plist>
When the user is starting Webex, the user have to fill in his email address in the first webex login window. That is ok for us, After he clicked on "continue", the Microsoft (Single Sign On) Login window appears.
The behaviour is, that the user has to fill in his email address, again and his password to authenticate himself. In our MS Office applications, these valuables are filled in automated. But in Cisco Webex , this does not work.
Got this working just now, using the bundle ID from above, and found on this page: https://collaborationhelp.cisco.com/en-us/article/nw5p67g/Webex-App-%7C-Installation-and-automatic-upgrade#reference_89BE14EF623A0CED99D149416E8E7551
Here's the AppPrefixAllowList
com.microsoft.,com.adobe.,com.apple.,com.jamfsoftware.,com.jamf.,Cisco-Systems.Spark
Here's the full custom configuration plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>AppPrefixAllowList</key>
<string>com.microsoft.,com.adobe.,com.apple.,com.jamfsoftware.,com.jamf.,com.tableausoftware.tableaudesktop,Cisco-Systems.Spark</string>
<key>Enable_SSO_On_All_ManagedApps</key>
<integer>1</integer>
<key>browser_sso_interaction_enabled</key>
<integer>1</integer>
<key>disable_explicit_app_prompt</key>
<integer>1</integer>
</dict>
</plist>
