<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

</head>

<body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">

<div class="">The following may be a possibility to programatically update the SecretToken:</div>

<div class=""><br class="">

</div>

<a href="https://stackoverflow.com/questions/54484428/how-to-update-secret-token-property-in-azure-ad-synchronization-api" class="">https://stackoverflow.com/questions/54484428/how-to-update-secret-token-property-in-azure-ad-synchronization-api</a>

<div class=""><br class="">

</div>

<div class="">Basically a HTTP PUT, so just a matter of figuring out the authentication to the Azure API & getting the GUID of the servicePrincipal and it should just be a few of lines of Python etc.</div>

<div class=""><br class="">

</div>

<div class="">Stephen</div>

<div class=""><br class="">

<div><br class="">

<blockquote type="cite" class="">

<div class="">On 7 Aug 2019, at 21:35, Anthony Holloway <avholloway+cisco-voip@gmail.com> wrote:</div>

<br class="Apple-interchange-newline">

<div class="">

<div dir="ltr" class="">Ok, so it's one-liner to pull an OAuth token from my webex account for an integration which doesn't exist (or at least, it doesn't require me to create one first, nor does it create one for me).

<div class=""><br class="">

</div>

<div class="">Since there is nothing to look at, after the link is processed, it almost seems like a better idea to create the integration on <a href="https://developer.webex.com/my-apps" class="">https://developer.webex.com/my-apps</a>, obtain the token, so

 that I have something to look at/reference later for this integration.</div>

<div class=""><br class="">

</div>

<div class="">Also, if I'm not mistaken, since Azure is not going to ask for a refresh token then, this will forever be a task that we manually perform every year, right?  Perhaps someone will get fancy and write middleware to refresh the token and push it

 into Azure, but I'm not even sure if Azure exposes an API to update that field.</div>

</div>

<br class="">

<div class="gmail_quote">

<div dir="ltr" class="gmail_attr">On Wed, Aug 7, 2019 at 12:05 PM Ryan Ratliff (rratliff) <<a href="mailto:rratliff@cisco.com" class="">rratliff@cisco.com</a>> wrote:<br class="">

</div>

<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

<div lang="EN-US" class="">

<div class="gmail-m_-4236187355733949759WordSection1">

<p class="MsoNormal">The URL is just a shortcut way to get an OAuth token for the integration.<u class=""></u><u class=""></u></p>

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

<p class="MsoNormal">You can easily do the same thing via the API if you had to.<u class=""></u><u class=""></u></p>

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

<p class="MsoNormal">Look at the URL itself:<u class=""></u><u class=""></u></p>

<p class="MsoNormal"><a href="https://idbroker.webex.com/idb/oauth2/v1/authorize" target="_blank" class="">https://idbroker.webex.com/idb/oauth2/v1/authorize</a><u class=""></u><u class=""></u></p>

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

<p class="MsoNormal">Here are the parameters for the GET request (leaving the %-encoded characters because I’m lazy):<u class=""></u><u class=""></u></p>

<p class="MsoNormal">response_type=token<u class=""></u><u class=""></u></p>

<p class="MsoNormal">client_id=<some text><u class=""></u><u class=""></u></p>

<p class="MsoNormal">redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fcode<u class=""></u><u class=""></u></p>

<p class="MsoNormal">scope=spark%3Apeople_read%20spark%3Apeople_write%20Identity%3ASCIM<u class=""></u><u class=""></u></p>

<p class="MsoNormal">state=this-should-be-a-random-string-for-security-purpose<u class=""></u><u class=""></u></p>

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

<p class="MsoNormal">You can see the definitions of the parameters at <a href="https://developer.webex.com/docs/integrations" target="_blank" class="">

https://developer.webex.com/docs/integrations</a>.<u class=""></u><u class=""></u></p>

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

<p class="MsoNormal">A given integration can have only one OAuth token at a time, so if you regenerate your token by logging into that URL then it will invalidate any previous ones.<u class=""></u><u class=""></u></p>

<p class="MsoNormal">The web page isn’t going away, it’s just the URL the OAuth generation redirected you to when it generated your token, which happens to include your token.<u class=""></u><u class=""></u></p>

<p class="MsoNormal">It’s non-developer speak for “don’t close your browser until you copy that token”, and worst case, generate a new one.<u class=""></u><u class=""></u></p>

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

<div class="">

<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: "Lucida Grande", sans-serif;" class="">Ryan Ratliff<u class=""></u><u class=""></u></span></p>

<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: "Lucida Grande", sans-serif;" class="">Manager, Cisco Cloud Collaboration TAC <u class=""></u><u class=""></u></span></p>

<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: "Lucida Grande", sans-serif;" class="">Standard Business Hours: 8:00AM-5:00PM EDT<br class="">

Email: <a href="mailto:rratliff@cisco.com" target="_blank" class="">rratliff@cisco.com</a><u class=""></u><u class=""></u></span></p>

<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: "Lucida Grande", sans-serif;" class="">Office: +1 919-476-2081<u class=""></u><u class=""></u></span></p>

<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: "Lucida Grande", sans-serif;" class="">Mobile: +1-919-225-0448<u class=""></u><u class=""></u></span></p>

</div>

<p class="MsoNormal"><span style="font-size: 10.5pt; font-family: "Lucida Grande", sans-serif;" class="">Cisco U.S. Contact Numbers: +1-800-553-2447 or +1-408-526-7209</span><u class=""></u><u class=""></u></p>

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(181,196,223);padding:3pt 0in 0in" class="">

<p class="MsoNormal"><b class=""><span style="font-size: 12pt;" class="">From: </span>

</b><span style="font-size: 12pt;" class="">cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank" class="">cisco-voip-bounces@puck.nether.net</a>> on behalf of Anthony Holloway <<a href="mailto:avholloway%2Bcisco-voip@gmail.com" target="_blank" class="">avholloway+cisco-voip@gmail.com</a>><br class="">

<b class="">Date: </b>Wednesday, August 7, 2019 at 12:32 PM<br class="">

<b class="">To: </b>Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com" target="_blank" class="">MLoraditch@heliontechnologies.com</a>><br class="">

<b class="">Cc: </b>cisco-voip list <<a href="mailto:cisco-voip@puck.nether.net" target="_blank" class="">cisco-voip@puck.nether.net</a>><br class="">

<b class="">Subject: </b>Re: [cisco-voip] Azure to Webex User Provisioning and Tokens<u class=""></u><u class=""></u></span></p>

</div>

<div class="">

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">Thank you for that confirmation. <u class=""></u><u class=""></u></p>

<div class="">

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">It's concerning to me that the note below the URL says:<u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">"We recommend that you paste this value into a text file and save it, so that you have a record of the token in case the URL is not available any more."<u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">Considering the token expires every 365 days.  I sure hope the URL is available in the future.<u class=""></u><u class=""></u></p>

</div>

</div>

<p class="MsoNormal"><u class=""></u> <u class=""></u></p>

<div class="">

<div class="">

<p class="MsoNormal">On Wed, Aug 7, 2019 at 11:26 AM Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com" target="_blank" class="">MLoraditch@heliontechnologies.com</a>> wrote:<u class=""></u><u class=""></u></p>

</div>

<blockquote style="border-top:none;border-right:none;border-bottom:none;border-left:1pt solid rgb(204,204,204);padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in" class="">

<div class="">

<div class="">

<p class="MsoNormal">FWIW the Cisco documents say the same thing: <a href="https://help.webex.com/en-us/aumpbz/Synchronize-Azure-Active-Directory-Users-into-Cisco-Webex-Control-Hub" target="_blank" class="">

https://help.webex.com/en-us/aumpbz/Synchronize-Azure-Active-Directory-Users-into-Cisco-Webex-Control-Hub</a><u class=""></u><u class=""></u></p>

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

<div class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100%">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0">

<tbody class="">

<tr class="">

<td style="padding:0in 7.5pt 0in 0in" class="">

<p class="MsoNormal"><span style="font-size:1pt" class=""> <u class=""></u><u class=""></u></span></p>

</td>

<td style="padding:7.5pt 0in 7.5pt 7.5pt" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100%">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in" class="">

<p class="MsoNormal"><b class=""><span style="color:rgb(243,128,11)" class="">Matthew Loraditch</span></b><b class=""><span style="font-size:1pt;font-family:remialcxesans,serif;color:white" class=""></span></b><b class=""><span style="color:rgb(243,128,11)" class=""><u class=""></u><u class=""></u></span></b></p>

</td>

</tr>

<tr class="">

<td valign="top" style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in" class="">

<p class="MsoNormal"><b class=""><span style="color:gray" class="">Sr. Network Engineer<u class=""></u><u class=""></u></span></b></p>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

<tr class="">

<td valign="top" style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0">

<tbody class="">

<tr class="">

<td valign="top" style="padding:7.5pt 0in 0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in" class="">

<p class="MsoNormal"><span style="color:rgb(243,128,11)" class="">p:</span><span style="color:gray" class=""> <a href="tel:443.541.1518" target="_blank" class=""><strong class=""><span style="font-family:Calibri,sans-serif;color:gray;font-weight:normal;text-decoration:none" class="">443.541.1518</span></strong></a><u class=""></u><u class=""></u></span></p>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

<tr class="">

<td valign="top" style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in" class="">

<p class="MsoNormal"><span style="color:rgb(243,128,11)" class="">w:</span><span style="color:gray" class=""> <a href="http://www.heliontechnologies.com/" target="_blank" class=""><strong class=""><span style="font-family:Calibri,sans-serif;color:gray;font-weight:normal;text-decoration:none" class="">www.heliontechnologies.com</span></strong></a><u class=""></u><u class=""></u></span></p>

</td>

<td valign="top" style="padding:0in" class="">

<p class="MsoNormal"><span style="color:gray" class=""> | <u class=""></u><u class=""></u></span></p>

</td>

<td valign="top" style="padding:0in" class="">

<p class="MsoNormal"><span style="color:rgb(243,128,11)" class="">e:</span><span style="color:gray" class=""> <a href="mailto:MLoraditch@heliontechnologies.com" target="_blank" class=""><strong class=""><span style="font-family:Calibri,sans-serif;color:gray;font-weight:normal;text-decoration:none" class="">MLoraditch@heliontechnologies.com</span></strong></a><u class=""></u><u class=""></u></span></p>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

<tr class="">

<td style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0">

<tbody class="">

<tr class="">

<td valign="bottom" style="padding:0in" class="">

<p class="MsoNormal"><span style="font-size:1pt" class=""><a href="http://www.heliontechnologies.com/" target="_blank" class=""><span style="color:windowtext;text-decoration:none" class=""><span style="color:blue" class=""><span id="cid:16c6dc6b9694cff311"><image001.png></span></span></span></a><u class=""></u><u class=""></u></span></p>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

<tr class="">

<td valign="top" style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100%">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0">

<tbody class="">

<tr class="">

<td valign="top" style="padding:7.5pt 0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100%">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100%">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in 2.25pt 0in 0in" class="">

<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:1pt" class=""><a href="https://facebook.com/heliontech" target="_blank" class=""><span style="color:windowtext;text-decoration:none" class=""><span style="color:blue" class=""><span id="cid:16c6dc6b96a5b16b22"><image002.png></span></span></span></a><u class=""></u><u class=""></u></span></p>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

</tbody>

</table>

</td>

<td valign="top" style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100%">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in 2.25pt 0in 0in" class="">

<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:1pt" class=""><a href="https://twitter.com/heliontech" target="_blank" class=""><span style="color:windowtext;text-decoration:none" class=""><span style="color:blue" class=""><span id="cid:16c6dc6b96a692e333"><image003.png></span></span></span></a><u class=""></u><u class=""></u></span></p>

</td>

</tr>

</tbody>

</table>

</td>

<td valign="top" style="padding:0in" class="">

<table class="gmail-m_-4236187355733949759MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100%">

<tbody class="">

<tr class="">

<td valign="top" style="padding:0in 2.25pt 0in 0in" class="">

<p class="MsoNormal" align="center" style="text-align:center"><span style="font-size:1pt" class=""><a href="https://www.linkedin.com/company/helion-technologies" target="_blank" class=""><span style="color:windowtext;text-decoration:none" class=""><span style="color:blue" class=""><span id="cid:16c6dc6b96a7745b44"><image004.png></span></span></span></a><u class=""></u><u class=""></u></span></p>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

</tbody>

</table>

</td>

</tr>

</tbody>

</table>

</div>

<p class="MsoNormal"><b class="">From:</b> cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank" class="">cisco-voip-bounces@puck.nether.net</a>>

<b class="">On Behalf Of </b>Anthony Holloway<br class="">

<b class="">Sent:</b> Wednesday, August 7, 2019 12:18 PM<br class="">

<b class="">To:</b> Cisco VoIP Group <<a href="mailto:cisco-voip@puck.nether.net" target="_blank" class="">cisco-voip@puck.nether.net</a>><br class="">

<b class="">Subject:</b> [cisco-voip] Azure to Webex User Provisioning and Tokens

<u class=""></u><u class=""></u></p>

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

<div class="">

<p class="MsoNormal">I'm using the following link:<u class=""></u><u class=""></u></p>

<div class="">

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"><a href="https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial" target="_blank" class="">https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/cisco-webex-provisioning-tutorial</a> <u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">And in step 6 it describes how to obtain the secret token from Cisco, to input into Azure.<u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">It notes that the token is valid for 365 days, however, in my testing it's looking like it might be 30 days.<u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">The resulting URL from step 6 has a URI parameter of:<u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">expires_in=31535999<u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">Which if you treat it as seconds, then it's 365 days, so the URL seems to match the document.<u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">I'm wondering if there is anyone with experience on this topic, before I put some serious time in with TAC.<u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal">Thanks much!<u class=""></u><u class=""></u></p>

</div>

<div class="">

<p class="MsoNormal"> <u class=""></u><u class=""></u></p>

</div>

</div>

</div>

</div>

</blockquote>

</div>

</div>

</div>

</blockquote>

</div>

_______________________________________________<br class="">

cisco-voip mailing list<br class="">

cisco-voip@puck.nether.net<br class="">

https://puck.nether.net/mailman/listinfo/cisco-voip<br class="">

</div>

</blockquote>

</div>

<br class="">

</div>

</body>

</html>