Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Introduction

This guide explains how to configure SphereShield app for Webex (Teams) and Webex Meeting.

You can install one or both of them depending on your business requirements.

Most steps are identical. When there is a difference, you will see info in the relevant step.

High level process steps

  1. Verify you have Admin Portal URL in hand (received from AGAT support)

  2. Create an Integration application in the Webex Developer Portal

  3. Register the Webex App in the Admin Portal

Detailed Steps 

Create an Integration application in the Webex Developer Portal

...

Login to admin webex -  https://admin.webex.com/manage-users/users with a service account. Note: this has to be a separate account from your main admin account, since it is not possible to assign "Compliance officer" role to yourself. It needs to be assigned a different account.
In the Profile tab click on the admin line:
Image Removed

...

Set the user to have a  Compliance Officer and Full administrator privileges:

...

             

...

Login to Webex Development: https://developer.webex.com/ with the user created above.

...

Click on Start Building Apps button:

...

Click Create an Integration
Image Removed
Select Integration as a new app type:
Image Removed

...

Fill in all the required settings.  Integration Name should be simply "SphereShield".  The icon should be the SphereShield logo.  Contact email should be support@agatsoftware.com
Image Removed

The important setting here is the Redirect URL. You should enter your Access Portal URL (provided by AGAT) with the addition of /account/webexauth suffix. 

Example for Fiji: https://ap.fiji.agat.world/account/webexauth

...

Select the following scopes for Webex Teams:

  • spark:all

  • spark-admin:call_memberships_read

  • spark-admin:calls_read

  • spark-admin:licenses_read

  • spark-admin:organizations_read

  • spark-admin:people_read

  • spark-admin:people_write

  • spark-admin:resource_group_memberships_read

  • spark-admin:resource_group_memberships_write

  • spark-admin:resource_groups_read

  • spark-admin:roles_read

  • spark-admin:call_qualities_read

  • spark-compliance:events_read

  • spark-compliance:memberships_read

  • spark-compliance:memberships_write

  • spark-compliance:messages_read

  • spark-compliance:messages_write

  • spark-compliance:rooms_read

  • spark-compliance:team_memberships_read

  • spark-compliance:team_memberships_write

  • spark-compliance:teams_read

10.  Click Add Integration button

It also possible to click all of the required scopes with a custom JavaScript. For this you need to have the Create new integration page open. While you’re on that page open browser developer tools, I’ll use Firefox as an example. It’s very similar in Chrome (Ctrl + Shift + C in Firefox and Chrome):

...

And paste the following code in this area:

...

Info

Note: as shown in the screenshot above you may need to type in “allow pasting” (without quotes) to be able to paste code into the dev tools console.

Code:

...

languagejs

...

Table of Contents

Introduction

This guide explains how to configure SphereShield app for Webex (Teams) and Webex Meeting.

You can install one or both of them depending on your business requirements.

Most steps are identical. When there is a difference, you will see info in the relevant step.


High level process steps

  1. Verify you have Admin Portal URL in hand (received from AGAT support)

  2. Create an Integration application in the Webex Developer Portal

  3. Register the Webex App in the Admin Portal

Detailed Steps 

Create an Integration application in the Webex Developer Portal



  1. Login to admin webex -  https://admin.webex.com/manage-users/users with a service account. Note: this has to be a separate account from your main admin account, since it is not possible to assign "Compliance officer" role to yourself. It needs to be assigned a different account.
    In the Profile tab click on the admin line:
    Image Added

  2. Set the user to have a  Compliance Officer and Full administrator privileges:

    Image Added

                 

  3. Login to Webex Development: https://developer.webex.com/ with the user created above.

  4. Click on Start Building Apps button:

    Image Added
  5. Click Create an Integration
    Image Added
    Select Integration as a new app type:
    Image Added

  6. Fill in all the required settings.  Integration Name should be simply "SphereShield".  The icon should be the SphereShield logo.  Contact email should be support@agatsoftware.com
    Image Added

  7. The important setting here is the Redirect URL. You should enter your Access Portal URL (provided by AGAT) with the addition of /account/webexauth suffix. 

    Example for Fiji: https://ap.fiji.agat.world/account/webexauth

    Note that the redirect URL is case sensitive.

  8. Select the following scopes for Webex Teams:

Expand
titleSphereShield for Webex App
  • spark:all

  • spark-admin:call_memberships_read

  • spark-admin:calls_read

  • spark-admin:licenses_read

  • spark-admin:organizations_read

  • spark-admin:people_read

  • spark-admin:people_write

  • spark-admin:resource_group_memberships_read

  • spark-admin:resource_group_memberships_write

  • spark-admin:resource_groups_read

  • spark-admin:roles_read

  • spark-admin:call_qualities_read

  • spark-compliance:events_read

  • spark-compliance:memberships_read

  • spark-compliance:memberships_write

  • spark-compliance:messages_read

  • spark-compliance:messages_write

  • spark-compliance:rooms_read

  • spark-compliance:team_memberships_read

  • spark-compliance:team_memberships_write

  • spark-compliance:teams_read

  • meeting:admin_schedule_read (for eDiscovery purpose to write meeting title)

  • meeting:admin_schedule_write (sending meeting invitee to make SphereShield Co Host in scheduled meeting)

  • meeting:participants_write (scope for being able to expel users from scheduled meeting)

  • meeting:admin_participants_read (scope needed to create “meetingParticipants” webhook)

  • meeting:controls_read (scope needed to be able to request meeting recording state)

  • meeting:controls_write (scope needed to be able to change meeting recording state)

  • meeting:admin_preferences_write(scoped needed to be able to make Compliance officer as CoHost in PMR meeting)

  • spark-admin:calls_write (might require escalation to Webex Support)

If you also want to use Webex Meetings add the scope:

  • meeting:recordings_read , meeting:admin_recordings_read

  1. Click Add Integration button

It is also possible to click all of the required scopes with a custom JavaScript. For this you need to have the Create new integration page open. While you’re on that page open browser developer tools, I’ll use Firefox as an example. It’s very similar in Chrome (Ctrl + Shift + C in Firefox and Chrome):

...

And paste the following code in this area:

...

Info

Note: as shown in the screenshot above you may need to type in “allow pasting” (without quotes) to be able to paste code into the dev tools console.

Code:

Code Block
languagejs
try {
    let requiredScopes
} catch (e) {
    console.log("variable already declared")
    console.log(e)
}

if (typeof requiredScopes === 'undefined') {
    console.log("defining scopes")
    requiredScopes = [
        "meetingspark:controls_writeall",
        "meetingspark-admin:admincall_preferencesmemberships_writeread",
        "spark-complianceadmin:meetingscalls_writeread",
        "spark-complianceadmin:meetingslicenses_read",
        "spark-admin:callsorganizations_write"
    ]

}

for (scope of requiredScopes) {read",
     let validScope = scope.replace(":"spark-admin:people_read",
"\\:")
         try {  "spark-admin:people_write",
      element = document.querySelector(`input[id*=${validScope}]`) "spark-admin:resource_group_memberships_read",
        if (!element.checked) {"spark-admin:resource_group_memberships_write",
        "spark-admin:resource_groups_read",
      console.log(`Clicking ${validScope}`)
 "spark-admin:roles_read",
        "spark-admin:call_qualities_read",
  element.click()      "spark-compliance:events_read",
  }     } catch (e) { "spark-compliance:memberships_read",
          console.log(`couldn't find element ${scope}`)"spark-compliance:memberships_write",
        "spark-compliance:messages_read",
  console.log(e)     }
}

Code that also includes Meetings:

Code Block
languagejs
try { "spark-compliance:messages_write",
     let requiredScopes } catch (e) { "spark-compliance:rooms_read",
      console.log("variable already declared") "spark-compliance:team_memberships_read",
    console.log(e) }  if (typeof requiredScopes === 'undefined') { "spark-compliance:team_memberships_write",
        console.log("defining scopes")"spark-compliance:teams_read",
      requiredScopes = [ "meeting:admin_schedule_read",
        "spark:allmeeting:admin_schedule_write",
        "spark-adminmeeting:callparticipants_memberships_readwrite",
        "spark-admin:callsmeeting:admin_participants_read",
        "spark-adminmeeting:licensescontrols_read",
        "spark-adminmeeting:organizationscontrols_readwrite",
        "spark-admin:people_readmeeting:admin_preferences_write",
        "spark-admincompliance:peoplemeetings_write",
        "spark-admin:resource_group_membershipscompliance:meetings_read",
        "spark-admin:resource_group_membershipscalls_write",
    ]

}

for  "spark-admin:resource_groups_read",
(scope of requiredScopes) {
    let validScope = "spark-admin:roles_readscope.replace(":", "\\:")
    
    "spark-admin:call_qualities_read",try {
         "spark-compliance:events_read",
element = document.querySelector(`input[id*=${validScope}]`)
       "spark-compliance:memberships_read",
   if (!element.checked) {
     "spark-compliance:memberships_write",       console.log(`Clicking ${validScope}`)
 "spark-compliance:messages_read",         "spark-compliance:messages_write",  element.click()
      "spark-compliance:rooms_read",  }
    }  "spark-compliance:team_memberships_read",catch (e) {
        "spark-compliance:team_memberships_write",
  console.log(`couldn't find element ${scope}`)
     "spark-compliance:teams_read",   console.log(e)
     "meeting:admin_schedule_read",
}
}

Code that also includes Meetings:

Code Block
languagejs
try {
    let requiredScopes
 "meeting:admin_schedule_write",
 } catch (e) {
    console.log("variable already "meeting:participants_write",declared")
    console.log(e)
   "meeting:admin_participants_read",
        "meeting:controls_read",}

if (typeof requiredScopes === 'undefined') {
    console.log("defining scopes")
    requiredScopes    "meeting:controls_write",= [
        "meeting:admin_preferences_writespark:all",
        "spark-complianceadmin:meetingscall_memberships_writeread",
        "spark-complianceadmin:meetingscalls_read",
        "spark-admin:callslicenses_writeread",
        "meetingspark-admin:recordingsorganizations_read",
        "meeting:admin_recordingsspark-admin:people_read",
    ]  }  for (scope of requiredScopes) {"spark-admin:people_write",
      let validScope = scope.replace(":"spark-admin:resource_group_memberships_read",
"\\:")        "spark-admin:resource_group_memberships_write",
    try  {  "spark-admin:resource_groups_read",
      element = document.querySelector(`input[id*=${validScope}]`) "spark-admin:roles_read",
        if (!element.checked) {"spark-admin:call_qualities_read",
        "spark-compliance:events_read",
     console.log(`Clicking ${validScope}`)  "spark-compliance:memberships_read",
          element.click()
   "spark-compliance:memberships_write",
      }  "spark-compliance:messages_read",
  }  catch (e) {  "spark-compliance:messages_write",
      console.log(`couldn't find element ${scope}`) "spark-compliance:rooms_read",
          console.log(e)"spark-compliance:team_memberships_read",
       }
}

Just the Meetings:

Code Block
languagejs
try { "spark-compliance:team_memberships_write",
       let requiredScopes
} catch (e) { "spark-compliance:teams_read",
        console.log("variable already declared")"meeting:admin_schedule_read",
    console.log(e) }  if (typeof requiredScopes === 'undefined') { "meeting:admin_schedule_write",
        console.log("defining scopes")"meeting:participants_write",
      requiredScopes = [ "meeting:admin_participants_read",
        "meeting:recordingscontrols_read",
        "meeting:admincontrols_recordings_readwrite",
        "spark-admin:people_readmeeting:admin_preferences_write",
        "spark-admincompliance:resource_group_memberships_readmeetings_write",
        "spark-admincompliance:resource_groupsmeetings_read",
        "spark-complianceadmin:eventscalls_readwrite",
        "spark-compliancemeeting:membershipsrecordings_read",
        "spark-compliancemeeting:teamadmin_membershipsrecordings_read",
        "spark-compliance:teams_read"
    ]

}

for (scope of requiredScopes) {
    let validScope = scope.replace(":", "\\:")
    
    try {
        element = document.querySelector(`input[id*=${validScope}]`)
        if (!element.checked) {
            console.log(`Clicking ${validScope}`)
            element.click()
        }
    } catch (e) {
        console.log(`couldn't find element ${scope}`)
        console.log(e)
    }
}

...

  1. Copy all the text in OAuth Authorization URL field (black box):

    Image RemovedImage Added


    (can be easily done by 3 left clicks on the black box text to select all the URL and Ctrl+C to copy)

  2. Paste it into a new tab of Chrome (recommends to use incognito) in the address line and press Enter:

  3. Accept the required permissions:


    You will be redirected to the Admin Portal Webex App Configuration page ([adminPortalURL]/account/webexauth):

    Image Removed
  4. Image Added

    Enter the settings from Webex App: Client ID, Client Secret, Integration ID
    In External Portal Web API URL enter your AP external URL, like https://apenv29.fijiagatcloud.agat.worldcom

    Note that here it comes without any suffix, just the site base URL.
    After clicking the Save button, the Admin Portal will try to connect to the configured Webex App and if it succeeds you will see the following page: 

...

Now the Webex App is configured and you can review the settings in the Cloud Services Integration settings page:

Webex Teams alone

...

Webex Meetings alone

...

Both Webex

...


You could do Both Webex, if you already selected all the needed scopes:

Webex integration App for Webex Meeting

...



Reconfiguring Existing Environment

...