Versions Compared

Old Version 9

changes.mady.by.user Yoav Crombie

Saved on

compared with

New Version Current

changes.mady.by.user Yoav Crombie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SaaS Overview

Components

The Webex solution includes the following components:

...

Admin web portal - Operating and auditing the product.

...

DB - settings and operational data.

...

Adapter - Service that manages the process of inspection .

...

ADSync - Syncing users from AD into the system.

...

Maintenance Service (MNTS) - Operational services such as sending notifications , reports and cleaning up logs and old records.

...

Process overview

  1. Register Azure app to allow authenticating to the Portal -
    Go here https://appreg.agatcloud.com/ and follow this guide
    How to configure the SphereShield Azure App for Sign in and groups?

  2. At the end of the process you will send the tenant ID and get back a URL to your customer cloud portal.

  3. For webex Messaging and Meeting control - Register Webex app : How to configure the SphereShield Webex App?

  4. To speed up deployment it is best to give AGAT 2 users to be able to test the solution

FAQ

Why O365 tenant is needed?

Accessing the Portal is done by Active Directory authentication. Ideally , product is configured with Azure AD as it is in the cloud. This is why we need an O365 tenant- just for managing the users in Azure AD .

...

Please contact AGAT Support if you don’t have your users managed in Azure AD users to explore using Local AD.

Which users are needed in Webex for the solution?

To allow the Adapter to get access to your Webex events and content , SphereShield uses a Webex app that the customer must register . For this , the product requires a user with compliance officer role with admin permission as explained in the links below.

https://agatsoftware.atlassian.net/wiki/spaces/SFTKB/pages/607879169/HowWebex+tointegration+configureApp+the+SphereShieldfor+Webex+App#HowtoconfiguretheSphereShieldWebexApp%3FTeams#HowtoconfiguretheSphereShieldWebexApp%3F-CreateanIntegrationapplicationintheWebexDeveloperPortal

Security considerations - permission access and data flow of the Webex solution

The are 2 access point of SphereShield to the company data:

  1. Azure app - Authenticating to the Portal using Azure AD / Local AD

  2. Webe app - Getting Webex event for compliance inspection and action by the Webex app on behalf of the Webex Compliance Officer

High level security overview

The app has access and full permission to all Webex data of the company. It is designed to get all Webex events which are inspected but does not store the content

Azure app access point

This access point allow SphereShield to access company users and group . Groups are needed to specify which users should be inspected and allow different policies per group if needed.

...

The permission needed for authentication to the AD are explained here:
How to configure the SphereShield Azure App for Sign in and groups?

Webex app access point

The webex app is required to get access to Webex developer API

...

To allow full functionality the app requires the permission listed here How to configure the SphereShield Webex integration App ?for Webex Teams

Webex data flow:

Messages and Files :

To get all messages and files events, the app invokes the following API https://developer.webex.com/docs/api/v1/events/list-events

...

Similar to the messaging and files flow, once an event is received, it is stored in the queue. In case the event is not related to a user that is a member of the group to be inspected , the event is ignored and not stored.

Handling data

Handling both Audio / Video and messaging / files are done using the relevant API allowing us to delete content or hangup call or remove users from spaces / meetings.

Storing Data

If eDiscovery is not enabled, SphereShield does not store the content.

...