Webex integration App for Webex Teams

Owned by Agat Support
Last updated: Jul 26, 2023 by David Elkarat
8 min read

 

 

Introduction

This guide explains how to configure SphereShield app for Webex (Teams) and Webex Meeting.

You can install one or both of them depending on your business requirements.

Most steps are identical. When there is a difference, you will see info in the relevant step.



High level process steps

  1. Verify you have Admin Portal URL in hand (received from AGAT support)

  2. Create an Integration application in the Webex Developer Portal

  3. Register the Webex App in the Admin Portal

Detailed Steps 

Create an Integration application in the Webex Developer Portal





  1. Login to admin webex -  https://admin.webex.com/manage-users/users with a service account. Note: this has to be a separate account from your main admin account, since it is not possible to assign "Compliance officer" role to yourself. It needs to be assigned a different account.
    In the Profile tab click on the admin line:

  2. Set the user to have a  Compliance Officer and Full administrator privileges:

                 

  3. Login to Webex Development: https://developer.webex.com/ with the user created above.

  4. Click on Start Building Apps button:

  5. Click Create an Integration

    Select Integration as a new app type:


  6. Fill in all the required settings.  Integration Name should be simply "SphereShield".  The icon should be the SphereShield logo.  Contact email should be support@agatsoftware.com

  7. The important setting here is the Redirect URL. You should enter your Access Portal URL (provided by AGAT) with the addition of /account/webexauth suffix. 

    Example for Fiji: https://ap.fiji.agat.world/account/webexauth

    Note that the redirect URL is case sensitive.


  8. Select the following scopes for Webex Teams:

  • spark:all

  • spark-admin:call_memberships_read

  • spark-admin:calls_read

  • spark-admin:licenses_read

  • spark-admin:organizations_read

  • spark-admin:people_read

  • spark-admin:people_write

  • spark-admin:resource_group_memberships_read

  • spark-admin:resource_group_memberships_write

  • spark-admin:resource_groups_read

  • spark-admin:roles_read

  • spark-admin:call_qualities_read

  • spark-compliance:events_read

  • spark-compliance:memberships_read

  • spark-compliance:memberships_write

  • spark-compliance:messages_read

  • spark-compliance:messages_write

  • spark-compliance:rooms_read

  • spark-compliance:team_memberships_read

  • spark-compliance:team_memberships_write

  • spark-compliance:teams_read

  • meeting:admin_schedule_read (for eDiscovery purpose to write meeting title)

  • meeting:admin_schedule_write (sending meeting invitee to make SphereShield Co Host in scheduled meeting)

  • meeting:participants_write (scope for being able to expel users from scheduled meeting)

  • meeting:admin_participants_read (scope needed to create “meetingParticipants” webhook)

  • meeting:controls_read (scope needed to be able to request meeting recording state)

  • meeting:controls_write (scope needed to be able to change meeting recording state)

  • meeting:admin_preferences_write(scoped needed to be able to make Compliance officer as CoHost in PMR meeting)

  • spark-admin:calls_write (might require escalation to Webex Support)

If you also want to use Webex Meetings add the scope:

  • meeting:recordings_read , meeting:admin_recordings_read

  1. Click Add Integration button

 

It is also possible to click all of the required scopes with a custom JavaScript. For this you need to have the Create new integration page open. While you’re on that page open browser developer tools, I’ll use Firefox as an example. It’s very similar in Chrome (Ctrl + Shift + C in Firefox and Chrome):

 

And paste the following code in this area:

Note: as shown in the screenshot above you may need to type in “allow pasting” (without quotes) to be able to paste code into the dev tools console.

Code:

try { let requiredScopes } catch (e) { console.log("variable already declared") console.log(e) } if (typeof requiredScopes === 'undefined') { console.log("defining scopes") requiredScopes = [ "spark:all", "spark-admin:call_memberships_read", "spark-admin:calls_read", "spark-admin:licenses_read", "spark-admin:organizations_read", "spark-admin:people_read", "spark-admin:people_write", "spark-admin:resource_group_memberships_read", "spark-admin:resource_group_memberships_write", "spark-admin:resource_groups_read", "spark-admin:roles_read", "spark-admin:call_qualities_read", "spark-compliance:events_read", "spark-compliance:memberships_read", "spark-compliance:memberships_write", "spark-compliance:messages_read", "spark-compliance:messages_write", "spark-compliance:rooms_read", "spark-compliance:team_memberships_read", "spark-compliance:team_memberships_write", "spark-compliance:teams_read", "meeting:admin_schedule_read", "meeting:admin_schedule_write", "meeting:participants_write", "meeting:admin_participants_read", "meeting:controls_read", "meeting:controls_write", "meeting:admin_preferences_write", "spark-compliance:meetings_write", "spark-compliance:meetings_read", "spark-admin:calls_write" ] } for (scope of requiredScopes) { let validScope = scope.replace(":", "\\:") try { element = document.querySelector(`input[id*=${validScope}]`) if (!element.checked) { console.log(`Clicking ${validScope}`) element.click() } } catch (e) { console.log(`couldn't find element ${scope}`) console.log(e) } }

Code that also includes Meetings:

try { let requiredScopes } catch (e) { console.log("variable already declared") console.log(e) } if (typeof requiredScopes === 'undefined') { console.log("defining scopes") requiredScopes = [ "spark:all", "spark-admin:call_memberships_read", "spark-admin:calls_read", "spark-admin:licenses_read", "spark-admin:organizations_read", "spark-admin:people_read", "spark-admin:people_write", "spark-admin:resource_group_memberships_read", "spark-admin:resource_group_memberships_write", "spark-admin:resource_groups_read", "spark-admin:roles_read", "spark-admin:call_qualities_read", "spark-compliance:events_read", "spark-compliance:memberships_read", "spark-compliance:memberships_write", "spark-compliance:messages_read", "spark-compliance:messages_write", "spark-compliance:rooms_read", "spark-compliance:team_memberships_read", "spark-compliance:team_memberships_write", "spark-compliance:teams_read", "meeting:admin_schedule_read", "meeting:admin_schedule_write", "meeting:participants_write", "meeting:admin_participants_read", "meeting:controls_read", "meeting:controls_write", "meeting:admin_preferences_write", "spark-compliance:meetings_write", "spark-compliance:meetings_read", "spark-admin:calls_write", "meeting:recordings_read", "meeting:admin_recordings_read" ] } for (scope of requiredScopes) { let validScope = scope.replace(":", "\\:") try { element = document.querySelector(`input[id*=${validScope}]`) if (!element.checked) { console.log(`Clicking ${validScope}`) element.click() } } catch (e) { console.log(`couldn't find element ${scope}`) console.log(e) } }

 

 

Register the Webex App in the Admin Portal

On the Webex App page, you received settings that you will need to configure in the Admin Portal: Client ID, Client Secret, Integration ID.

  1. Copy all the text in OAuth Authorization URL field (black box):


    (can be easily done by 3 left clicks on the black box text to select all the URL and Ctrl+C to copy)


  2. Paste it into a new tab of Chrome (recommends to use incognito) in the address line and press Enter:

  3. Accept the required permissions:



    You will be redirected to the Admin Portal Webex App Configuration page ([adminPortalURL]/account/webexauth):

  4. Enter the settings from Webex App: Client ID, Client Secret, Integration ID
    In External Portal Web API URL enter your AP external URL, like https://env29.agatcloud.com

    Note that here it comes without any suffix, just the site base URL.
    After clicking the Save button, the Admin Portal will try to connect to the configured Webex App and if it succeeds you will see the following page: 

Now the Webex App is configured and you can review the settings in the Cloud Services Integration settings page:

Webex Teams alone



 

You could do Both Webex, if you already selected all the needed scopes:

https://agatsoftware.atlassian.net/wiki/spaces/SFTKB/pages/2825420801

 





Reconfiguring Existing Environment

When the compliance user must be updated perform the following steps:


  1. Login to https://developer.webex.com and go to your application here: https://developer.webex.com/my-apps

  2. (skip this step) Click on Regenerate the client secret




  3. Run the following if you have access to the database:

    1. Backup your settings by running : select * INTO SettingsBackup from settings where name like '%webex%' 

    2. Run this on the database:             update settings set value ='' where name in ('CasbWebexAccessToken','CasbWebexClientId','CasbWebexClientSecret','CasbWebexIntegrationId','CasbWebexRefreshToken')

  4. If you don't have access to the database (when solution is hosted) please contact support@agatsoftware.com for help.

  5. Go to step 2 in this guide under Register the Webex App in the Admin Portal and complete the steps



The steps for reconfiguring are best suited for when you need to update something for an existing environment, such as when the integration scopes have any changes. If you’re looking to switch an existing environment to use different Webex org and Azure tenant then it’s better to use a different database or clear the existing one and set it up again.