SphereShield for Webex Real-Time - Customer Requirements

Owned by Support Admin
Last updated: Apr 03, 2024
4 min read

Introduction

This guide explains the steps needed by a customer that would like to use SphereShield Real-time DLP or Ethical wall based on a SaaS proxy environment delivered by AGAT

 

At a high level, the process includes the following steps:

  1. Give consent to an Azure app to allow an admin to sign into the portal

  2. Install Configure certificate in your clients

  3. Configure and deploy PAC file

  4. Create Webex integration

 

For FAQ, go here Webex deployment FAQ

Details

Consent sign in Azure app

  1. Register to AGAT Azure application, this is required for signing-in to the Admin Portal with your Microsoft credentials How to configure the SphereShield Azure App for Sign in and groups?

Install Configure certificate in your clients.

  1. Download and install AGAT Root CA on Webex client’s machines How to install client certificate - Trusted Root CA for Teams / Webex Proxy

Configure and deploy PAC file

  1. Prepare a PAC file following below “Webex PAC” to redirect Webex traffic to the AGAT proxy. The server and port will be provided by AGAT. Plan the deployment of the PAC file to all Webex clients

function FindProxyForURL(url, host) {

if (shExpMatch(host, "*.infra.webex.com")) return "DIRECT"; if (shExpMatch(host, "*0.webex.com") || shExpMatch(host, "*1.webex.com") || shExpMatch(host, "*2.webex.com") || shExpMatch(host, "*3.webex.com") || shExpMatch(host, "*4.webex.com") || shExpMatch(host, "*5.webex.com") || shExpMatch(host, "*6.webex.com") || shExpMatch(host, "*7.webex.com") || shExpMatch(host, "*8.webex.com") || shExpMatch(host, "*9.webex.com")) return "DIRECT"; var proxylist = new Array( "*.ciscospark.com*", "*.ciscowebex.com*", "*.wbx2.com*", "*.webex.com*", "*.webexconnect.com*", "*.ciscosparkcontent.com*", "*.ord1.clouddrive.com*", "*.dfw1.clouddrive.com*", "*.iad3.clouddrive.com*", "*.rackcdn.com*", "*.huron-dev.com*", "*.giphy.com*", "*.a1.ciscospark.com*", "*.a6.ciscospark.com*", "*.a7.ciscospark.com*", "*.b1.ciscospark.com*", "*.b2.ciscospark.com*", "*.d1.ciscospark.com*", "*.e1.ciscospark.com*", "*.f1.ciscospark.com*", "*.g1.ciscospark.com*", "*.h1.ciscospark.com*", "*.i1.ciscospark.com*", "*.j1.ciscospark.com*", "*.k1.ciscospark.com*", "*.l1.ciscospark.com*", "*.m1.ciscospark.com*", "*.n1.ciscospark.com*" ); // Return our proxy name for matched domains/hosts for(var i=0; i<proxylist.length; i++) { var value = proxylist[i]; if ( shExpMatch(host, value) ) { return "PROXY server:port"; } } return "DIRECT";

}

Create Webex integration

This process needs to be done with a Compliance Officer and Full admin user

  1. Wait for AGAT to provide you with the link to your Admin Portal

  2. Login to http://developer.webex.com/

  3. Go to “Start Building Apps

  4. Choose Create an Integration

  5. Fill in these fields as follows. In the Redirect URL, enter the customer’s Admin Portal URL and add /account/webexauth

  6. Select the following scopes for Webex Teams:

  • spark:all

  • spark-admin:call_memberships_read

  • spark-admin:calls_read

  • spark-admin:licenses_read

  • spark-admin:organizations_read

  • spark-admin:people_read

  • spark-admin:people_write

  • spark-admin:resource_group_memberships_read

  • spark-admin:resource_group_memberships_write

  • spark-admin:resource_groups_read

  • spark-admin:roles_read

  • spark-admin:call_qualities_read

  • spark-compliance:events_read

  • spark-compliance:memberships_read

  • spark-compliance:memberships_write

  • spark-compliance:messages_read

  • spark-compliance:messages_write

  • spark-compliance:rooms_read

  • spark-compliance:team_memberships_read

  • spark-compliance:team_memberships_write

  • spark-compliance:teams_read

  • spark-compliance:meetings_read

  • spark-compliance:meetings_write

  • meeting:admin_schedule_read (for eDiscovery purpose to write meeting title)

  • meeting:admin_schedule_write (sending meeting invitee to make SphereShield Co Host in scheduled meeting)

  • meeting:participants_write (scope for being able to expel users from scheduled meeting)

  • meeting:admin_participants_read (scope needed to create “meetingParticipants” webhook)

  • meeting:controls_read (scope needed to be able to request meeting recording state)

  • meeting:controls_write (scope needed to be able to change meeting recording state)

  • meeting:admin_preferences_write(scoped needed to be able to make Compliance officer as CoHost in PMR meeting)

  • spark-admin:calls_write (might require escalation to Webex Support)

If you also want to use Webex Meetings add the scope:

  • meeting:recordings_read , meeting:admin_recordings_read

  1. Click Add Integration button

Add App to Admin Portal

  1. After clicking on Add integration you will be redirected to this page:

  2. Copy the URL in the OAuth Authorization URL and paste in a new tab, and after signing in you will go to this page:

  3. Click Accept and you will be redirected to the Portal Webex App Configuration page. Fill it out with the information from the page from section 1.

  4. Once in the success page, click on SphereShield Portal

  5. Contact support@agatsoftware.com to proceed with configuration