Cisco Webex and GroundControl

Created: Modified: Knowledge Base

Cisco’s Webex app for iOS supports integration with Imprivata GroundControl.

Sign out of Webex

GroundControl can sign out of an open Webex session at device check in.

GroundControl’s Check In Device Workflow action includes an action to sign out of Cisco Webex.

Since this integration uses x-callback-url instead of the more modern Universal Link, the iOS device will display two dialogs the first time the integration is used on a device. One dialog asks for permission to allow Locker to open Webex, and the other asks for permission to allow Webex to open Locker.

Streamlined Sign In to Webex

Customers can also streamline the Webex sign in process to skip the Realm Discovery part of the sign in sequence. Realm Discovery is common to many Cloud apps, where the app asks for the user to enter their email address before authentication. Based on the email address, Webex redirects the user to your organization’s Identity Provider (IdP).

Webex accepts a URL webexauth://login?user=<email address> which skips realm discovery.

Web Clip on the Device Home Screen

GroundControl can install a “web clip” on the device home screen at check out with this URL. Since the URL is slightly different for each user, GroundControl will customize the URL for each user at check out. This sign in method works with all MDMs.


GroundControl will install the dynamic web clip only when the device is connected to a Launchpad at the time of check out. The web clip will not be installed for over-the-air (username and password) check outs when the device has been unplugged from the Launchpad.

  1. In your Check Out Workflow, add the action Advanced > Add Dynamic Config Profile.
  2. Name the profile “Open Webex”.
  3. Paste the following code into the Profile XML box.
  4. The most important setting is an AppConfig key for Webex named “orgIdentifier”. This can be set to your organization ID, available in Webex’s Control Hub. When set, Webex skips realm discovery, saving a critical step during sign in.

  5. Edit the home screen layout for your devices to place the actual Webex app icon into a folder. We want to encourage users to tap on the web clip, not the actual app. When a user is already signed in, tapping the web clip will open Webex again, as desired, without restarting the sign in process. Unfortunately, it is not possible to specify a position for the web clip, due to Apple’s method of determining home screen layouts, but the position will be consistent.
  6. If needed, upload an app profile into your OneSign server specific to the Identity Provider used by Webex. If you use federated credential, you may already have a profile installed. TIP: You may customize the parameter “nm=” with the domain name of your Identity Provider for 1-tap password AutoFill.