Before I left Cisco, I was doing a rotation with an Advanced Services project to get a better understanding of the delivery aspect of the Contact Center ecosystem. In one of the customer calls, they mentioned the use of Okta as their Identity Provider and the need to use SSO for their UCCE environment. Immediately the TAC engineer thought "this is unsupported" based on the compatibility matrix and what my interactions had been but it got me thinking to what would be require especially since the 11.6 release had big claim that it was protocol based implementation.
Being someone who lives by the lab, I got to work.
I immediately spun up a dev account on Okta and some IdS servers, rooted boxes, tested configurations, and looked through plenty of logs.
Tl;dr - UCCE integration with Okta. CCEAdmin, Finesse, CUIC, and even ECE works, CCMP does not. UCCX uses the same backend, so it also works.
This was my last article to be written and published on Cisco.com but one of the most fun and interesting problems I had a chance to work on the side with. One of the biggest challenges was my Cisco lab had some interesting proxy settings that required some fine tuning and showing some BU folk that had attempted this but failed that this would actually work.
Note: This was a proof of concept article. This was tested for functionality and failover with a few agents but was not thoroughly vetted in pre-production or production environments.