Configure Cisco Webex for the Next Generation API Data Protection
Configure Cisco Webex for the Next Generation API Data Protection
To configure Cisco Webex for the Next Generation API Data Protection, you need to authorize Netskope as a web application client to access your Cisco Webex instance. Follow the instructions below.
There are two parts to this procedure:
-
Configure Cisco Webex user privileges
-
Configure Netskope to access your Cisco Webex account
To add the Netskope IP address range, you can follow this Cisco Webex article (Prevent people from sharing files outside your corporate network).
Configure Cisco Webex User Privileges
Use your Cisco Webex admin account to add user privileges and obtain the email address used in the Netskope app.
To configure Cisco Webex user privileges:
-
Log in to your Webex admin account, and on the left pane navigate to Management > Users.
-
On the Users tab, click an existing or a newly created user.
-
Under the Summary tab, scroll down to the Administrator roles and click the expansion arrow.
-
Under the Administrator roles, enable:
-
Organizational > Organization admin > Full admin
-
Functional > Compliance officer
-
-
Click Save.
Note down the email address and password for this user account. You will need this when you grant access to Netskope.
Configure Netskope to Access your Cisco Webex Account
To authorize Netskope to access your Cisco Webex instance, follow the steps below:
-
Log in to the Netskope tenant UI and go to Settings > Configure App Access > Next Gen > CASB API.
-
Under Apps, select Cisco Webex and click Setup CASB API Instance.
The Setup Instance window opens. -
Under Instance Name, enter the name of the SaaS app instance. This step is optional and if left blank, Netskope will determine the name of the app instance post grant.
-
Click Grant Access. You will be prompted to log in using your admin username and password that you created in the previous procedure, and then click Sign In. When the configuration results page opens, click Close.
Refresh your browser and you will see a green check icon next to the instance name.
Next, you can view the Next Generation API Data Protection Inventory page to get deep insights on various entities on your Cisco Webex account. For more information on the Inventory page, see Next Generation API Data Protection Inventory.
You can receive audit events and standard user behavior analytic alerts in Skope IT. To know more: Next Generation API Data Protection Skope IT Events.
Next, you should configure a Next Generation API Data Protection policy. To do so, see Next Generation API Data Protection Policy Wizard.
Important Points to Note
A few important notes on Next Generation API Data Protection for Cisco Webex.
Inventory
Group (team) will not be deleted. Due to the API limitation in Cisco Webex, Netskope cannot track group (team) deleted events. Due to this, the group (team) will continue to exist in inventory page. This does not impact the exposure calculation because Netskope uses user access to calculate exposure.
In an edge case, the file will not be deleted. When a user updates a chat message with a file, and then deletes the message with the file, the file object will continue to remain in the inventory page.
Monitoring Messages & Files Activities
The organization’s compliance officer can monitor all user activities within rooms that are part of the organization or if the room type is direct. However, if a room belongs to an external organization, the compliance officer can only view messages created by internal users. This is a limitation enforced by Cisco Webex APIs.
In-App Notification Gotchas
Netskope supports in-app notifications, but there is a limitation: sending messages to the granting user (user that granted access to Netskope) will fail. This issue affects both options for in-app notifications – Acting Users, Selected Users.