SIP OAuth Mode Overview
Secure registrations to Unified Communications Manager involves a process of updating CTL files, setting up a mutual certificate trust store and so on. If devices are switching between on-premises and off-premises, it is difficult to update LSCs and renew Certificate Authority Proxy Function (CAPF) enrolment each time when a secure registration is completed.
SIP OAuth mode allows you to use OAuth refresh tokens for all devices authentication in secure environments. This feature enhances the security of Unified Communications Manager.
Unified Communications Manager verifies the token presented by the endpoints and serves the configuration files only to authorized ones. OAuth token validation during SIP registration is completed when OAuth based authorization is enabled on Unified Communications Manager cluster and other Cisco devices.
OAuth support for SIP registrations is extended for
-
Cisco Jabber devices from Cisco Unified Communications Manager 12.5 release onwards
-
SIP Phones from Cisco Unified Communications ManagerRelease 14 onwards
Note |
By default, TFTP is secure for SIP phones when SIP OAuth is enabled. TFTP file download happens through secured channel, and only for authenticated phones. SIP OAuth provides end to end secure signaling and media encryption without CAPF on-premises as well as over MRA. |
The following are the Phone Security Profile Types that can be configured for OAuth.
-
Cisco Dual Mode For iPhone (TCT device)
-
Cisco Dual Mode For Android (BOT device)
-
Cisco Unified Client Service Framework (CSF device)
-
Cisco Jabber for Tablet (TAB device)
-
Universal Device Template
-
Cisco 8811
-
Cisco 8841
-
Cisco 8851
-
Cisco 8851NR
-
Cisco 8861
-
Cisco 7811
-
Cisco 7821
-
Cisco 7841
-
Cisco 7861
-
Cisco 8845
-
Cisco 8865
-
Cisco 8865NR
-
Cisco 7832
-
Cisco 8832
-
Cisco 8832NR