Cisco Unified Communications Manager Administration Guide, Release 6.1(1)
Application User Configuration
Downloads: This chapterpdf (PDF - 459.0KB) The complete bookPDF (PDF - 17.26MB) | Feedback

Application User Configuration

Table Of Contents

Application User Configuration

Finding an Application User

Configuring an Application User

Creating a Cisco Unity or Cisco Unity Connection Voice Mailbox

Application User Configuration Settings

Changing an Application User Password

Managing Application User Credential Information

Credential Settings and Fields

Associating Devices to an Application User

Deleting an Application User

Related Topics


Application User Configuration


The Application User Configuration window in Cisco Unified Communications Manager Administration allows the administrator to add, search, display, and maintain information about Cisco Unified Communications Manager application users.

The following topics contain information on managing application user information:

Finding an Application User

Configuring an Application User

Creating a Cisco Unity or Cisco Unity Connection Voice Mailbox

Application User Configuration Settings

Changing an Application User Password

Managing Application User Credential Information

Credential Settings and Fields

Associating Devices to an Application User

Deleting an Application User

Application Users and End Users, Cisco Unified Communications Manager System Guide

Managing Application User and End User Configuration Checklist, Cisco Unified Communications Manager System Guide

Additional Information

See the "Related Topics" section.

Finding an Application User

Cisco Unified Communications Manager lets you find application user information on the basis of specific criteria. Use the following procedure to find application user information.


Note During your work in a browser session, Cisco Unified Communications Manager Administration retains your search preferences. If you navigate to other menu items and return to this menu item, Cisco Unified Communications Manager Administration retains your search preferences until you modify your search or close the browser.


Procedure


Step 1 Choose User Management > Application User.

The Find and List Application Users window displays. Records from an active (prior) query may also display in the window.

Step 2 To find all records in the database, ensure the dialog box is empty; go to Step 3.

To filter or search records

From the first drop-down list box, select a search parameter.

From the second drop-down list box, select a search pattern.

Specify the appropriate search text, if applicable.


Note To add additional search criteria, click the + button. When you add criteria, the system searches for a record that matches all criteria that you specify. To remove criteria, click the - button to remove the last added criterion or click the Clear Filter button to remove all added search criteria.


Step 3 Click Find.

All or matching records display. You can change the number of items that display on each page by choosing a different value from the Rows per Page drop-down list box.


Note You can delete multiple records from the database by checking the check boxes next to the appropriate record and clicking Delete Selected. You can delete all configurable records for this selection by clicking Select All and then clicking Delete Selected.


Step 4 From the list of records that display, click the link for the record that you want to view.


Note To reverse the sort order, click the up or down arrow, if available, in the list header.


The window displays the item that you choose.


Additional Information

See the "Related Topics" section.

Configuring an Application User

Use the following procedure to configure a new application user. Installation provides a set of default application users for Cisco Unified Communications Manager.


Note If you are adding an administrator account for Cisco Unity or Cisco Unity Connection, you must use the same user name and password that you defined in Cisco Unity and Cisco Unity Connection Administration.The user ID provides authentication between Cisco Unity or Cisco Unity Connection and Cisco Unified Communications Manager Administration.Refer to the applicable Cisco Unified Communications Manager Integration Guide for Cisco Unity or Cisco Unity Connection.

You can configure a Cisco Unified Communications Manager Administrationapplication user as a Cisco Unity or Cisco Unity Connection user by using the Create a Cisco Unity Application User option in the Application User Configuration window. You can then configure any additional settings in Cisco Unity or Cisco Unity Connection Administration.


Procedure


Step 1 Choose User Management > Application User.

The Find and List Application Users window displays. Use the two drop-down list boxes to search for an application user.

Step 2 Click Add New.

The Application User Configuration window displays.

Step 3 Enter the appropriate settings as described in Table 105-1.

Step 4 When you have completed the user information, save your changes and add the user by clicking Save.

Step 5 To show the user privilege report for this application user, from the Related Links drop-down list box, choose User Privilege Report and click Go.

The User Privilege window displays for this application user. Refer to the "Viewing User Roles, User Groups, and Permissions" section on page 108-7 for details of the user privilege report.

After you display the user privilege report for this application user, you can return to the Application User Configuration window for this application user. From the Related Links drop-down list box in the User Privilege window, choose Back to Application User and click Go.


Next Steps

If you want to associate devices with this application user, continue with the "Associating Devices to an Application User" procedure.

To manage credentials for this application user, continue with the "Managing Application User Credential Information" procedure.

To create a Cisco Unity or Cisco Unity Connection Voice Mailbox for this user in Cisco Unified Communications Manager Administration, continue with the procedure in "Creating a Cisco Unity or Cisco Unity Connection Voice Mailbox" section.

Additional Information

See the "Related Topics" section.

Creating a Cisco Unity or Cisco Unity Connection Voice Mailbox

The "Create Cisco Unity Application User" link on the End User Configuration window allows you to create individual Cisco Unity or Cisco Unity Connection voice mailboxes in Cisco Unified Communications Manager Administration.


Note The "Create Cisco Unity User" link displays only if the Cisco Unity administrator installed and configured the appropriate software. Refer to the applicable Cisco Unified Communications Manager Integration Guide for Cisco Unity or the applicable Cisco Unified Communications Manager SCCP Integration Guide for Cisco Unity Connection.


Before You Begin

You must configure Cisco Unified Communications Manager for voice messaging. Refer to "Cisco Unity and Cisco Unity Connection Configuration Checklist" in the Cisco Unified Communications Manager System Guide.

You must configure the Cisco Unity or Cisco Unity Connection server to use the integrated mailbox feature. Refer to the applicable Cisco Unified Communications Manager Integration Guide for Cisco Unity or Cisco Unified Communications Manager Integration Guide for Cisco Unity Connection

Ensure Cisco Unity Cisco Unified Communications Manager Integrated Voice Mailbox Configuration is enabled on the Cisco Unity or Cisco Unity Connection server.

Ensure that you have defined an appropriate template and class of service (COS) for any voice mail users that you plan to add in Cisco Unified Communications Manager Administration. For Connection users, refer to the applicable User Moves, Adds, and Changes Guide for Cisco Unity Connection. For Unity users, refer to the Cisco Unity System Administration Guide.

Procedure


Step 1 Find the application user, as described in "Finding an Application User" section.

Step 2 From the Related Links drop-down list box, in the upper, right corner of the window, choose the "Create Cisco Unity Application User" link and click Go.

The Add Cisco Unity User dialog box displays.

Step 3 From the Application Server drop-down list box, choose the Cisco Unity or Cisco Unity Connection server on which you want to create a Cisco Unity or Cisco Unity Connection user and click Next.

Step 4 From the Subscriber Template drop-down list box, choose the subscriber template that you want to use.

Step 5 Click Save.

The Cisco Unity mailbox gets created. The link in Related Links changes to "Edit Cisco Unity User" in the Application User Configuration window. You can now view the user that you created in Cisco Unity Administration or Cisco Unity Connection Administration.



Note When the Cisco Unity or Cisco Unity Connection user is integrated with the Cisco Unified Communications Manager Application User, you cannot edit fields such as Alias (User ID in Cisco Unified Communications Manager Administration); First Name; Last Name; Extension (Primary Extension in Cisco Unified Communications Manager Administration), and so on, in Cisco Unity Administration or Cisco Unity Connection Administration. You can only update these fields in Cisco Unified Communications Manager Administration.



Note Cisco Unity and Cisco Unity Connection monitor the synchronization of data from Cisco Unified Communications Manager. You can configure the sync time in Cisco Unity Administration or Cisco Unity Connection Administration at the Tools menu. For Cisco Unity Connection, refer to the User Moves, Adds, and Changes Guide for Cisco Unity Connection for more information. For Cisco Unity, refer to the Cisco Unity System Administration Guide.


Additional Information

See the "Related Topics" section.

Application User Configuration Settings

Table 105-1 describes the application user configuration settings. For related procedures, see the "Related Topics" section.

Table 105-1 Application User Configuration Settings 

Field
Description
Application User Information

User ID

Enter a unique application user identification name. Cisco Unified Communications Manager 5.0 and subsequent releases permit modifying an existing user ID (provided synchronization with the LDAP server is not enabled). You may use the following special characters: dash (-), underscore (_), "", and blank spaces.

Password

Enter alphanumeric or special characters for the application user password. You must enter at least the minimum number of characters that are specified in the assigned credential policy.

Confirm Password

Enter the user password again.

Digest Credentials

Enter a string of alphanumeric characters. Cisco Unified Communications Manager uses the digest credentials that you specify here to validate the SIP user agent response during a challenge to the SIP trunk.

For information on digest authentication, refer to the Cisco Unified Communications Manager Security Guide.

Confirm Digest Credentials

To confirm that you entered the digest credentials correctly, enter the credentials in this field.

Edit Credential

The Edit Credential button displays after you add this user to the database.

Click this button to manage credential information for this user. See Managing Application User Credential Information.

Presence Group

Configure this field with the Presence feature.

Note If you are not using this application user with presence, leave the default (None) setting for presence group.

From the drop-down list box, choose a Presence group for the application user. The group selected specifies the destinations that the application user, such as IPMASysUser, can monitor.

The Standard Presence group gets configured at installation. Presence groups configured in Cisco Unified Communications Manager Administration also appear in the drop-down list box.

Presence authorization works with presence groups to allow or block presence requests between groups. Refer to the "Presence" chapter in the Cisco Unified Communications Manager Features and Services Guide for information about configuring permissions between groups.

Accept Presence Subscription

Configure this field with the Presence feature for presence authorization.

If you enabled application-level authorization in the SIP Trunk Security Profile Configuration applied to the trunk, Cisco Unified Communications Manager performs application-level authorization.

Check this check box to authorize Cisco Unified Communications Manager to accept presence requests that come from this SIP trunk application user.

If you check this check box in the Application User Configuration window and do not check the Enable Application Level Authorization check box in the SIP Trunk Security Profile Configuration applied to the trunk, Cisco Unified Communications Manager sends a 403 error message to the SIP user agent that is connected to the trunk.

For more information on authorization, refer to the Cisco Unified Communications Manager Security Guide.

Accept Out-of-Dialog REFER

If you enabled application-level authorization in the SIP Trunk Security Profile Configuration applied to the trunk, Cisco Unified Communications Manager performs application-level authorization.

Check this check box to authorize Cisco Unified Communications Manager to accept Out-of-Dialog REFER requests that come from this SIP trunk application user. For example, to use SIP-initiated transfer features and other advanced transfer-related features, you must authorize Cisco Unified Communications Manager to accept incoming Out-of-Dialog REFER requests for this application user.

If you check this check box in the Application User Configuration window and do not check the Enable Application Level Authorization check box in the SIP Trunk Security Profile Configuration applied to the trunk, Cisco Unified Communications Manager sends a 403 error message to the SIP user agent that is connected to the trunk.

For more information on authorization, refer to the Cisco Unified Communications Manager Security Guide.

Accept Unsolicited Notification

If you enabled application-level authorization in the SIP Trunk Security Profile Configuration applied to the trunk, Cisco Unified Communications Manager performs application-level authorization.

Check this check box to authorize Cisco Unified Communications Manager to accept unsolicited notifications that come from this SIP trunk application user. For example, to provide MWI support, you must authorize Cisco Unified Communications Manager to accept incoming unsolicited notifications for this application user.

If you check this check box in the Application User Configuration window and do not check the Enable Application Level Authorization check box in the SIP Trunk Security Profile Configuration applied to the trunk, Cisco Unified Communications Manager sends a 403 error message to the SIP user agent that is connected to the trunk.

For more information on authorization, refer to the Cisco Unified Communications Manager Security Guide.

Accept Replaces Header

If you enabled application-level authorization in the SIP Trunk Security Profile Configuration applied to the trunk, Cisco Unified Communications Manager performs application-level authorization.

Check this check box to authorize Cisco Unified Communications Manager to accept header replacements in messages from this SIP trunk application user. For example, to transfer an external call on a SIP trunk to an external device or party, as in attended transfer, you must authorize Cisco Unified Communications Manager to accept SIP requests with replaces header in REFERS and INVITES for this application user.

If you check this check box in the Application User Configuration window and do not check the Enable Application Level Authorization check box in the SIP Trunk Security Profile Configuration applied to the trunk, Cisco Unified Communications Manager sends a 403 error message to the SIP user agent that is connected to the trunk.

For more information on authorization, refer to the Cisco Unified Communications Manager Security Guide.

Device Information

Available Devices

This list box displays the devices that are available for association with this application user.

To associate a device with this application user, select the device and click the Down arrow below this list box.

If the device that you want to associate with this application user does not display in this pane, click one of these buttons to search for other devices:

Find more Phones—Click this button to find more phones to associate with this application user. The Find and List Phones window displays to enable a phone search.

Find more Route Points—Click this button to find more route points to associate with this application user. The Find and List CTI Route Points window displays to enable a CTI route point search.

Find more Pilot Points—Click this button to find more pilot points to associate with this application user. The Find and List Pilot Points window displays to enable a pilot point search.

Controlled Devices

This field lists the devices that are associated with the application user. To remove a device, select the device name and click the Up arrow above this list box. To add a device, select a device in the Available Devices list box and click the Down arrow.

CAPF Information

Associated CAPF Profiles

This pane displays the Instance ID from the CAPF Profile that you configured for this user. To view or update the profile, double-click the Instance ID or click the Instance ID to highlight it; then, click View Details. The Application User CAPF Profile Configuration window displays with the current settings.

For information on how to configure the Application User CAPF Profile, refer to the Cisco Unified Communications Manager Security Guide.

Permissions Information

Groups

This list box displays after an application user record has been saved. The list box displays the groups to which the application user belongs.

To add the user to one or more user groups, click the Add to User Group button. The Find and List User Groups window opens as a separate window. Locate the groups to which you want to add the user, click in the check boxes beside those groups, and click Add Selected at the bottom of the window. The Find and List User Groups window closes, and the Application User Configuration window displays, now showing the selected groups in the Groups list box.

To remove the user from a group, highlight the group in the Groups list box and click the Remove from User Group button.

To view or update a group, double-click the group name or click the group name to highlight it; then, click View Details. The User Group Configuration window displays with the current settings.

For more information on finding and configuring user groups, see the "User Group Configuration" section on page 108-1.

Roles

This list box displays after an application user has been added, the Groups list box has been populated, and the user record saved. The list box displays the roles that are assigned to the application user.

To view or update a role, double-click the role name or click the role name to highlight it; then, click View Details. The Role Configuration window displays with the current settings.

For more information on configuring roles, see the "Role Configuration" section on page 107-1.


Changing an Application User Password

Use the following procedure to change an application user password.

Procedure


Step 1 Use the procedure in the "Finding an Application User" section to find the application user whose password you want to change.

The Application User Configuration window displays with information about the chosen application user.

Step 2 In the Password field, double-click the existing password, which is encrypted, and enter the new password.

Step 3 In the Confirm Password field, double-click the existing, encrypted password and enter the new password again.

Step 4 Click Save.


Additional Information

See the "Related Topics" section.

Managing Application User Credential Information

Use the following procedure to change or view credential information, such as the associated authentication rules, the associated credential policy, or the time of last password change for an application user. You can edit user credentials only after the user exists in the database.

You cannot save settings in the user Credential Configuration window that conflict with the assigned credential policy. For example, if the policy has the Never Expires check box checked, you cannot uncheck and save the Does Not Expire check box in the user Credential Configuration window. You can, however, set a different credential expiration for the user, including Does Not Expire, if the Never Expires policy setting is not checked; the user setting overrides the policy setting.

You cannot change settings in the user Credential Configuration window that conflict with other settings in the user Credential Configuration window. For example, if the User Cannot Change box is checked, you cannot check the User Must Change at Next Login check box.

The Credential Configuration window provides approximate event times; the system updates the form at the next authentication query or event.

Before You Begin

Create the application user in the database. See "Configuring an Application User" section.

Procedure


Step 1 Use the procedure in the "Finding an Application User" section to find the application user configuration.

The Application User Configuration window displays the configuration information.

Step 2 To change or view password information, click the Edit Credential button next to the Password field. The user Credential Configuration window displays.

Step 3 View the credential data for the user or enter the appropriate settings, as described in Table 105-2.

Step 4 If you have changed any settings, click Save.


Additional Information

See the "Related Topics" section.

Credential Settings and Fields

Table 105-2 describes credential settings for application users and end users. These settings do not apply to application user or end user digest credentials. For related procedures, see the "Related Topics" section.

Table 105-2 Application User and End User Credential Settings and Fields 

Field
Description

Locked By Administrator

Check this check box to lock this account and block access for this user.

Uncheck this check box to unlock the account and allow access for this user.

Use this check box when the credential policy specifies that an Administrator Must Unlock this account type after an account lockout.

User Cannot Change

Check this check box to block this user from changing this credential. Use this option for group accounts.

You cannot check this check box when User Must Change at Next Login check box is checked.

User Must Change at Next Login

Check this check box to require the user to change this credential at next login. Use this option after you assign a temporary credential.

You cannot check this check box when User Cannot Change check box is checked.

Does Not Expire

Check this check box to block the system from prompting the user to change this credential. You can use this option for low-security users or group accounts.

If checked, the user can still change this credential at any time. When the check box is unchecked, the expiration setting in the associated credential policy applies.

You cannot uncheck this check box if the policy setting specifies Does Not Expire.

Reset Hack Count

Check this check box to reset the hack count for this user and clear the Time Locked Due to Failed Login Attempts field.

The hack count increments whenever authentication fails for an incorrect credential.

If the policy specifies No Limit for Failed Logons, the hack count always specifies 0.

Authentication Rule

Select the credential policy to apply to this user credential.

Time Last Changed

This field displays the date and time of the most recent credential change for this user.

Failed Logon Attempts

This field displays the number of failed logon attempts since the last successful logon, since the administrator reset the hack count for this user credential, or since the reset failed login attempts time expired.

Time of Last Field Logon Attempt

This field displays the date and time for the most recent failed logon attempt for this user credential.

Time Locked by Administrator

This field displays the date and time that the administrator locked this user account. This field goes blank after the administrator unlocks the credential.

Time Locked Due to Failed Logon Attempts

This field displays the date and time that the system last locked this user account due to failed logon attempts. Time of hack lockout gets set whenever failed logon attempts exceed the configured threshold in the applied credential policy.


Associating Devices to an Application User

You can associate devices over which application users will have control. Application users can control some devices, such as phones. Applications that are identified as users can control other devices, such as CTI ports. When application users have control of a phone, they can control certain settings for that phone, such as speed dial and call forwarding.

Before You Begin

To assign devices to an application user, you must access the Application User Configuration window for that user. See the "Finding an Application User" section for information on finding existing application users. When the Application User Configuration window displays, perform the following procedure to assign devices.

Procedure


Step 1 In the Available Devices list box, choose a device that you want to associate with the application user and click the Down arrow below the list box. The selected device moves to the applicationuser.controlledDevices list box.

Step 2 To limit the list of available devices, click the Find more Phones, Find more Route Points, or Find more Pilot Points button:

If you click the Find more Phones button, the Find and List Phones window displays. Perform a search to find the phones to associate with this application user.

If you click the Find more Route Points button, the Find and List CTI Route Points window displays. Perform a search to find the CTI route points to associate with this application user.

If you click the Find more Pilot Points button, the Find and List Pilot Points window displays. Perform a search to find the pilot points to associate with this application user.

Step 3 Repeat the preceding steps for each device that you want to assign to the application user.

Step 4 When you complete the assignment, click Save to assign the devices to the application user.


Additional Information

See the "Related Topics" section.

Deleting an Application User

To delete an application user by using Cisco Unified Communications Manager Administration, perform the following procedure.

Before You Begin

Before deleting the application user, determine whether the devices or profiles that are associated with the end user need to be removed or deleted.

You can view the profiles and permissions that are assigned to the application user from the CAPF Information and Permissions Information areas of the Application User Configuration window. You can also choose Dependency Records from the Related Links drop-down list box in the Application User Configuration window. If the dependency records are not enabled for the system, the dependency records summary window displays a message. For more information about dependency records, see the "Accessing Dependency Records" section on page A-2.

Procedure


Step 1 Choose User Management > Application User.

The Find and List Users window displays.

Step 2 To locate a specific end user, enter search criteria and click Find.

A list of application users that match the search criteria displays.

Step 3 Perform one of the following actions:

Check the check boxes next to the users that you want to delete and click Delete Selected.

Delete all the users in the window by clicking Select All and clicking Delete Selected.

Choose the user ID of the user that you want to delete from the list to display its current settings and click Delete.

A confirmation dialog displays.

Step 4 Click OK.


Next Steps

If this user is configured in Cisco Unity or Cisco Unity Connection, the user association to Cisco Unified Communications Manager is broken when you delete the user in Cisco Unified Communications Manager Administration. You can delete the orphaned user in Cisco Unity or Cisco Unity Connection Administration. See the applicable User Moves, Adds, and Changes Guide for Cisco Unity Connection for more information. See the applicable Cisco Unity System Administration Guide for more Cisco Unity information.

Additional Information

See the "Related Topics" section.

Related Topics

Finding an End User, page 106-1

Configuring an End User, page 106-3

Creating a Cisco Unity or Cisco Unity Connection Voice Mailbox, page 106-4

End User Configuration Settings, page 106-5

Changing an End User Password, page 106-12

Changing an End User PIN, page 106-12

Managing End User Credential Information, page 106-13

Credential Settings and Fields, page 106-13

Configuring User-Related Information for End Users, page 106-15

Associating Devices to an End User, page 106-16

Associating Cisco Extension Mobility Profiles, page 106-18

Deleting an End User, page 106-18

Finding an Application User

Configuring an Application User

Creating a Cisco Unity or Cisco Unity Connection Voice Mailbox

Application User Configuration Settings

Changing an Application User Password

Managing Application User Credential Information

Credential Settings and Fields

Associating Devices to an Application User

Deleting an Application User

LDAP System Configuration, page 14-1

Role Configuration, page 107-1

User Group Configuration, page 108-1

Viewing User Roles, User Groups, and Permissions, page 108-7

Directory Number Configuration, page 57-1

CTI Route Point Configuration, page 79-1

Cisco Unified IP Phone Configuration, page 82-1

Credential Policy Configuration, page 104-1

Credential Policy Default Configuration, page 103-1

Credential Policy, Cisco Unified Communications Manager System Guide

Managing Application User and End User Configuration Checklist, Cisco Unified Communications Manager System Guide

Application Users and End Users, Cisco Unified Communications Manager System Guide

Cisco Extension Mobility, Cisco Unified Communications Manager Features and Services Guide

Device Association, Cisco Unified Communications Manager System Guide

Associating a User Device Profile to a User, Cisco Unified Communications Manager Features and Services Guide

Cisco Unified Communications Manager Assistant With Proxy Line Support, Cisco Unified Communications Manager Features and Services Guide

Cisco Unified Communications Manager Assistant With Shared Line Support, Cisco Unified Communications Manager Features and Services Guide

Cisco Unity Messaging Integration, Cisco Unified Communications Manager System Guide

Presence, Cisco Unified Communications Manager Features and Services Guide

Related Documentation

Cisco Unified Communications Manager Security Guide

User Moves, Adds, and Changes Guide for Cisco Unity Connection

Cisco Unity System Administration Guide