Fields on the Active Directory tab configure the Active Directory server to authenticate reporting users as they log in to the Unified Intelligence Center Web application.
You must configure Active Directory for the Unified ICM/CC supervisors so that they can sign in as Unified Intelligence Center Reporting users.
Active Directory is not used to authenticate Administration Super Users. These Super Users can only be authenticated through the local database. The first Super User is added during installation. All other Super Users are added through the Admin User Management interface, and their credentials are encrypted into the local database.
To navigate to this page, choose Cluster Configuration > Reporting Configuration and select the Active Directory tab.
Table 1 Fields on this tab
Host Address and Port for Primary Active Directory Server
Provide the Host name or IP address and the port of the Primary Active Directory server.
The port defaults to 389.
Host Name and Port for Redundant Active Directory Server
Provide the Host name or IP address and the port of the Redundant Active Directory server.
The port defaults to 389.
Check these boxes if you want the connection from the Unified device to the Active Directory connection to be encrypted with SSL while doing authentication.
Manager Distinguished Name
Enter the Manager Distinguished Name used to login to the Active Directory server, for example, on a default installation of Microsoft AD: CN=Administrator, CN=users, DC=MYSERVER, DC=COM. Replace MYSERVER and COM with your respective hostname.
Enter the Active Directory manager password.
Confirm Manager Password
Confirm the Active Directory manager password.
User Search Base
Specify the user search base. For example, on a default installation of Microsoft AD, CN=users, DC=MYSERVER, DC=COM, replace MYSERVER and COM with your respective hostname.
This example assumes you placed the users in the USERS subtree of AD. If you created a new organizational unit within your subtree, then the syntax would be: OU=MYUSERS, DC=MYSERVER, DC=COM. Note that it is "OU=MYUSERS" instead of "CN=MYUSERS".
Attribute for User ID
Whenever a user logs in, Unified Intelligence Center searches for that user in the LDAP (Lightweight Directory Access Protocol) using the login attribute specified in the LDAP configuration. After the user is found, the full DNS of the user is extracted and used for authenticating the user.
The login attribute specified in the LDAP configuration will be the property against which LDAP search is issued to find the matching username. If you do not know which attribute to use, use sAMAccountName, which is the default Microsoft username attribute.
Different organizations settle on different LDAP attributes to identify the user name across the organization, depending on the tools used to administer LDAP within their organizations. This attribute allows you to customize the login depending on the attribute used. Even a custom attribute can be specified using this dialog.
sAMAccountName indicates the user attribute to search the user for is the userPrincipalName. sAMAccountName contains just the short user name. For example, jDoe for the user John Doe.
userPrincipalName indicates the user attribute to search the user for is the userPrincipalName. This attribute contains user name in the email format, in the form firstname.lastname@example.org. Therefore this entire string becomes the user name and not just user. Therefore when this attribute is selected this entire form of username has to be typed in as the username in the login box.
Custom User Attribute allows you to specify the attribute used for searching the user in LDAP.
Custom User attributes are not validated and are used as is. Ensure that the correct case and attribute name are used.
Contact your Active Directory Administrator for the correct attribute to use.
Users are stored in Unified Intelligence Center in the format <UserName Identifier>\<username>
The UserName Identifiers are used to identify the different kinds of users within CUIC. For example, local, LDAP, user-synced user, users from different LDAP domains and so on.
The username identifier has to be first declared for use in this page before it can be used. When LDAP is configured at least one identifier must be configured and set as default so that LDAP users can be identified in the system.
When userPrincipalName are used as the LDAP attribute for searching users in the domain, valid formats for username has to be supplied in the form of @company.com. Unlike sAMAccountName any identifier cannot be configured. Only existing identifiers as configured in the LDAP Active Directory userPrincipalName attribute should be configured here. Users are created as company\user.
UserSychronization brings in users in format <syncdomain>\username and collections will have users in the same format. It is therefore required that these users login to CUIC using the syncdomain\user syntax. To enable please add syncdomain or @syncdomain.com (if you are using userPrincipalName) to the list of valid identifiers.
The maximum allowed length of a UserName identifier is 128 characters.
set Default. (UserName Identifier)
Default identifiers allows users to login without typing the full domain identifier (<domain>\user) or the userPrincipalName suffixes to usernames (user <@company.com>) on the Login page.
It can be set by choosing one of the Identifiers from the list box and by clicking the Set Default button.
Users who need to use any other identifier can still login by typing their full identifier in the login box. For example, domain2\user or netbiosname\user, provided those identifiers have already been configured.
Test Connection button
Click to test the connection to the primary and secondary LDAP servers and display the connection status.
Save saves the configuration information you entered for the active directory. Clicking Save does not validate the configuration.
Refresh rolls back all changes since the last save and reloads the values set during the last save.
You cannot save LDAP configuration unless you choose a default Identifier from the UserName Identifiers list box and clicking the Set Default button.
The UserName Identifier list box is pre-populated with the UserName Identifiers after upgrade to 9.0 release from 8.x releases based on the list of user names stored in the Unified Intelligence Center database. The most frequently occurring identifier in the list of user name is auto-selected as the default.
Configure Active Directory with SSL
Perform the following steps if you want the connection from the CUIC to the Active Directory server to be encrypted with SSL while doing authentication.
Save the certificate in Base-64 encoded X.509 (CER) file format.
Log in to the Cisco Unified Operating System Administration UI.
From the Security menu, select Certificate Management.
Select the certificate name as tomcat-trust.
Click Browse to browse and select the certificate that you have generated from the AD server.
You can leave the Root Certificate field as blank. This is an optional field.
Click Upload File to upload the certificate.
Use the utils service restart Cisco Tomcat and the utils service restart Intelligence Center Reporting Service CLI commands to restart the Cisco Tomcat and Intelligence Center Reporting services respectively.
Configure email server to send scheduled reports
Use the Report Scheduler Email Settings tab to configure the email server used to email scheduled reports.
The actual schedules for reports (for example, schedule daily at 10AM) are defined and maintained from the Unified Intelligence Center web application. The report scheduler emails scheduled reports at the exact time they are scheduled.
To navigate to this page, choose Cluster Configuration > Reporting Configuration and select the Report Scheduler Email Settings tab.
Table 2 Fields on this tab
SMTP hostname/IP address
Enter the Hostname or IP address of the SMTP Server. Leave this field blank if you do not have an SMTP server.
From email address
Enter the email address that is to appear in the From field of emails sent by the Scheduler.
Use email proxy
Check this if you use a proxy server to reach your SMTP server.
The only supported proxy type is http.
Email proxy hostname
Enter the Hostname or IP address of the proxy server used to reach the SMTP server.
Email proxy port
Enter the port the Unified Intelligence Center will use to connect to the SMTP proxy server. This defaults to 80.
Use SMTP authentication
Check this if your SMTP server expects to receive username/password credentials.
If you check the Authenticate check box, enter the username that is to be authenticated.
If you check the Authenticate check box, enter the password that is to be authenticated.
Test Connection button
Click to test the connection. Unified Intelligence Center attempts to send an email to check for open connections. The connection status displays next to the button.
Save saves the configuration information you entered above for the active directory. Note that clicking Save does not validate the configuration. Use the Test Configured Connection button to test the connection.
Refresh undoes all changes since the last save and reloads the values set at the last save.
Unified CCE User Integration configuration
To navigate to this page, choose Cluster Configuration > UCCE User Integration.
The User Integration feature facilitates the automatic import of reporting supervisors who are added or modified in Unified ICM Configuration Manager and stored in the Unified ICM/CCE/CCH database.
Once integrated (imported), supervisors are added as users to the CUIC database and can sign into Unified IC with their User ID and Password. They are created as users in Unified Intelligence Center with the User Roles of Dashboard Designer and Report Designer and with the rights to view the collection(s) for their agent team(s).
When Unified CCE User Integration runs, data is retrieved from the Unified CCE Data Source and two stock Value Lists (Agents and Agent Teams) are updated.
You cannot run User Integration until you upload the license.
Schedule Unified CCE User Integration at off-peak hours and several hours after the database purge. By default, the purge runs at midnight (12:00:00 AM). Database tables are locked during the purge and are unlocked when the purge completes. If the Unified CCE User Integration runs at the same time as the purge, the user integration will fail.
Table 3 Fields on this tab:
Enable UCCE User Integration at...check box
Check this to:
Enable Unified CCE User Integration and to
Set the time and the day of week when it is to occur.
Click the arrows to the right of the Hour, Minute, and AM|PM fields to select the time of day you want the Unified CCE Integration synchronization to occur.
Day of the week fields
Select one, several, or all days that you want the Unified CCE User Integration synchronization to occur.
Last Run Status
Shows the status of the last synchronization. Shows PENDING if the that synchronization is still in progress.
Shows how long the synchronization process took.
Unified CCE Supervisors imported
Shows the number of new supervisors imported since the last import.
You can view supervisors on the User List in the Unified Intelligence Center Reporting Interface (Security drawer).
Supervisors are imported with their Active Directory credentials and can sign in to Unified Intelligence Center Reporting with those credentials.
Team Collections Updated
Shows a count of all teams updated. Teams are re-synchronized on each run.
Supervisors can view their Agents and Agent Teams collections in the Value List drawer in the Unified Intelligence Center Reporting interface.
Synchronize Now - click this to run the user integration immediately. If the scheduled integration is configured to run later in the day, this action runs the job now and still runs it at the scheduled time. Clicking this button changes its appearance to Cancel Active Synchronization. A message appears if another user is already running a synchronization. This button is disabled if you have not yet applied a license.
Save - Click to save your time and date settings.
Refresh - Click to refresh the page to see changes that others might have made.
The Unified CCE User Integration feature imports supervisors and their teams from Unified ICM/CCE from the Unified ICM Configuration Manager and database into Unified Intelligence Center.
Supervisors are automatically given Unified Intelligence Center user roles and can log in to Unified Intelligence Center to access collections for - and run reports for - their agent team(s).
You cannot run User Integration until you upload the license.
There are five tasks in the initial setup for Unified CCE User Integration. Some are performed in the Administration interface. Some are performed in the Reporting interface. As Super Users have access to both interfaces, it is efficient for a Super User to set up Unified CCE User Integration.
Enable Unified CCE User Integration in the Administration interface.
Complete the configuration of the Unified CCE Historical Data Source in the Data Sources drawer of the Reporting Interface.
Synchronize Users in the Administration Interface.
Validate Collections of Agents and Agent Teams in the Reporting Interface.
Set up a synchronization schedule in the Administration Interface.
Integrated Supervisors can sign in to Unified Intelligence Center Reporting (provided their Active Directory authentication has been configured.
Integrated Supervisors are added to the Unified Intelligence Center Reporting User List with the User Roles of Report Designer and Dashboard Designer.
The Unified Intelligence Center Value Lists page is updated with Agents and Agent Teams collections.
Integrated Supervisors can view their Agents and Agent Teams collections (Unified IC Reporting > Value Lists drawer).
Integrated Supervisors are granted permissions to Agents and Agent Teams collections only (Unified IC Reporting > Security drawer).
Once Unified CCE User Integration schedule is set up, Unified Intelligence Center is updated with changes to supervisors and their teams every time the synchronization updates.
To navigate to this page, choose Cluster Configuration > License Management.
Use the License Management tab to upload and retrieve your Unified Intelligence Center license. Once a license is uploaded, this tab displays information about the current license.
Unified Intelligence Center uses a centralized licensing model, where the license file is uploaded to the Controller through this interface and, based on License Type, is distributed to nodes in the cluster using database replication.
The license file is saved to the operating system, with its properties encrypted, as Cuic.lic.
If the member node is not online when the license file is replicated, Unified Intelligence Center passes the license information when the member starts up.
Table 4 Fields on this page:
Current License Type
The type of license - Standard, Premium, Lab, or Trial/Demo. See License Types.
Maximum number of devices in this cluster Servers
The number of servers the license allows. For most License Types, this shows 8.
For Demo License Types only, shows the date the license became active.
The date the license will expire. For most License Types, this shows Never expires. For Demo licenses, this shows the date 90 days later than the Start date.
For Lab License Types only, shows the maximum number of logged in users per device (5).
Upload license file (Browse) - If you have no license, click Browse and navigate to the local directory where your license (*.lic file) is stored.
Apply License - Click this to apply the license to all devices. A message displays indicating that the license file was uploaded successfully and will be distributed in the cluster in approximately one minute.
The databases are polled once a minute for changes. The license replication is not immediate but will occur within a minute.
Retrieve - Click this to open a dialog box where you can choose to open the license file to review it or to save it to your local drive. Saving the license provides you with a backup copy in the event that your original license is lost or corrupted.