The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco Prime Collaboration supports built-in static roles with predefined access control that enables you to perform different tasks.
In Cisco Prime Collaboration, you can create users and assign roles to the users. In Cisco Prime Collaboration-Standard, a user is assigned the Super Administrator role.
Cisco Prime Collaboration enables Role-based Access Control (RBAC) through these built-in static roles. Hence the tasks a user can perform, or the device or device groups a user can view or manage is controlled by the role allocated by the Super Administrator.
You can enforce further access control of selected devices or device groups, and tasks related to those by associating the devices or device groups to domains (if you have deployed Cisco Prime Collaboration in Enterprise mode). Typically, a user with Operator role, is granted access to certain domains only.
Cisco Prime Collaboration supports creation of users and assigning roles to the users. User roles are used to define the authorizations of tasks that users can access.
A user can be assigned one of the following roles:
Report Viewer—Views and accesses the reports only. Its landing page is CDR & CMR Reports. The global user interface components like Search, Device Status Summary, Alarms, and Get Advanced is not available for Report Viewer user role.
Help Desk—Views and accesses network status information only and cannot perform any action on a device or schedule a job that reaches the network.
Operator—Performs all Helpdesk tasks and tasks related to network data collection. Cannot perform any Inventory Management operations such as adding, discovering, or importing devices. Also, an Operator is unable to configure thresholds for Alarms and Events.
Network Administrator—Performs all Operator tasks and tasks that result in a network configuration change like credential management, threshold settings, and so on.
System Administrator—Performs user interface-related administration tasks such as backup and restore, maintaining log files, configuring users, and so on.
Super Administrator—Can perform tasks that system administrator can perform.
System Administrator is a preselected role that is assigned to every user in Cisco Prime Collaboration.
For Cisco Prime Collaboration Release 11.6 and later
The default user role selection is removed from Cisco Prime Collaboration.
If Report Viewer user role is selected, the system does not allow the user to choose any other roles and vice versa.
Cisco Prime Collaboration provides users with admin privileges to enable Single Sign-On (SSO) in Cisco Prime Collaboration using Security Assertion Markup Language (SAML).
Cisco Prime Collaboration does not support multiserver SAN certificates and end user SAML SSO.
Ensure that the following prerequisites are met before you enable SSO:
For the steps to setup an IdP server, see the SAML SSO Deployment Guide for Cisco Unified Communication Applications, Release 10.0(1).
To enable Single Sign-On:
Troubleshooting and Logs for SSO
Operations can be .. | Values can be .. | ||
1-To get the Single Sign-On status | Not applicable | ||
2-To get the recovery URL status | Not applicable | ||
3-To set the Single Sign-On status | False
|
||
4-To set the recovery URL status | True or False |
cpcmconfigsso.sh 3 false
Note | By default, the recovery URL is enabled. If you want to disable it for security reasons, set it as False. |
Cisco Prime Collaboration is preconfigured with a default web client administrator user called globaladmin; globaladmin is a superuser who can access Cisco Prime Collaboration user interfaces.
Specify a password for globaladmin when you configure your virtual appliance. You need to use these credentials when you launch the Cisco Prime Collaboration web client for the first time.
Cisco Prime Collaboration server supports the CLI user: admin.
You cannot create CLI users using the web client user interface. CLI users are created during OVA configuration. By default, the username is admin; the password is specified during OVA configuration and is used to log into the CLI to check the application status and perform backup and restore.
Caution | We recommend that you write down the root password as it cannot be retrieved. |
Note |
|
If you are logging in for the first time to the Cisco Prime Collaboration web client, log in as globaladmin.
Caution | You must not create a user with the name: globaladmin, pmadmin and admin. |
You can then check the /opt/emms/emsam/log/importedprovisioninguser.log file, by logging in as a root user, to find the users who were not imported into Cisco Prime Collaboration database due to several reasons such as duplicate usernames (usernames already used in Cisco Prime Collaboration), usernames with no passwords and so on.
Choose
. Click the Download Log button. Download the tar file and untar it. Check the /opt/emms/emsam/log/importedprovisioninguser.log file, to find the users who were not imported into Cisco Prime Collaboration database due to several reasons such as duplicate user names (user names already used in Cisco Prime Collaboration), user names with no passwords and so on.The Cisco Prime Collaboration applications do not share inventory database. You must manage the devices separately to perform the tasks. To perform device management tasks using the Cisco Prime Collaboration application, see Manage Device Credentials.
The wiki page lists the Cisco Prime Collaboration user roles and tasks they are mapped to.
Note | Super administrator has access to all of the user interface menus and can perform all the tasks. Hence, the super administrator is not listed . |
You can add a user and assign predefined static roles. The user has access to the Cisco Prime Collaboration web client only and cannot log in to the Cisco Prime Collaboration server through the CLI.
Step 1 | Choose . |
Step 2 | In the User Management page, click Add. |
Step 3 | In the
Add
User page, enter the required user details.
Note that because the LDAP server performs authentication, it should have the same user ID as Cisco Prime Collaboration. For more information, see Configure an LDAP Server. If you select the LDAP User option, the Password and Confirm Password fields are not displayed. |
Step 4 | Select the appropriate Cisco Prime Collaboration roles. |
Step 5 | Click
Save.
To edit user details, select a user at and make the necessary changes. For Cisco Prime Collaboration Release 11.6 and later To exclude Report Viewer user role from the assigned roles, you have to manually deselect the Report Viewer option and click Save. As part of your regular system administration tasks, you sometimes must delete users from the Cisco Prime Collaboration database. However, you cannot delete the Cisco Prime Collaboration web client default administrator globaladmin. To delete a user, select the user from and click Delete. Any jobs that are scheduled in the deleted user name continue to run until canceled. |
You can configure Cisco Prime Collaboration to connect to a Lightweight Directory Access Protocol (LDAP) server, to access user information stored in the LDAP server.
You must create an LDAP user from the User Management page to enable the user to log in using LDAP credentials. To add, edit or delete a user, see Add a User.
Cisco Prime Collaboration supports one primary LDAP server and one backup LDAP server.
Step 1 | Choose . | ||
Step 2 | In the LDAP Settings page,
enter values for all the fields. See
LDAP Configuration Parametersfor
the field descriptions.
| ||
Step 3 | Click Test Connection to check the connectivity to the LDAP server. | ||
Step 4 | Upon successful connection,
click
Apply Settings
and restart Cisco Prime Collaboration server to log in using LDAP.
To restart Cisco Prime Collaboration Server, log in as admin user and execute the following commands: application stop cpcm application start cpcm The application stop cpcm command takes 10 minutes to complete execution and application start cpcm takes 10 to 15 minutes to complete execution. |
For example, Consider Microsoft Active Directory.
Enter the Port number on which the LDAP requests for the server is received. Optionally enter the Backup LDAP server Port number.
|
|||
Admin Distinguished Name is the distinguished name to use. |
|||
Enter the password for the LDAP server authentication and reconfirm the password.
|
|||
Enter the user search base. LDAP server searches for users under this base.
|
Note | For a list of LDAP servers supported by Cisco Prime Collaboration 11.6, see Supported Devices for Prime Collaboration Assurance. |
As a super administrator, system administrator or network operator, you can reset the password for other Cisco Prime Collaboration users.
You can reset the Cisco Prime Collaboration web client globaladmin password using the following procedure.
To reset the Cisco Prime Collaboration globaladmin password:
Step 1 | Log in as a root user. |
Step 2 | Execute the following:
#cd /opt/emms/emsam/bin/ # ./resetGlobalAdminPassword.sh |
Step 3 | Enter a new password for the globaladmin when prompted, and also confirm the new password, when prompted. A message notifies that the globaladmin passwords has been successfully reset. |
To change your own password, go to , click Reset Password, and make the necessary changes.
This view displays the end-user information (such as the username, email-id, office phone, and mobile phone numbers) associated with Cisco Unified Communications Manager or TelePresence Management Suite (TMS) endpoints. Photograph and location details for the end user are displayed only if Cisco Prime Collaboration is integrated with LDAP and the username details matches with LDAP details.
Note | End-user information associated with TMS can be retrieved, only if 'TMS Provisioning Extension' component is installed on the TMS. |
Step 1 | From the global search drop-down, select User. You can also launch User 360 from Username column on Endpoint Diagnostics page. |
Step 2 | Enter * to list all the users. A string search can provide more specific results. For example, when you enter test, it lists all the users whose first name, last name, or username includes the string test. |
Step 3 | Click the User 360 View launch anchor against the username. |
Access the following tabs in this view:
Endpoints—Displays the managed endpoints associated with the end user. This endpoint includes,
Last Call Quality—Categorized as good, accepted, or poor; this field describes the call quality of the most recently ended call. Cross launches to -for endpoints registered to CUCM or Alarms page-for endpoints registered to TMS is available.
Calls (24 Hours)—Number of calls the endpoint was involved in the last 24 hours. This field has cross launches to the -for endpoints registered to Unified CM and All Summary Report-for endpoints registered to TMS.
Registration Status—Displays the registration status of the end user. For a registered end user whose call is in progress, a green icon with call in progress indicator is shown. A red icon for an unregistered end user and a gray icon if the status of the end user is unknown.
Service—Service of the most recently ended call. (Audio only or Audio and Video)
Endpoint Model—Displays the endpoint model. When you click, it cross-launches to Endpoint Diagnostics page.
Active —Displays the endpoints of the end user that are currently engaged in a call. The details of the device are tracked from Diagnostics. This Active includes,
Note | For endpoints registered with Unified CM, a sync for the new users happens automatically. But for endpoints registered with TMS, manual rediscovery of TMS is necessary to sync the details of the new users. |