Information Assurance Features
This section describes the new Information Assurance features added as part of Cisco Unified Communications Manager Release 10.5(2).
Login Attempt Information
When you log in to web applications for Cisco Unified Communications Manager or IM and Presence Service, the main application window displays the last successful system login attempt and the last unsuccessful system login attempt for the current user along with the user ID, date, time, and IP address.
The following web applications display the login attempt information:
-
Cisco Unified Communications Manager:
-
Cisco Unified CM Administration
-
Cisco Unified Reporting
-
Cisco Unified Serviceability
-
-
IM and Presence Service
-
Cisco Unified CM IM and Presence Administration
-
Cisco Unified IM and Presence Reporting
-
Cisco Unified IM and Presence Serviceability
-
You can use the show logins unsuccessful CLI command to view login information for the Disaster Recovery System and Cisco Unified OS Administration web applications.
User Interface Changes
-
Enable Selected Local User—The administrator can enable a single user or multiple users in bulk if needed.
-
Disable Selected Local User—The administrator can disable a single user or multiple users in bulk if needed.
Note |
The Enable Selected Local User and the Disable Selected Local User buttons are visible only when the Disable User Accounts unused for (days) service parameter value is set to 1 or more days in the Cisco Database Layer Monitor service. |
End User Settings
In Cisco Unified CM Administration, the following buttons were added in the End User Configuration window.
-
Enable Local User—The administrator can enable a single user if the User Status is set to Disabled.
Note
This button appears only when the User Status is set to Disabled.
-
Disable Local User—The administrator can disable a single user if the User Status is set to Enabled.
Note
This button appears only when the User Status is set to Enabled.
Note |
The Enable Local User and the Disable Local User buttons are visible only when the Disable User Accounts unused for (days) service parameter value is set to 1 or more days in the Cisco Database Layer Monitor service. |
New Service Parameter
A new service parameter called Disable User Accounts unused for (days) was added in the Service Parameter Configuration window under the Cisco Database Layer Monitor service. This parameter specifies how often users must authenticate with Cisco Unified Communications Manager to prevent their account from being automatically disabled.
The user account is disabled if the user does not log in to Cisco Unified Communications Manager with their PIN or Password in the number of days that is specified in the Disable User Accounts unused for (days) field.
If both the Disable User Accounts unused for (days) field and the Inactive Days Allowed field in the Credential Policy Configuration window are configured, the field that has a lower value takes precedence.
For example: If the Inactive Days Allowed field is set to 30 days and the Disable User Accounts unused for (days) field is set to 45 days, and the user does not log in to Cisco Unified Communications Manager within 30 days, the user account remains enabled until 45 days but the user will not able to log in.
If the Disable User Accounts unused for (days) field is set to 30 days and the Inactive Days Allowed field is set to 45 days, and the user does not log in within 30 days to Cisco Unified Communications Manager, the user account is disabled.