CLI users are not listed on the Cisco Prime Collaboration User Management page.

Similar documents
CLI users are not listed on the Cisco Prime Collaboration User Management page.

Setting Up the Server

Cisco Prime Collaboration Assurance Guide - Standard, 10.5

Cisco Prime Collaboration Assurance Guide - Standard, 10.6

Unity Connection Version 10.5 SAML SSO Configuration Example

SAML-Based SSO Configuration

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

Manage SAML Single Sign-On

SAML-Based SSO Solution

SAML-Based SSO Configuration

SAML-Based SSO Solution

SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1)

Quick Start Guide for SAML SSO Access

Quick Start Guide for SAML SSO Access

This section includes troubleshooting topics about single sign-on (SSO) issues.

Configuration Guide - Single-Sign On for OneDesk

Troubleshooting Single Sign-On

Troubleshooting Single Sign-On

LDAP Directory Integration

LDAP Directory Integration

Perform Backup and Restore

Backup the System. Backup Overview. Backup Prerequisites

Perform Backup and Restore

Cisco CTL Client Setup

Cisco CTL Client setup

Migrate Cisco Prime Collaboration Assurance

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Managing GSS Devices from the GUI

Configure Single Sign-On using CUCM and AD FS 2.0 (Windows Server 2008 R2)

All about SAML End-to-end Tableau and OKTA integration

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

Installing the Cisco Unified CallManager Customer Directory Plugin Release 4.3(1)

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Monitor System Status

Configuring the SMA 500v Virtual Appliance

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

Integrating AirWatch and VMware Identity Manager

penelope case management software AUTHENTICATION GUIDE v4.4 and higher

Installing AX Server with PostgreSQL (multi-server)

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

SAML SSO Okta Identity Provider 2

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Setting Up Resources in VMware Identity Manager

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

ACS 5.x: LDAP Server Configuration Example

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Active Directory 2000 Plugin Installation for Cisco CallManager

Managing External Identity Sources

Configuring Cisco TelePresence Manager

Managing Users and Configuring Role-Based Access Control

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

User guide NotifySCM Installer

Realms and Identity Policies

Configuring Microsoft ADFS for Oracle Fusion Expenses Mobile Single Sign-On

Configuring Alfresco Cloud with ADFS 3.0

Migrating vrealize Automation 6.2 to 7.2

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Cloud Access Manager Configuration Guide

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

Morningstar ByAllAccounts SAML Connectivity Guide

Backup and Restore. About Backup and Restore

System Administration

User Inputs for Installation

VMware Identity Manager Administration

Managing Certificates

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

ENTRUST CONNECTOR Installation and Configuration Guide Version April 21, 2017

TACACs+, RADIUS, LDAP, RSA, and SAML

Webthority can provide single sign-on to web applications using one of the following authentication methods:

VMware Horizon Cloud Service on Microsoft Azure Administration Guide

Enabling Single Sign-On Using Microsoft Azure Active Directory in Axon Data Governance 5.2

Novell Access Manager

Users. LDAP Synchronization Overview

VMware Identity Manager Administration

Disaster Recovery System

Message Networking 5.2 Administration print guide

Perform Backup and Restore

Oracle Collaboration Suite

ADFS Setup (SAML Authentication)

Cloud Secure Integration with ADFS. Deployment Guide

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Upgrading Software and Firmware

CHAPTER. Introduction

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

IBM InfoSphere Information Server Single Sign-On (SSO) by using SAML 2.0 and Tivoli Federated Identity Manager (TFIM)

User Inputs for Installation, Reinstallation, and Upgrade

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

AppController :21:56 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

Horizon Cloud with On-Premises Infrastructure Administration Guide. VMware Horizon Cloud Service Horizon Cloud with On-Premises Infrastructure 1.

Overview of the Cisco NCS Command-Line Interface

Provisioning Dashboards and Reports

Security and Certificates

Installation and Configuration

Enforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

Transcription:

Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator can perform. Cisco Prime Collaboration is preconfigured with a default web client administrator user called globaladmin; globaladmin is a superuser who can access both the Cisco Prime Collaboration Assurance user interfaces. Specify a password for globaladmin when you configure your virtual appliance. You need to use these credentials when you launch the Cisco Prime Collaboration web client for the first time. Cisco Prime Collaboration Assurance servers support the CLI user: admin. You cannot create CLI users using the web client user interface. CLI users are created during OVA configuration. By default, the username is admin; the password is specified during OVA configuration and is used to log into the CLI to check the application status and perform backup and restore. Caution CLI users are not listed on the Cisco Prime Collaboration User Management page. Globaladmin follows same set of password validation rules, but the rules for admin are different. See the Cisco Prime Collaboration Assurance Install and Upgrade Guide. Add, Edit, and Delete a User, page 1 Configure an LDAP Server, page 2 Reset Cisco Prime Collaboration Assurance Passwords, page 4 Change Passwords, page 5 Single Sign-On for Cisco Prime Collaboration, page 5 Add, Edit, and Delete a User You can add a user and assign the predefined static role. The user will have access to the Cisco Prime Collaboration web client only. If you are logging in for the first time to the Cisco Prime Collaboration Assurance, log in as globaladmin. You, as a globaladmin, must create other administrators using real user-ids. 1

Configure an LDAP Server Caution You must not create a user with the name: globaladmin, pmadmin and admin. To add a user: Step 1 Step 2 Step 3 Step 4 Step 5 Choose System Administration > User Management. On the User Management page, click Add. In the Add User page, enter the required user details. Select the role. Click Save. The users thus created via Add User feature are associated with the web client only and cannot log in to the Cisco Prime Collaboration Assurance server through the CLI. To edit user details, select a user at System Administration > User Management and make the necessary changes. As part of your regular system administration tasks, you sometimes must delete users from the Cisco Prime Collaboration database. However, you cannot delete the Cisco Prime Collaboration web client default administrator globaladmin. To delete a user, select the user from System Administration > User Management and click Delete. Any jobs that are scheduled in the deleted user name continue to run until canceled. Configure an LDAP Server You can configure Cisco Prime Collaboration to connect to a Lightweight Directory Access Protocol (LDAP) server, to access user information stored in the LDAP server. You must create an LDAP user from the User Management page to enable the user to log in using LDAP credentials To add, edit or delete a user, see Add, Edit, and Delete a User. Cisco Prime Collaboration supports one primary LDAP server and one backup LDAP server. To configure an LDAP server: Step 1 Step 2 Step 3 Step 4 Choose System Administration > LDAP Settings. In the LDAP Settings page, enter values for all the fields. See LDAP Configuration Parameters for the field descriptions. If Cisco Prime Collaboration must use SSL encryption, check the Use SSL check box and specify port 636. Click Test Connection to check the connectivity to the LDAP server. Upon successful connection, click Apply Settings and restart Cisco Prime Collaboration Assurance server to log in using LDAP. To restart Cisco Prime Collaboration Assurance Server, log in as admin user and execute the following commands: application stop cpcm application start cpcm 2

LDAP Configuration Parameters The application stop cpcm command takes 10 minutes to complete execution and application start cpcm takes 10 to 15 minutes to complete execution. LDAP Configuration Parameters Table 1: LDAP Server Configuration Field Server IP address Server Port Description Enter the LDAP server name or IP address. Optionally enter the Backup LDAP server IP address. Enter the Port number on which the LDAP requests for the server is received. Non-secure port: 389 Secure SSL port: 636 Optionally enter the Backup LDAP server Port number. If the LDAP server is configured to use a non-standard port, that port should be entered here as well. 3

Reset Cisco Prime Collaboration Assurance Passwords Field Admin Distinguished Name Description Admin Distinguished Name is the distinguished name to use. For example in the preceding image there is a user whose name is John Doe in the LDAP directory, so the Admin Distinguished Name will be as follows: CN = John Doe OU = Campus OU = AdminBLR OU = ABC DC = eta DC = com Admin Password LDAP User Search Base Enter the password for the LDAP server authentication and reconfirm the password. Do not use the pound sign (#) in the password, because the connectivity to the LDAP server fails if the LDAP user password contains the pound sign (#). Enter the user search base. LDAP server searches for users under this base. Search Base is as follows: DC = eta DC = com LDAP authentication fails if you enter special characters in the search base. Reset Cisco Prime Collaboration Assurance Passwords As a super administrator, system administrator or network operator, you can reset the password for other Cisco Prime Collaboration users. Prerequisite - Root access feature is mandatory to perform this task, hence you should raise a TAC case to obtain root access. You can reset the Cisco Prime Collaboration Assurance web client globaladmin password using the following procedure. 4

Change Passwords To reset the Cisco Prime Collaboration Assurance globaladmin password: Step 1 Step 2 Step 3 Log in as a root user. Execute the following: #cd /opt/emms/emsam/bin/ #./resetglobaladminpassword.sh Enter a new password for the globaladmin when prompted, and also confirm the new password, when prompted. A message notifies that the globaladmin passwords has been successfully reset. Change Passwords To change your own password, go to System Administration > User Management, click Reset Password, and make necessary changes. Single Sign-On for Cisco Prime Collaboration Cisco Prime Collaboration provides users with admin privileges to enable Single Sign-On (SSO) in Cisco Prime Collaboration Assurance using Security Assertion Markup Language (SAML). Cisco Prime Collaboration does not support multiserver SAN certificates and end user SAML SSO. Ensure that the following prerequisites are met before you enable SSO: At least one LDAP Administrative user exists in the system by manually creating an LDAP administrative user in Cisco Prime Collaboration Assurance. An Identity Provider (IdP) server that enables you to use SSO to access many other applications from a single hosted application and a Service Provider. The Service Provider is a website that hosts the applications. Following are the supported third-party IdP servers: Open Access Manager (OpenAM) Ping Identity Active Directory Federation Services (ADFS) Oracle Identity Manager For the steps to setup an IdP server, see the SAML SSO Deployment Guide for Cisco Unified Communication Applications, Release 11.0(1). Download the Identity Provider metadata file from the IdP server and save it in your local system. 5

Single Sign-On for Cisco Prime Collaboration To enable Single Sign-On: Step 1 Step 2 Step 3 Step 4 Choose System Administration > Single Sign-On. Click Enable SSO. A warning message is displayed stating, Enabling SSO redirects you to the IdP server for authentication from the next login. To access the application, you will need to be authenticated successfully. Enable SSO is disabled if the above mentioned prerequisites are not met. Click Continue. Follow the steps provided in the SSO wizard to enable Single Sign-On. a) Locate the IdP metadata file from your local system and click Import IdP Metadata. b) Click Download Trust Metadata file. c) Launch the IdP server and import the downloaded Trust Metadata file. This is a manual step for Enabling SSO. You need to create a Circle of Trust (CoT) in the IdP server and log out before you proceed with the SSO testing. d) To run SSO Test Setup, select a username from the Valid Administrative Usernames drop-down. Using any other username to log in to the IdP server might lock the administrator account. e) Click Run SSO Test to test the connectivity among the IdP server, Cisco Prime Collaboration Applications, and Single Sign-On. If you are prompted with an error message, Unable to do Single Sign-On or Federation: Manually log in to the IdP server using the end user credentials and check if the authentication is successful. Verify if the Trust Metadata file is successfully uploaded in the IdP server. Verify if the Prime Collaboration server and the IdP server are part of the same Circle of Trust. f) Click Finish. Troubleshooting and Logs for SSO When you are logged out of the Cisco Prime Collaboration server while enabling SSO, it is recommended that you close the browser and re-launch the Cisco Prime Collaboration application. Because, though your session expires in Cisco Prime Collaboration server, the IdP server session might still be active. While enabling SSO, ensure that the hostname for Cisco Prime Collaboration is set and is part of DNS. When IdP server is down, you can: Use the recovery URL- https://<pcserver IP address or host name that is part of DNS>/ssosp/local/login. Disable Single Sign-On from CMD Utility. To disable SSO from CMD utility in Cisco Prime Collaboration applications: Navigate to the /opt/emms/emsam/bin directory for Cisco Prime Collaboration Assurance. Add <Operation> and <Value> entries for cpcmconfigsso.sh file based on the following table: Operations can be.. Values can be.. 6

Single Sign-On for Cisco Prime Collaboration 1-To get the Single Sign-On status 2-To get the recovery URL status 3-To set the Single Sign-On status 4-To set the recovery URL status Not applicable Not applicable False True or False You cannot enable SSO through CLI. Use the user interface procedure to enable SSO. To disable SSO, run the following command: cpcmconfigsso.sh 3 false By default, the recovery URL is enabled. If you want to disable it for security reasons, set it as False. 7

Single Sign-On for Cisco Prime Collaboration 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback