CLI users are not listed on the Cisco Prime Collaboration User Management page.

Similar documents
CLI users are not listed on the Cisco Prime Collaboration User Management page.

Setting Up the Server

Cisco Prime Collaboration Assurance Guide - Standard, 10.5

Manage SAML Single Sign-On

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

Cisco Prime Collaboration Assurance Guide - Standard, 10.6

SAML-Based SSO Solution

Unity Connection Version 10.5 SAML SSO Configuration Example

SAML-Based SSO Configuration

SAML-Based SSO Configuration

SAML-Based SSO Solution

SAML SSO Deployment Guide for Cisco Unified Communications Applications, Release 12.0(1)

Quick Start Guide for SAML SSO Access

Quick Start Guide for SAML SSO Access

LDAP Directory Integration

LDAP Directory Integration

Configuration Guide - Single-Sign On for OneDesk

This section includes troubleshooting topics about single sign-on (SSO) issues.

Troubleshooting Single Sign-On

Troubleshooting Single Sign-On

Perform Backup and Restore

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

penelope case management software AUTHENTICATION GUIDE v4.4 and higher

Perform Backup and Restore

Configure Single Sign-On using CUCM and AD FS 2.0 (Windows Server 2008 R2)

Monitor System Status

All about SAML End-to-end Tableau and OKTA integration

Cisco CTL Client Setup

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

Cisco CTL Client setup

Using Your Own Authentication System with ArcGIS Online. Cameron Kroeker and Gary Lee

Active Directory 2000 Plugin Installation for Cisco CallManager

Configuring the SMA 500v Virtual Appliance

Migrate Cisco Prime Collaboration Assurance

Setting Up Resources in VMware Identity Manager

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

SAML SSO Okta Identity Provider 2

Installing the Cisco Unified CallManager Customer Directory Plugin Release 4.3(1)

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Backup the System. Backup Overview. Backup Prerequisites

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Realms and Identity Policies

Managing Users and Configuring Role-Based Access Control

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Integration Guide. PingFederate SAML Integration Guide (SP-Initiated Workflow)

Configuring Cisco TelePresence Manager

Migrating vrealize Automation 6.2 to 7.2

Integrating AirWatch and VMware Identity Manager

Configure the Identity Provider for Cisco Identity Service to enable SSO

Managing GSS Devices from the GUI

VMware Identity Manager Administration

CHAPTER. Introduction

ServiceNow Deployment Guide

Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief

AppController :21:56 UTC Citrix Systems, Inc. All rights reserved. Terms of Use Trademarks Privacy Statement

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

ACS 5.x: LDAP Server Configuration Example

VMware Identity Manager Administration

Single Sign-On. Non-SSO - Continue to use existing Active Directory-based and local authentication, without SSO.

Oracle Collaboration Suite

Novell Access Manager

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Users. LDAP Synchronization Overview

Upgrading Software and Firmware

Cloud Access Manager Configuration Guide

Installing AX Server with PostgreSQL (multi-server)

Provisioning Dashboards and Reports

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

Managing External Identity Sources

D9.2.2 AD FS via SAML2

System Administration

Configuring Alfresco Cloud with ADFS 3.0

How to Configure Authentication and Access Control (AAA)

Install and Configure the F5 Identity Provider (IdP) for Cisco Identity Service (IdS) to enable SSO

Realms and Identity Policies

SonicWall Secure Mobile Access SMA 500v Virtual Appliance 8.6. Getting Started Guide

Cisco Unified Serviceability

Message Networking 5.2 Administration print guide

IBM InfoSphere Information Server Single Sign-On (SSO) by using SAML 2.0 and Tivoli Federated Identity Manager (TFIM)

Installation. Power on and initial setup. Before You Begin. Procedure

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Administering vrealize Log Insight. September 20, 2018 vrealize Log Insight 4.7

Realms and Identity Policies

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Configuring Microsoft ADFS for Oracle Fusion Expenses Mobile Single Sign-On

Branding Customizations

Enforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Integrating the YuJa Enterprise Video Platform with Dell Cloud Access Manager (SAML)

User Accounts for Management Access

VAM. ADFS 2FA Value-Added Module (VAM) Deployment Guide

Administering Workspace ONE in VMware Identity Manager Services with AirWatch. VMware AirWatch 9.1.1

TACACs+, RADIUS, LDAP, RSA, and SAML

Contents Introduction... 5 Configuring Single Sign-On... 7 Configuring Identity Federation Using SAML 2.0 Authentication... 29

Backup and Restore. About Backup and Restore

Configuring User Access for the Cisco PAM Desktop Client

TrueSight Capacity Optimization 10.x - LDAP Integration with Microsoft Active Directory. January 2017

Transcription:

Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator can perform. Cisco Prime Collaboration is preconfigured with a default web client administrator user called globaladmin; globaladmin is a superuser who can access both the Cisco Prime Collaboration Assurance user interfaces. Specify a password for globaladmin when you configure your virtual appliance. You need to use these credentials when you launch the Cisco Prime Collaboration web client for the first time. Cisco Prime Collaboration Assurance servers support these CLI users: admin and root. You cannot create CLI users using the web client user interface. CLI users are created during OVA configuration. By default, the username is admin; the password is specified during OVA configuration and is used to log into the CLI to check the application status and perform backup and restore. Caution CLI users are not listed on the Cisco Prime Collaboration User Management page. Globaladmin and root follow same set of password validation rules, but the rules for admin are different. See the Cisco Prime Collaboration Quick Start Guide for password validation rules for these users. Globaladmin follows same set of password validation rules, but the rules for admin are different. See the Cisco Prime Collaboration Assurance Install and Upgrade Guide. Add, Edit, and Delete a User, page 1 Configure an LDAP Server, page 2 Reset Cisco Prime Collaboration Assurance Passwords, page 5 Change Passwords, page 5 Single Sign-On for Cisco Prime Collaboration, page 5 Add, Edit, and Delete a User You can add a user and assign the predefined static role. The user will have access to the Cisco Prime Collaboration web client only. 1

Configure an LDAP Server If you are logging in for the first time to the Cisco Prime Collaboration Assurance, log in as globaladmin. You, as a globaladmin, must create other administrators using real user-ids. Caution You must not create a user with the name: globaladmin, pmadmin and admin. To add a user: Step 1 Step 2 Step 3 Step 4 Step 5 Choose System Administration > User Management. On the User Management page, click Add. In the Add User page, enter the required user details. Select the role. Click Save. The users thus created via Add User feature are associated with the web client only and cannot log in to the Cisco Prime Collaboration Assurance server through the CLI. To edit user details, select a user at System Administration > User Management and make the necessary changes. As part of your regular system administration tasks, you sometimes must delete users from the Cisco Prime Collaboration database. However, you cannot delete the Cisco Prime Collaboration web client default administrator globaladmin. To delete a user, select the user from System Administration > User Management and click Delete. Any jobs that are scheduled in the deleted user name continue to run until canceled. Configure an LDAP Server You can configure Cisco Prime Collaboration to connect to a Lightweight Directory Access Protocol (LDAP) server, to access user information stored in the LDAP server. You must create an LDAP user from the User Management page to enable the user to log in using LDAP credentials To add, edit or delete a user, see Add, Edit, and Delete a User. Cisco Prime Collaboration supports one primary LDAP server and one backup LDAP server. To configure an LDAP server: Step 1 Step 2 Step 3 Step 4 Choose System Administration > LDAP Settings. In the LDAP Settings page, enter values for all the fields. See LDAP Configuration Parameters for the field descriptions. If Cisco Prime Collaboration must use SSL encryption, check the Use SSL check box and specify port 636. Click Test Connection to check the connectivity to the LDAP server. Upon successful connection, click Apply Settings and restart Cisco Prime Collaboration Assurance server to log in using LDAP. 2

LDAP Configuration Parameters To restart Cisco Prime Collaboration Assurance Server, log in as admin user and execute the following commands: application stop cpcm application start cpcm The application stop cpcm command takes 10 minutes to complete execution and application start cpcm takes 10 to 15 minutes to complete execution. LDAP Configuration Parameters For example, Consider Microsoft Active Directory. Table 1: LDAP Server Configuration Field IP Address / Hostname Description Enter the LDAP server name or IP address. Optionally enter the Backup LDAP server IP address. 3

LDAP Configuration Parameters Field Server Port Admin Distinguished Name Description Enter the Port number on which the LDAP requests for the server is received. Non-secure port: 389 Secure SSL port: 636 Optionally enter the Backup LDAP server Port number. If the LDAP server is configured to use a non-standard port, that port should be entered here as well. Admin Distinguished Name is the distinguished name to use. For example in the preceding image there is a user whose name is John Doe in the LDAP directory, so the Admin Distinguished Name will be as follows: CN = John Doe OU = Campus OU = AdminBLR OU = ABC DC = eta DC = com Admin Password LDAP User Search Base Enter the password for the LDAP server authentication and reconfirm the password. Do not use the pound sign (#) in the password, because the connectivity to the LDAP server fails if the LDAP user password contains the pound sign (#). Enter the user search base. LDAP server searches for users under this base. Search Base is as follows: DC = eta DC = com LDAP authentication fails if you enter special characters in the search base. 4

Reset Cisco Prime Collaboration Assurance Passwords 1 Cisco Prime Collaboration Assurance supports login to PCA with CN or samaccountname or uid attributes of an LDAP user as applicable. 2 uid attribute of an LDAP user should be unique. For a list of LDAP servers supported by Cisco Prime Collaboration 11.6, see Supported Devices for Prime Collaboration Assurance. Reset Cisco Prime Collaboration Assurance Passwords As a super administrator, system administrator or network operator, you can reset the password for other Cisco Prime Collaboration users. You can reset the Cisco Prime Collaboration Assurance web client globaladmin password using the following procedure. To reset the Cisco Prime Collaboration Assurance globaladmin password: Step 1 Step 2 Step 3 Log in as a root user. Execute the following: #cd /opt/emms/emsam/bin/ #./resetglobaladminpassword.sh Enter a new password for the globaladmin when prompted, and also confirm the new password, when prompted. A message notifies that the globaladmin passwords has been successfully reset. Change Passwords To change your own password, go to System Administration > User Management, click Change Password, and make necessary changes. Single Sign-On for Cisco Prime Collaboration Cisco Prime Collaboration provides users with admin privileges to enable Single Sign-On (SSO) in Cisco Prime Collaboration Assurance using Security Assertion Markup Language (SAML). Ensure that the following prerequisites are met before you enable SSO: Prime Collaboration Provisioning is configured to use Secure Socket Layer (SSL). SSL needs to be enabled before you enable SSO for Provisioning. For the steps to enable SSL in Prime Collaboration Provisioning, see section "Enabling SSL for Prime Collaboration Provisioning" in the Cisco Prime Collaboration Provisioning Guide. 5

Single Sign-On for Cisco Prime Collaboration By default, SSL is enabled in Prime Collaboration Assurance application. At least one LDAP Administrative user exists in the system by manually creating an LDAP administrative user in Cisco Prime Collaboration Assurance. An Identity Provider (IdP) server that enables you to use SSO to access many other applications from a single hosted application and a Service Provider. The Service Provider is a website that hosts the applications. Following are the supported third-party IdP servers: Open Access Manager (OpenAM) Ping Identity Active Directory Federation Services (ADFS) Oracle Identity Manager For the steps to setup an IdP server, see the SAML SSO Deployment Guide for Cisco Unified Communication Applications, Release 11.0(1). Download the Identity Provider metadata file from the IdP server and save it in your local system. To enable Single Sign-On: Step 1 Step 2 Step 3 Step 4 Choose System Administration > Single Sign-On. Click Enable SSO. A warning message is displayed stating, Enabling SSO redirects you to the IdP server for authentication from the next login. To access the application, you will need to be authenticated successfully. Enable SSO is disabled if the above mentioned prerequisites are not met. Click Continue. Follow the steps provided in the SSO wizard to enable Single Sign-On. a) Locate the IdP metadata file from your local system and click Import IdP Metadata. b) Click Download Trust Metadata file. c) Launch the IdP server and import the downloaded Trust Metadata file. This is a manual step for Enabling SSO. You need to create a Circle of Trust (CoT) in the IdP server and log out before you proceed with the SSO testing. d) To run SSO Test Setup, select a username from the Valid Administrative Usernames drop-down. Using any other username to log in to the IdP server might lock the administrator account. e) Click Run SSO Test to test the connectivity among the IdP server, Cisco Prime Collaboration Applications, and Single Sign-On. If you are prompted with an error message, Unable to do Single Sign-On or Federation: Manually log in to the IdP server using the end user credentials and check if the authentication is successful. Verify if the Trust Metadata file is successfully uploaded in the IdP server. Verify if the Prime Collaboration server and the IdP server are part of the same Circle of Trust. 6

Single Sign-On for Cisco Prime Collaboration f) Click Finish. Troubleshooting and Logs for SSO When you are logged out of the Cisco Prime Collaboration server while enabling SSO, we recommend you to close the browser and re-launch the Cisco Prime Collaboration application. Because, though your conference expires in Cisco Prime Collaboration server, the IdP server conference might still be active. While enabling SSO, ensure that the hostname for Cisco Prime Collaboration is set and is part of DNS. When IdP server is down, you can: Use the recovery URL- https://<pcserver IP address or host name that is part of DNS>/ssosp/local/login. Disable Single Sign-On from CMD Utility. To disable SSO from CMD utility in Cisco Prime Collaboration applications: Navigate to the /opt/emms/emsam/bin directory for Cisco Prime Collaboration Assurance. Add <Operation> and <Value> entries for cpcmconfigsso.sh file based on the following table: Operations can be.. 1-To get the Single Sign-On status 2-To get the recovery URL status 3-To set the Single Sign-On status 4-To set the recovery URL status Values can be.. Not applicable Not applicable False True or False You cannot enable SSO through CLI. Use the user interface procedure to enable SSO. To disable SSO, run the following command: cpcmconfigsso.sh 3 false By default, the recovery URL is enabled. If you want to disable it for security reasons, set it as False. 7

Single Sign-On for Cisco Prime Collaboration 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback