Credential Policy CHAPTER

Similar documents
Cisco Extension Mobility

Passwords, PINs, and Authentication Rule Management

Directory Overview. Cisco Unified Communications Manager System Guide, Release 10.0(1) OL

Application User Configuration

This chapter provides information about managing end user directory information.

Adding Users. Adding Users CHAPTER

Application User Setup

End User Setup. About End User Setup

Application Users and End Users

Manage End Users. End User Overview. End User Management Tasks. End User Overview, on page 1 End User Management Tasks, on page 1

LDAP Directory Integration

LDAP Directory Integration

Users. LDAP Synchronization Overview

Updating Users. Updating Users CHAPTER

Unity Connection Version 10.5 SAML SSO Configuration Example

User Templates. Find BAT User Template. Procedure

Digest Authentication Setup for SIP Trunks

<Partner Name> <Partner Product> RSA SECURID ACCESS. VMware Horizon View 7.2 Clients. Standard Agent Client Implementation Guide

The following items need to be configured when creating new user from predefined template:

Troubleshooting User and Administrator Access

Self-Provisioning. Self-Provisioning

MANAGING LOCAL AUTHENTICATION IN WINDOWS

Extension Mobility Service API

RSA SecurID Ready Implementation Guide. Last Modified: March 27, Cisco Systems, Inc.

Configuring Authentication and Encryption for CTI, JTAPI, and TAPI

CDR Analysis and reporting tool

User Databases. ACS Internal Database CHAPTER

Configuring Content Authentication and Authorization on Standalone Content Engines

Configuring Cisco Unified Communications Manager Directory Integration

Import Users From LDAP Directory

InfoRouter LDAP Authentication Web Service InfoRouter Version 7.5 Active Innovations, Inc. Copyright

Cisco Extension Mobility Service API

Provision Unified CM for Unified CCX

System-Level Configuration Settings

Troubleshooting Single Sign-On

Using the Cisco Unified Analysis Manager Tools

Troubleshooting Single Sign-On

Unified Communications Manager Version 10.5 SAML SSO Configuration Example

Microsoft Office Groove Server Groove Manager. Domain Administrator s Guide

Backup and Restore. Cisco Unified Contact Center Express Operations Guide, Release 10.0(1) 1

Administering Jive Mobile Apps for ios and Android

Configure the IM and Presence Service

Live Data CLI Commands

RSA Authentication Manager Adapter User Guide

Using the Certificate Authority Proxy Function

Default Security Setup

Colligo Administrator 1.2. User Guide

Message Networking 5.2 Administration print guide

Cisco Unified Communications Domain Manager manual configuration

User Configuration Settings

Copyright

Lab Configure Windows Local Security Policy

TLS Setup. TLS Overview. TLS Prerequisites

Microsoft Unified Access Gateway 2010

Avaya Event Processor Release 2.2 Operations, Administration, and Maintenance Interface

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

SAML-Based SSO Solution

Associate Users with Endpoints

Cisco Unified IP Phone Services

Integration Configuration

Configuring Services. Activating and Deactivating Feature Services CHAPTER

LDAP Directory Setup. About LDAP Directory Setup

Cisco Exam Integrating Cisco Unified Communications Applications v8.0 (CAPPS v8.0) Version: 40.0 [ Total Questions: 203 ]

AAA and the Local Database

Exporting Phones. Using Phone Export CHAPTER

penelope case management software AUTHENTICATION GUIDE v4.4 and higher

Integration Configuration

Installing and Configuring Extension Mobility Using Either: Extended Services 2.2; CRA 2.2 or CRS 3.0(2) and CallManager 3.2

Configure Cisco Jabber

Implementing Cisco Collaboration Devices 1.0 (CICD)

CUCM Directory Synchronization FAQ

Post-Installation Tasks

Subscriber Management

With standard audit logging, configuration changes to the system get logged in separate log files for auditing.

System Configuration. Configuring System Parameters CHAPTER

User Management. Jabber IDs

Installing the Cisco Unified CallManager Customer Directory Plugin Release 4.3(1)

Secret Server SOAP Web Services API Guide

RSA Authentication Manager 7.1 Help Desk Administrator s Guide

Q&As. Implementing Cisco Collaboration Devices v1.0. Pass Cisco Exam with 100% Guarantee

BLF Presence. Configure BLF Presence

Monitor System Status

CAPPS: Implementing Cisco Collaboration Applications v1

PeoplePassword Documentation v6.0

Cisco Unity Express Windows and Menus

Configure the IM and Presence Service to Integrate with the Microsoft Exchange Server

ReACT New User Setup, Password Reset and Account Unlock Instructions

Overview What is Azure Multi-Factor Authentication? How it Works Get started Choose where to deploy MFA in the cloud MFA on-premises MFA for O365

Planning for User Migration

Hold Reversion. Configuration Checklist for Hold Reversion CHAPTER

ITCertMaster. Safe, simple and fast. 100% Pass guarantee! IT Certification Guaranteed, The Easy Way!

Manage Your Inventory

NetStep Challenge. Username (alias) Extension First name and last name Employee ID Title

Using EAP Authentication

User Identity Sources

ANIXIS Password Reset

Troubleshooting Exchange Calendaring Integrations

Cisco Unified Communications Manager Administration Guide End User Configuration Section

RSA Authentication Manager 7.1 Administrator s Guide

Agent Administration

Transcription:

CHAPTER 21 Cisco Unified Communications Manager authenticates user login credentials before allowing system access. To help secure user accounts, you can specify settings for failed logon attempts, lockout durations, password expirations, and password requirements in Cisco Unified Communications Manager Administration. These authentication rules form a credential policy. Credential policies apply to application users and end users. You assign a password policy to end users and application users and a PIN policy to end users. The Default Configuration lists the policy assignments for these groups. At installation, Cisco Unified Communications Manager assigns a static Default to user groups. It does not provide default credentials. The Default Configuration window in Cisco Unified Communications Manager Administration provides options to assign new default policies and to configure new default credentials and credential requirements for users. Note The system does not support empty (null) credentials. If your system uses LDAP authentication, you must configure end user default credentials immediately after installation, or logins fail. When you add a new user to the Cisco Unified Communications Manager database, the system assigns the default policy. You can change the assigned policy and manage user authentication events with the Edit Credentials button in the user configuration window. See the Credential Management section on page 20-4 for more information. This chapter includes the following topics: Configuration Checklist, page 21-2 and Authentication, page 21-3 Credential Caching, page 21-3 BAT Administration, page 21-3 JTAPI/TAPI Support, page 21-4 Credential History, page 21-4 Authentication Events, page 21-4 Where to Find More Information, page 21-5 21-1

Configuration Checklist Chapter 21 Configuration Checklist Cisco Unified Communications Manager authenticates user login credentials before allowing system access. To help secure user accounts, you can specify settings for failed logon attempts, lockout durations, password expirations, and password requirements in Cisco Unified Communications Manager Administration. These authentication rules form a credential policy. Credential policies apply to application users and end users. You assign a password policy to end users and application users and a PIN policy to end users. The Default Configuration lists the policy assignments for these groups. At installation, Cisco Unified Communications Manager assigns a static Default to user groups. It does not provide default credentials. The Default Configuration window in Cisco Unified Communications Manager Administration provides options to assign new default policies and to configure new default credentials and credential requirements for users. Note The system does not support empty (null) credentials. If your system uses LDAP authentication, you must configure end user default credentials immediately after installation, or logins fail. When you add a new user to the Cisco Unified Communications Manager database, the system assigns the default policy. You can change the assigned policy and manage user authentication events with the Edit Credentials button in the user configuration window. Table 21-1 lists the general steps and guidelines for configuring credential policies. For more information, see the Where to Find More Information, page 21-5. Table 21-1 Configuration Checklist Configuration Steps Step 1 Step 2 Step 3 Use the Configuration windows to configure a credential policy other than the default policy. Use the Default windows to assign a new credential policy and configure a common password for an account type. To manage or monitor the credential configuration for individual users, click the Edit Credential link in the user configuration window. Related procedures and topics Configuration, Cisco Unified Communications Manager Default Configuration, Cisco Unified Communications Manager Cisco Unified Communications Manager Bulk Managing End User Credential Information, Cisco Unified Communications Manager Managing Application User Credential Information, Cisco Unified Communications Manager 21-2

Chapter 21 and Authentication and Authentication The authentication function in Cisco Unified Communications Manager authenticates users, updates credential information, tracks and logs user events and errors, records credential change histories, and encodes/decodes or encrypts/decrypts user credentials for data storage. The system always authenticates application user passwords and end user PINs against the Cisco Unified Communications Manager database. The system can authenticate end user passwords against the corporate directory or the Cisco Unified Communications Manager database. If your system is synchronized with the corporate directory, either the authentication function in Cisco Unified Communications Manager or LDAP can authenticate the password. With LDAP authentication enabled, user passwords and credential policies that are configured in Cisco Unified Communications Manager Administration do not apply. These defaults get applied to users that are created with directory synchronization (DirSync service). When LDAP authentication is disabled, the system authenticates user credentials against the Cisco Unified Communications Manager database. With this option, administrators can assign credential policies, manage authentication events, and administer passwords. End users can change passwords and PINs at the phone user pages. See the Understanding the Directory section on page 19-1 for more information about LDAP authentication. Credential policies do not apply to OS users or CLI users. These administrators use standard password verification procedures that the OS supports. See the Cisco Unified Communications Operating System for information about OS login procedures. Credential Caching To improve performance, administrators can configure the enterprise parameter Enable Caching to True. The parameter enables Cisco Unified Communications Manager to use cached credentials for up to 2 minutes. This eliminates the need for Cisco Unified Communications Manager to perform a database lookup or invoke a stored procedure for every single login request, thereby increasing system efficiency. An associated credential policy does not get enforced until the caching duration expires. This setting applies to all Java applications that invoke user authentication. Setting the enterprise parameter to False turns off caching, so the system does not use cached credentials for authentication. The system ignores this setting for LDAP authentication. Credential caching requires a minimal amount of additional memory per user. BAT Administration The Bulk Administration Tool (BAT) allows administrators to define common credential parameters, such as passwords and PINs, for a group of users in the BAT User Template. When you first create a user template, all the users get assigned the static Default. See the Cisco Unified Communications Manager Bulk for more information. 21-3

JTAPI/TAPI Support Chapter 21 JTAPI/TAPI Support Because Cisco Unified Communications Manager Java Telephony Applications Programming Interface (JTAPI) and Telephony Applications Programming Interface (TAPI) support the credential policies that are assigned to application users, developers must create applications that react to the password expiration, PIN expiration, and lockout return codes for credential policy enforcement. Applications use an API to authenticate with the database or corporate directory, regardless of the authentication model that an application uses. See the Cisco Unified Communications Manager JTAPI Developers Guide and the Cisco Unified Communications Manager TAPI Developers Guide for new error strings that support credential policy and authentication. Credential History After a user is configured in the database, the system stores a history of user credentials in the database to prevent a user from entering previous credentials when the user is prompted to change credentials. Authentication Events You can monitor and manage authentication activity for a user at the user Credential Configuration page, which is accessed with the Edit Credentials button in the user configuration windows. The system shows the most current authentication results, such as last hack attempt time, and counts for failed logon attempts. See Managing End User Credential Information and Managing Application User Credential Information in the Cisco Unified Communications Manager for more information. The system generates log file entries for the following credential policy events: Authentication success Authentication failure (bad password or unknown) Authentication failure due to Administrative lock Hack lock (failed logon lockouts) Expired soft lock (expired credential) Inactive lock (credential not used for some time) User must change (credential set to user must change) LDAP inactive (switching to LDAP authentication and LDAP not active) Successful user credential updates Failed user credential updates Note If you use LDAP authentication for end user passwords, LDAP tracks only authentication successes and failures. 21-4

Chapter 21 Where to Find More Information All event messages contain the string ims-auth and the userid that is attempting authentication. You can view log files with the Cisco Unified Real Time Monitoring Tool. You can also collect captured events into reports. See the Cisco Unified Real Time Monitoring Tool and the Cisco Unified Communications Manager CDR Analysis and Reporting for more information. Where to Find More Information Related Topics Configuration Checklist, page 21-2 and Authentication, page 21-3 Credential Caching, page 21-3 BAT Administration, page 21-3 JTAPI/TAPI Support, page 21-4 Credential History, page 21-4 Authentication Events, page 21-4 Understanding the Directory, page 19-1 Application Users and End Users, page 20-1 Managing End User Credential Information, Cisco Unified Communications Manager Managing Application User Credential Information, Cisco Unified Communications Manager Configuration, Cisco Unified Communications Manager Default Configuration, Cisco Unified Communications Manager Administration Guide LDAP System Configuration, Cisco Unified Communications Manager LDAP Directory Configuration, Cisco Unified Communications Manager LDAP Authentication Configuration, Cisco Unified Communications Manager Administration Guide Application User Configuration, Cisco Unified Communications Manager End User Configuration, Cisco Unified Communications Manager Additional Cisco Documentation Installing Cisco Unified Communications Manager Release 8.5(1) Cisco Unified Communications Operating System Cisco Unified Communications Solution Reference Network Design (SRND) Cisco Unified Communications Manager Features and Services Guide Cisco Unified Serviceability Cisco Unified Real Time Monitoring Tool Cisco Unified Communications Manager CDR Analysis and Reporting 21-5

Where to Find More Information Chapter 21 Cisco Unified Communications Manager Bulk Cisco Unified Communications Manager Security Guide Cisco Unified IP Phone user documentation and release notes (all models) 21-6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback