01-12-2012 02:19 PM - edited 03-14-2019 09:11 AM
I have users synced to an AD, and phones with a SSO services button set up so that users can log directly into uccx without needing to type in username/password. From the ccmusers page a user can see the parameters of this service url, however they can't update the password parameter.
In talking to TAC it was mentioned this was by design, Is there any way a user could update this field to their password themself?
01-13-2012 12:56 AM
Not sure if I understood you right but are you trying to achieve SSO between CUCM & UCCX App for the users ? If yes, then as of now it's not tested & supported.
Please elaborate if I misunderstood your query & I'll be glad to assist.
If above information helps, pls rate the post.
GP.
01-13-2012 07:14 AM
This is using an IP phone service set up on cucm with the following url, http://contactcenter:6293/ipphone/jsp/sciphonexml/IPAgentLogin.jsp I then created 3 parameters as variables so as to use the service on multiple phones. I was under the impression this was a common uccx express integration.
What I'm looking for is a way for users to update the password parameter on this ip phone service somehow theirselves instead of using CM Administration.
01-13-2012 07:57 AM
I checked and the end users are able to change the password of the IPPA by using the ccmuser web page, address is http://
HTH
Please rate this post if was helpful
Walter J. Solano
01-13-2012 08:01 AM
Right, it looks like they should be able to there. The issue is this does not actually update the password there. And in talking to TAC, it was explained that users can't update this. I'm wondering what others might be using this acheive this?
01-17-2012 11:03 AM
Looks like I found a workaround.. If a user updates the password for their uccx ip phone service via ccmuser it will not work initially, and system will indicate a bad password during login. However, if the admin brings up the users phone's Subscribed Cisco IP Phone Services details, makes no changes but saves the page, it then will allow the user to log.
Although a two step proccess at least this gives users a way to change their password without having a system admin key it in, although does require they indicate to the admin when they have.
03-28-2012 03:30 PM
The same thing happened to me and working with cisco tac, they said that this is normal behavior. Although I found a workaround, you must go into CUCM and create a new role with the following read-update permission:
Phone services web pages - Check Read and Update
Go to "user management / user group" and then copy "Standard CCM End users" and create a duplicate called "with Phone Services' or something like that. Add the new role that you created that grants read-update privileges to the phone services web pages.
04-25-2012 09:18 AM
A little late getting back to this, I tried these steps but still couldn't get it to work for end users. Could you list all the Groups and Roles assigned to a working user?
Go to "user management / user group" and then copy "Standard CCM End users" and create a duplicate called "with Phone Services' or something like that. Add the new role that you created that grants read-update privileges to the phone services web pages.
04-25-2012 12:34 PM
I created a role named "Cisco Call Manager Phone Services Self-Service" then added the resource;
Phone Services web pages read + update
I saved that, then went to "User management, User Group" then copied the standard CCM End users group, creating a new group called "Standard CCM End Users with Services". To this new group, I went under "related links" and selected "add role to user group" and added the role "Cisco call manager Phone services self-service". The other two roles assigned to this group are "Standard CCM End users" and "Standard CCMUSER Administration".
Your users should now have both "Standard CCM End Users" and "Standard CCM End Users with Services" but you really only need the latter. The interesting thing is all users automatically that had the original group had this new group immediately applied, prbably because I copied the original group.
04-27-2012 01:46 PM
Precisley what I did as well, just isn't working in my case. Might be the version, I'm using 8.5.1.12900-7
As a test I assigned a user to all roles and found it still doesn't work.
04-28-2012 07:24 AM
Hello,
I am a Cisco TAC engineer supporting the contact center platform. If I understand your question properly you have the following setup. Unified Communications Manager is tied to a Microsoft AD domain for users and authentication. You also have Contact Center Express that uses this CUCM for phones and users. You would like your users to use the ccmuser page from CUCM to change their AD password. If I have missed part of this scenario or not stated it correctly, please let me know. If this is what you wish to do then unfortunately, there is no way to do this. When CUCM is tied to AD for user authentication the only thing CUCM contains is the usernames from AD. The actual password is either grayed out or is ignored. When an authentication request comes to CUCM via the UCCX application (either through CAD or IPPA), the physical login takes place in AD. The password provided is hashed using the appropriate method and gets passed to the configured AD authentication server defined in CUCM. Due to this design it just isn't workable to allow the user to change their password .
There is an alternate method of configuring CUCM so that the desired affect is reached. Simply setup CUCM to import users only from the AD servers. This means you just won't configure an authentication lookup in CUCM. The passwords are now stored in CUCM independently of AD so the user can use the ccmuser page to make the changes. They can choose to use the same password on each system, but they are truly independent of each other.
Hopefully this helps you out. Please let me know if you have any additional questions or concerns,
--
Robert W. Rogier
Customer Service Engineer
TAC - UCC
Cisco Systems, Inc., Research Triangle Park, NC
04-28-2012 03:35 PM
No, not my senario at all. I would like to use the ccmuser page to update a "password" parameter on an IP phone service. In this case the user has already updated their ad password through other means. Now they need to update this parameter to match so the agent can log in.
04-28-2012 05:01 PM
There is nothing built in you can use to accomplish this. If you're savvy
you can write some custom code to update the service via AXL.
04-28-2012 06:50 PM
Yes, there is something built in as Walter pointed out earlier. The point is that it doesn't work, and cisco isn't recognizing it as a problem.
According to Cisco documentation here,
Under the section User Service Subscription, it states that users may "Enter any available service parameters"
So why are users unable to do so, and why is TAC telling us this is by design in conflict with the documentation?
04-29-2012 03:32 AM
HI,
Could you also please check the the Active Directory->Users->Account->Account options.
What are the settings here for these users , please see if you have enabled the password never expires option and also what about User cannot change password setting.
Although I am not sure but still worth to check.
Hope it helps.
Anand
Pls rate helpful posts !!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide