Showing results for 
Search instead for 
Did you mean: 

Selfcare portal Access for non-SSO local CUCM user

Naveen Subramaniam

Dear All,


We are using SSO (Windows ADFS with AD) for most of the users, but some of them (e.g.non-staff) are configured as local user on CUCM as they are not AD users.


We understand this is now supported with version 10.x, however, it seems that we have some corner cases for the Self-care Portal and the Unity Connection integration in Jabber:


- Self-care portal seems to only authenticate via SSO, what is the way to authenticate CUCM local users?


- Jabber link into CUCN for visual voice-mail doesn't seem to be available, could you confirm?


For Administration, we will user Recovery URL who not have AD account (e.g. CUCMAdministrator)


For End User http://xx.xx.xx.xx/ccmuser - how to bypass if user not in AD ??


best regards,


24 Replies 24

Hi Roger, here are three use cases for local users. There are probably more.


1) Most customers require the Active Directory users to change their password regularly. Therefore I often use a local end user on CUCM with a static password for testing. Also useful for Third Party devices where the authentication password would have to be changed on after every AD password change.

2) When there is a login issue, I need to test whether it's a general authentication issue on CUCM or if the issue is related only to SSO. This can be easily tested with a local user on the Self Care Portal.

3) I often use a local end user with an assigned CTI device to set the Forward All target of a directory number via Self Care Portal. There might be a group of several people, where one of them is on duty for a hotline for a week. With the local user, they can log in to Self Care Portal and set the forward for this hotline directory number to their mobile phone. Because the user is not synced with AD, I can set the password requirements on CUCM and they don't need to change it regularly.

Just implemented SSO last night and immediately learned that our local accounts could no longer log in. We use these for special OnCall scenarios.  A set of staff have the local account credential so they can log in and modify a remote destination profile for SNR, which is used to manage an on-call rotation.  My IT staff will not want to create AD service accounts for this purpose, as well as service accounts are in an OU that we do not sync to CUCM.

We have a similar Unity need where a group of staff use a local account to modify SMTP notification devices for an on call solution.

Response Signature