06-17-2015 09:32 PM - edited 03-19-2019 09:42 AM
Dear All,
We are using SSO (Windows ADFS with AD) for most of the users, but some of them (e.g.non-staff) are configured as local user on CUCM as they are not AD users.
We understand this is now supported with version 10.x, however, it seems that we have some corner cases for the Self-care Portal and the Unity Connection integration in Jabber:
- Self-care portal seems to only authenticate via SSO, what is the way to authenticate CUCM local users?
- Jabber link into CUCN for visual voice-mail doesn't seem to be available, could you confirm?
For Administration, we will user Recovery URL who not have AD account (e.g. CUCMAdministrator)
For End User http://xx.xx.xx.xx/ccmuser - how to bypass if user not in AD ??
best regards,
Naveen
04-14-2021 12:07 AM
Hi Roger, here are three use cases for local users. There are probably more.
1) Most customers require the Active Directory users to change their password regularly. Therefore I often use a local end user on CUCM with a static password for testing. Also useful for Third Party devices where the authentication password would have to be changed on after every AD password change.
2) When there is a login issue, I need to test whether it's a general authentication issue on CUCM or if the issue is related only to SSO. This can be easily tested with a local user on the Self Care Portal.
3) I often use a local end user with an assigned CTI device to set the Forward All target of a directory number via Self Care Portal. There might be a group of several people, where one of them is on duty for a hotline for a week. With the local user, they can log in to Self Care Portal and set the forward for this hotline directory number to their mobile phone. Because the user is not synced with AD, I can set the password requirements on CUCM and they don't need to change it regularly.
01-21-2022 07:37 PM
Just implemented SSO last night and immediately learned that our local accounts could no longer log in. We use these for special OnCall scenarios. A set of staff have the local account credential so they can log in and modify a remote destination profile for SNR, which is used to manage an on-call rotation. My IT staff will not want to create AD service accounts for this purpose, as well as service accounts are in an OU that we do not sync to CUCM.
We have a similar Unity need where a group of staff use a local account to modify SMTP notification devices for an on call solution.
01-21-2022 11:15 PM
01-22-2022 12:09 PM - edited 01-23-2022 03:55 PM
Thanks, Roger. That gives a clue that there is a mechanism for non SSO but certainly doesn't address the web apps for the user portal scene call manager and unity. I may open another TAC case next week and will let people know what I learn.
01-23-2022 12:32 AM
Your welcome, I realised it doesn’t cover the aspects of your outline, but hopefully someone could be of help. However my name is not Robert.
01-23-2022 03:56 PM
Fixed up, @Roger Kallberg
05-08-2022 02:14 AM
Hi @Roger Kallberg @Stephanie
Any workaround for local user to login self care portal if SSO enable in CUCM?
Thanks in advance.
05-08-2022 07:28 AM
Not that I’m aware of.
05-25-2024 02:12 AM
04-14-2021 12:42 AM
Absolutely, its number 3 for us but in a slightly different way.
We have several offices that have a single DDI number they want to route onto a hunt pilot to broadcast to several phones BUT they also want the ability to set incoming calls to VM manually if they are not going to be in the office etc.
We forward the DDI to the local end users extension and the users then login to the self care portal and either call forward to the hunt pilot or call forward to voicemail. Its not an elegant solution but it worked until we enabled SSO.
Thinking of ways round it, we are going to assign the existing local end users extension as an additional line button on their phones so they can at least do the call forward manually for now.
06-23-2022 11:36 PM
+1 for this request. My case is where there are phones in some service spaces that need to have their VM accessed with ability to change pin for example. Local accounts don't work for it now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide