Preview only show first 10 pages with watermark. For full document please download

Manage Users

Rating
Date

October 2018
Size

1.5MB
Views

2,164
Categories

Computers & electronics Software Networking software Network management software

Transcript

Manage Users Cisco Prime Collaboration supports built-in static roles for Cisco Prime Collaboration Assurance and Prime Collaboration Provisioning, with predefined access control that enables you to perform different tasks. Cisco Prime Collaboration supports creation of user roles. In Cisco Prime CollaborationAssurance-Standard, a user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator can perform. Cisco Prime Collaboration Assurance- Advanced supports several user roles. Cisco Prime Collaboration Assurance enables Role-based Access Control (RBAC) through these built-in static roles. Hence the tasks a user can perform, or the device or device groups a user can view or manage is controlled by the role allocated by the Super Administrator. You can enforce further access control of selected devices or device groups, and tasks related to those by associating the devices or device groups to specific customers (if you have deployed Cisco Prime Collaboration in MSP mode) or assurance domains (if you have deployed Cisco Prime Collaboration in Enterprise mode). Typically, a user with Operator role, is granted access to certain customers or assurance domains only. For creating and managing customer groups in your network, see Manage Customers. For creating and managing assurance domains in your network, see Manage Assurance Domains. • Cisco Prime Collaboration Assurance-Advanced User Roles, page 2 • Prime Collaboration Provisioning User Roles, page 2 • Single Sign-On for Cisco Prime Collaboration, page 4 • Default User Accounts, page 6 • User Roles and Tasks, page 8 • User Roles and Tasks, page 8 • Add, Edit, and Delete a User, page 16 • Modify User Roles, page 17 • Configure an LDAP Server, page 18 • LDAP Configuration Parameters, page 18 • Reset Cisco Prime Collaboration Assurance Passwords, page 20 • Resetting Prime Collaboration Provisioning Passwords, page 21 • Change Passwords, page 21 Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 1 Manage Users Cisco Prime Collaboration Assurance-Advanced User Roles Cisco Prime Collaboration Assurance-Advanced User Roles User roles are used to define the authorizations of tasks that users can access. A user can be assigned one of the following roles: • Helpdesk—Views and accesses network status information only and cannot perform any action on a device or schedule a job that reaches the network. • Operator—Performs all Helpdesk tasks and tasks related to network data collection. Cannot perform any Device Work Center operations such as adding, discovering, or importing devices. Also, an operator will not be able to configure thresholds for Alarms and Events • Network administrator—Performs all Operator tasks and tasks that result in a network configuration change like credential management, threshold settings, and so on. • System administrator—Performs Assurance user interface-related administration tasks such as backup and restore, maintaining log files, configuring users, and so on. • Super administrator—Can perform tasks that both system administrator and network administrator can perform. Helpdesk is a preselected role that is assigned to every user in Cisco Prime Collaboration. The roles selected for a user, will determine the access to data of other users. For example a user with Super Admin role can view all other users, however a user with Network Administrator role cannot view the users with higher roles such as Super Administrator, or System Administrator, but can look at other user's data whose role is of Operator or Helpdesk. If you have deployed Cisco Prime Collaboration in MSP Mode, you can look at customers belonging to another user of the same role, only if you are associated with the customer(s). If you have deployed Cisco Prime Collaboration in ENT Mode, you can look at assurance domains belonging to another user of the same role, only if you are associated with the assurance domain(s). Note: The User Management submenu is not available to the following roles: 1 Helpdesk 2 Operator Prime Collaboration Provisioning User Roles Two types of global Provisioning user roles are available: global and domain specific. The global Provisioning user is typically an IP telephony expert who configures Prime Collaboration Provisioning business abstractions for voice applications. The domain-specific Provisioning user can be an administrator for a single domain but can be a user for multiple domains. The user roles for Prime Collaboration Provisioning are explained in Table 1. Table 1: Authorization Roles Authorization Role Global Roles Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 2 Description Manage Users Prime Collaboration Provisioning User Roles Authorization Role Description Administration Has access to all Provisioning functionality. Maintenance Authorized to configure system cleanup activities. See Maintenance Mode. See Cisco Prime Collaboration Provisioning Guide. Roles for Domain In the drop-down list, select the Domain for which you are setting the authorization roles. The selected roles only apply to the selected Domain. To apply the same authorization role to all available domains, select Apply to all domains. Note If the administrator selects Apply to all domains, existing roles of the user in all the domains will be overridden with the current selection. Policy Authorized to view phone button templates, modify user roles, and add or update phone inventory. Infrastructure Configuration Management Authorized to provision infrastructure configuration objects. When you select this role, you must also select a profile from the Permission Profile box. Permission Profiles Sets the permissions for which infrastructure configuration object users assigned this authorization role can configure. (For information on setting permissions, see Cisco Prime Collaboration Provisioning Guide. SelfCare User Authorized to manage his own services; set up lines, manage services, and configure phone options quickly and easily. Note In the standalone Prime Collaboration Provisioning application, you can enable or disable Self-Care while adding both users. The Self-Care check box is not available while adding users. However, after creating a user, you can assign Self-Care role from the Manage User page. See Cisco Prime Collaboration Provisioning Guide. Ordering Roles Users assigned these roles are allowed to place orders for other users and themselves. Ordering Authorized to: • Add, delete, or update a user within a Domain. • Add, delete, or update a user role within a Domain (if the rule for that Domain permits it). • Add, delete, or update phones in the inventory within a Domain (if the rule for that Domain permits it). • Search and view detailed user information within a Domain. • Place an order for a user within a Domain. Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 3 Manage Users Single Sign-On for Cisco Prime Collaboration Authorization Role Description Advanced Ordering Authorized to access all the functionality specified by the Ordering role; can also access Advanced Order Options in the Order Entry page. Advanced Assignment Authorized to access all the functionality specified by the Ordering role, and to assign the MAC address for a phone product at the time of order entry. Activity Roles Users assigned one of these roles can perform activities assigned to the group during order processing. Note Approval Authorized to accept and complete the approval for orders. Assignment Authorized to accept the user activity for assigning the MAC address. Shipping Authorized to accept and complete shipping of orders. Receiving Authorized to accept and complete receiving of orders. • globaladmin and domain admin can create Self-Care roles for any user. Self-Care role can be assigned to a user from the Manage Users page in the standalone Prime Collaboration Provisioning only. For more information, see "Creating a Self-Care Account" in the Cisco Prime Collaboration Provisioning Guide. • In the converged mode, you cannot import a user associated with a Self-Care role into the Prime Collaboration Assurance application. The Managing Subscribers and Users chapter in Cisco Prime Collaboration Provisioning Guide provides detailed information on how to manage users. Single Sign-On for Cisco Prime Collaboration Cisco Prime Collaboration provides users with admin privileges to enable Single Sign-On (SSO) in Cisco Prime Collaboration Assurance using Security Assertion Markup Language (SAML). Cisco Prime Collaboration does not support multiserver SAN certificates and end user SAML SSO. Ensure that the following prerequisites are met before you enable SSO: • At least one LDAP Administrative user exists in the system—by manually creating an LDAP administrative user in Cisco Prime Collaboration Assurance. • An Identity Provider (IdP) server that enables you to use SSO to access many other applications from a single hosted application and a Service Provider. The Service Provider is a website that hosts the applications. Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 4 Manage Users Single Sign-On for Cisco Prime Collaboration Following are the supported third-party IdP servers: • Open Access Manager (OpenAM) • Ping Identity • Active Directory Federation Services (ADFS) • Oracle Identity Manager For the steps to setup an IdP server, see the SAML SSO Deployment Guide for Cisco Unified Communication Applications, Release 11.0(1). • Download the Identity Provider metadata file from the IdP server and save it in your local system. To enable Single Sign-On: Step 1 Step 2 Choose Administration > Single Sign-On. Click Enable SSO. A warning message is displayed stating, Enabling SSO redirects you to the IdP server for authentication from the next login. To access the application, you will need to be authenticated successfully. Enable SSO is disabled if the above mentioned prerequisites are not met. Click Continue. Follow the steps provided in the SSO wizard to enable Single Sign-On. a) Locate the IdP metadata file from your local system and click Import IdP Metadata. b) Click Download Trust Metadata file. c) Launch the IdP server and import the downloaded Trust Metadata file. Note This is a manual step for Enabling SSO. You need to create a Circle of Trust (CoT) in the IdP server and log out before you proceed with the SSO testing. d) To run SSO Test Setup, select a username from the Valid Administrative Usernames drop-down. Note Using any other username to log in to the IdP server might lock the administrator account. Note Step 3 Step 4 e) Click Run SSO Test to test the connectivity among the IdP server, Cisco Prime Collaboration Applications, and Single Sign-On. If you are prompted with an error message, Unable to do Single Sign-On or Federation: • Manually log in to the IdP server using the end user credentials and check if the authentication is successful. • Verify if the Trust Metadata file is successfully uploaded in the IdP server. • Verify if the Prime Collaboration server and the IdP server are part of the same Circle of Trust. f) Click Finish. Troubleshooting and Logs for SSO • When you are logged out of the Cisco Prime Collaboration server while enabling SSO, we recommend you to close the browser and re-launch the Cisco Prime Collaboration application. Because, though your session expires in Cisco Prime Collaboration server, the IdP server session might still be active. • While enabling SSO, ensure that the hostname for Cisco Prime Collaboration is set and is part of DNS. Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 5 Manage Users Default User Accounts When IdP server is down, you can: • Use the recovery URL- https:///ssosp/local/login. • Disable Single Sign-On from CMD Utility. To disable SSO from CMD utility in Cisco Prime Collaboration applications: • Navigate to the /opt/emms/emsam/bin directory for Cisco Prime Collaboration Assurance. Add and entries for cpcmconfigsso.sh file based on the following table: Operations can be .. Values can be .. 1-To get the Single Sign-On status Not applicable 2-To get the recovery URL status Not applicable 3-To set the Single Sign-On status False You cannot enable SSO through CLI. Use the user interface procedure to enable SSO. True or False Note 4-To set the recovery URL status • To disable SSO, run the following command: cpcmconfigsso.sh 3 false Note By default, the recovery URL is enabled. If you want to disable it for security reasons, set it as False. Default User Accounts Cisco Prime Collaboration is preconfigured with a default web client administrator user called globaladmin; globaladmin is a superuser who can access both the Prime Collaboration Provisioning and Cisco Prime Collaboration Assurance user interfaces. Specify a password for globaladmin when you configure your virtual appliance (for either stand-alone products or converged application. You need to use these credentials when you launch the Cisco Prime Collaboration web client for the first time. Prime Collaboration Provisioning server supports these CLI users: admin and root. Cisco Prime Collaboration Assurance server supports the CLI user: admin. You cannot create CLI users using the web client user interface. CLI users are created during OVA configuration. By default, the username is admin; the password is specified during OVA configuration and is used to log into the CLI to check the application status and perform backup and restore. Caution We recommend that you write down the root password as it cannot be retrieved. Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 6 Manage Users Default User Accounts Note • The users defined in the Cisco Prime Collaboration web client are different from the users defined on the Cisco Prime Collaboration server (CLI). • CLI users are not listed on the Cisco Prime Collaboration User Management page. • globaladmin and root follow same set of password validation rules, but the rules for admin are different. See the Cisco Prime Collaboration Assurance and Analytics Install and Upgrade Guide for password validation rules for these users. If you are logging in for the first time to the Cisco Prime Collaboration Assurance or Prime Collaboration Provisioning web client, log in as globaladmin. You, as a globaladmin, must create other administrators using real user-IDs as they can be tracked in Audit Trail and in the Cisco Prime Collaboration Provisioning order tracking system. Caution You must not create a user with the name: globaladmin, pmadmin and admin. When you integrate the Prime Collaboration Provisioning application with Prime Collaboration Assurance, you can import users with domain-specific and global Provisioning roles (who do not have Self-Care roles associated) to the Prime Collaboration Assurance application using the “Import” functionality in the Administration > User Management page. You must refresh the “User Management” page to see the list of imported users. Note You cannot import a Prime Collaboration Provisioning Self-Care user to the Prime Collaboration Assurance application. Choose Administration > System Setup > Assurance Setup > Log Management. Click the Download Log button. Download the tar file and untar it. Check the /opt/emms/emsam/log/importedprovisioninguser.log file, to find the users who were not imported into Cisco Prime Collaboration Assurance database due to several reasons such as duplicate user names (user names already used in Cisco Prime Collaboration Assurance), user names with no passwords and so on. However, when you integrate a freshly installed Prime Collaboration Provisioning application (that contains no user data) with the Prime Collaboration Assurance application, and you wish to create a common user for both Prime Collaboration Assurance and Prime Collaboration Provisioning, you must perform the following tasks as prerequisites: • Add Devices—To learn how to create devices, see Adding Devices to Provisioning in the Cisco Prime Collaboration Provisioning Guide. • Create Domains—To learn how to create domains, see Creating a Domain in the Cisco Prime Collaboration Provisioning Guide. The users thus created via Add User feature are associated with the web client only and cannot log in to the Prime Collaboration Assurance or Prime Collaboration Provisioning server through the CLI. The Cisco Prime Collaboration Assurance and Prime Collaboration Provisioning applications do not share inventory database. You must manage the devices separately to perform the Assurance and provisioning tasks. See Manage Device Credentials to perform device management tasks using the Cisco Prime Collaboration Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 7 Manage Users User Roles and Tasks Assurance application. See Cisco Prime Collaboration Provisioning Guide to perform device management and provisioning tasks using the Prime Collaboration Provisioning application. User Roles and Tasks User Roles and Tasks lists the Cisco Prime Collaboration Assurance and Provisioning user roles and tasks they are mapped to. Note Super administrator has access to all of the user interface menus and can perform all the tasks. Hence, the super administrator is not listed . User Roles and Tasks User Roles and Tasks lists the Prime Collaboration Assurance user roles and tasks they are mapped to. Note that Super administrator has access to all of the UI menus and can perform all tasks listed in the table below. Thus, the super administrator is not listed in the following table. Table 2: Prime Collaboration Assurance User Roles and Task Mapping Navigation Task System Network Operator Administrator Administrator Helpdesk Home View Video and Voice Collaboration Dashlets Yes Yes Yes Yes Customize Dashlets Yes Yes Yes Yes Launch Alarm Browser Yes Yes Yes Yes Launch Alarm Summary Yes Yes Yes Yes Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 8 Manage Users User Roles and Tasks Navigation Task System Network Operator Administrator Administrator Helpdesk Yes Yes Yes No Yes Yes Yes No Yes Yes Yes No From 360ø Session Yes View: Add to watch list Yes Yes No From 360ø Session Yes View: See alarms Yes Yes No From 360ø Session Yes View: Monitor Endpoint Yes Yes No From 360ø Session Yes View: Troubleshoot session or export troubleshoot data Yes Yes No From topology Yes view (endpoints): Add to watch list or remove from watch list Yes Yes No From topology view (endpoints): See alarms Yes Yes Yes No From topology view (endpoints): Monitor Endpoint Yes Yes Yes No From topology view (network connection): Troubleshoot network link Yes Yes Yes No Operate > Diagnose > Sessions Monitor Sessions Diagnostics Import Sessions Launch 360ø Session View Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 9 Manage Users User Roles and Tasks Navigation Task Helpdesk Operate > Diagnose > Endpoint Monitor endpoint Yes Diagnostics Launch quick view Yes Yes Yes Yes Yes Yes Yes From quick view: Yes Add to watch list or remove from watch list Yes Yes No From quick view: See alarms Yes Yes Yes Yes From quick view: Monitor Session Yes Yes Yes No View Diagnostics Summary Yes Yes Yes Yes Operate > Diagnose > IP-SLA Start a Diagnostics troubleshooting session Yes Yes Yes No Operate > Diagnose > Media Path Analysis Start Media Path Analysis Yes Yes Yes No Operate > Diagnose > Call Signaling Analyzer Export log files Yes Yes Yes No Import log files Yes Yes Yes No Delete log files Yes Yes Yes No Retrieve calls Yes Yes Yes No Create Call Ladder Yes Diagram Yes Yes No Create Transition diagram Yes Yes No Operate > Diagnose > Diagnostics Summary Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 10 System Network Operator Administrator Administrator Yes Manage Users User Roles and Tasks Navigation Task System Network Operator Administrator Administrator Helpdesk Operate > Log Collection Center Add a device Yes Yes Yes No Edit a device Yes Yes Yes No Rediscover a device Yes Yes Yes No Create a group. Yes Yes Yes No Edit a group Yes Yes Yes No Delete a group Yes Yes Yes No Add devices to a group Yes Yes Yes No Delete devices from group Yes Yes Yes No View devices in group Yes Yes Yes No Sync Device with Device Work Center Yes Yes Yes No Test connectivity Yes Yes Yes No Collect logs Yes Yes Yes No Delete job Yes Yes Yes No View Events Yes Yes Yes Yes Operate > Log Collection Center Operate > Log Collection Center Operate > Alarms & Events > Events Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 11 Manage Users User Roles and Tasks Navigation Task System Network Operator Administrator Administrator Operate > Device Work Center Manage credentials Yes Yes Yes Yes Discover devices Yes Yes Yes Yes Update Inventory Yes Yes Yes Yes Manage Clusters Yes Yes Yes Yes Import Inventory Yes Yes Yes Yes Export Inventory Yes Yes Yes Yes Discover jobs Yes Yes No No Edit Visibility (Edit No button) No No No Customize Events Yes Yes Yes Yes Suspend device management Yes Yes Yes Yes Resume device management Yes Yes Yes Yes Adding to Group Yes Yes Yes Yes Remove from Group No No No No Import devices Yes Yes No No Export devices and Yes credential list Yes No No Operate > UC Topology View View voice dashlets/summary Yes Yes Yes Yes Analyze > Yes Yes No No View Reports • Technology Adoption • Asset Usage • Service Experience • UC System Performance • Traffic Analysis Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 12 Helpdesk Manage Users User Roles and Tasks Navigation Task System Network Operator Administrator Administrator Helpdesk Reports > Generate reports Yes Yes Yes Yes (excluding Administrative Reports) Manage jobs Yes Yes No No Schedule jobs Yes Yes No No Cancel jobs Yes Yes No No View assurance domains Yes Yes Yes No Add assurance domain Yes Yes Yes No Edit assurance domain Yes Yes Yes No Delete assurance domain Yes Yes Yes No Yes Yes No No Yes Yes No No Edit customer Yes Yes No No Delete customer Yes Yes No No View users Yes Yes No No Add users Yes Yes No No Edit users Yes Yes No No Delete users Yes Yes No No Reset password Yes Yes No No Change password Yes Yes Yes Yes • Interactive Reports • Scheduled Reports • Administrative Reports Administration > Job Management Administration > Assurance Domain Management Administration > Customer View customer Management (available only in details MSP version) Add customer Administration > User Management Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 13 Manage Users User Roles and Tasks Navigation Task System Network Operator Administrator Administrator Helpdesk Administration > License Management View license details Yes Yes No No Add license Yes Yes No No Delete license No Yes No No Administration > System Setup Configure all Yes > Assurance Setup system parameters (General Settings, Cisco Prime 360 Integration, CDR Trunk Utilization settings, Call Quality Data Source Management, LDAP Settings, Log Management, SFTP Settings, IP Phone Inventory Collection Settings, IP Phone XML Inventory Collection Settings, Cluster Data Discovery Settings) Yes No No Administration > Alarm & Event Configuration > Event Customization Yes No No Customizing event Yes monitoring and severity. Also, defining the threshold value for automatic troubleshooting. The table below lists the Prime Collaboration Provisioning user roles and the tasks they are mapped to. The domain roles that perform a specific task has been mentioned. However, the Administration user role can perform all of the Prime Collaboration Provisioning tasks. Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 14 Manage Users User Roles and Tasks Table 3: Prime Collaboration Provisioning User Roles and Task Mapping Navigation Task Home > Provisioning > Unified Provisioning Manager Capacity View information on how Not Applicable much licenses that you have used from the available set. Home > Provisioning > Pending Order Status View pending orders Ordering, advanced Administration ordering, advanced assignment, policy, infraConfigManagement,assignment, approval, shipping, receiving Home > Provisioning > Device Sync Status View device sync status Ordering, advanced ordering, advanced assignment Administration Home > Provisioning > Deployment Details View deployment details Ordering, advanced ordering, advanced assignment Administration Home > Provisioning > Locked Users View locked users- users locked after a specified number of failed login attempts Not Applicable Administration Home > Provisioning > Logged In Users View users who are logged in to the application Not Applicable Administration Design > Infrastructure Setup Set up devices, Call Not Applicable Processors, Unified Message Processors, Unified Presence Processors, AAA servers Administration Design > User Provisioning Setup Create Domains, Service Areas, Provisioning Template, Quick Site Builder Not Applicable Administration Create Subscriber Roles Policy Administration Add Subscriber, Search Subscriber Ordering, advanced Ordering, advanced Assignment Administration Deploy > User Provisioning Domain Roles Global Roles Administration Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 15 Manage Users Add, Edit, and Delete a User Navigation Task Domain Roles Global Roles Deploy > Activities Manage activities for a group and user. Not Applicable Administration Search order Ordering, advanced Ordering, advanced Assignment Administration Deploy > Infrastructure Configuration Configuring Infrastructure infraConfigManagement Administration Deploy > Batch Provisioning Perform batch provisioning Not Applicable Administration Deploy > Provisioning Inventory Manage Phones Administration Manage directory number, Not Applicable browse and search inventory Administration Report > Interactive Reports > Provisioning Reports View Provisioning reports Not Applicable Administration Administration > Configure Phone Button System Templates Configuration Configure Provisioning Rules, Attributes, and data maintenance Policy Administration Not Applicable Administration Administration > Configure e-mail settings Provisioning Notification Management Not Applicable Administration Policy Add, Edit, and Delete a User You can add a user and assign predefined static roles. The user has access to the Cisco Prime Collaboration web client only and cannot log in to the Cisco Prime Collaboration Assurance or Prime Collaboration Provisioning server through the CLI. Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 16 Manage Users Modify User Roles To add a user: Step 1 Step 2 Choose Administration > User Management. In the User Management page, click Add. Step 3 In the Add User page, enter the required user details. Note that because the LDAP server performs authentication, it should have the same user ID as Cisco Prime Collaboration. For more information, see Configure an LDAP Server. If you select the LDAP User option, the Password and Confirm Password fields are not displayed. Step 4 Step 5 Step 6 Step 7 If you have deployed the Managed Service Provider (MSP) version of Cisco Prime Collaboration, select a customer from the Customer drop-down list. If you have deployed the Enterprise version of Cisco Prime Collaboration, you can select an Assurance Domain from the Assurance Domain drop-down list, however it is not mandatory. Select the appropriate Cisco Prime Collaboration Assurance roles. (If the Prime Collaboration Provisioning application is not integrated with the Prime Collaboration Assurance application, the Provisioning Domain and Provisioning Roles fields are not displayed when you perform the Add operation.) If you wish to have only a Provisioning user, or a common user for Prime Collaboration Assurance and Prime Collaboration Provisioning, perform the following steps: a) Select the appropriate roles in the Provisioning Roles check box. b) Click Add Row under Domain Specific to create domain specific Provisioning Roles. You will see role settings option for General, Ordering and Activity roles. For information on authorization roles, see Table 1 Authorization Roles. c) Enter required details and click Done. Click Save. To edit user details, select a user at Administration > User Management and make the necessary changes. As part of your regular system administration tasks, you sometimes must delete users from the Cisco Prime Collaboration database. However, you cannot delete the Cisco Prime Collaboration web client default administrator globaladmin. To delete a user, select the user from Administration > User Management and click Delete. Any jobs that are scheduled in the deleted user name continue to run until canceled. Modify User Roles When the contact information, role, or account status of a user changes, the administrator must edit the corresponding details in the system. To edit user details, select a user at Administration > User Management and make the necessary changes. As part of your regular system administration tasks, you sometimes must delete users from the Cisco Prime Collaboration database. However, you cannot delete the Cisco Prime Collaboration web client default administrator- globaladmin. To delete a user, select the user from Administration > User Management and click Delete. Any jobs that are scheduled in the deleted user name continue to run until they are cancelled. Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 17 Manage Users Configure an LDAP Server Configure an LDAP Server You can configure Cisco Prime Collaboration to connect to a Lightweight Directory Access Protocol (LDAP) server, to access user information stored in the LDAP server. In converged mode, the LDAP server specified in Cisco Prime Collaboration Assurance is used for authentication only; authorization and role-based access control (RBAC) functions are performed by Cisco Prime Collaboration. Cisco Prime Collaboration supports one primary LDAP server and one backup LDAP server. Note If you have deployed Cisco Prime Collaboration in MSP mode, the LDAP server configured must be a provider LDAP. This provider LDAP server has all the resellers, customers, and admin users. You can configure only one LDAP server. Multiple LDAP server configuration is not supported. To configure an LDAP server: Step 1 Step 2 Step 3 Step 4 Choose Administration > System Setup > Assurance Setup > LDAP Settings. In the LDAP Settings page, enter values for all the fields. See LDAP Configuration Parameters for the field descriptions. Note If Cisco Prime Collaboration must use SSL encryption, check the Use SSL check box and specify port 636. Click Test Connection to check the connectivity to the LDAP server. Upon successful connection, click Apply Settings and restart Cisco Prime Collaboration Assurance server to log in using LDAP. To restart Cisco Prime Collaboration Assurance Server, log in as admin user and execute the following commands: application stop cpcm application start cpcm The application stop cpcm command takes 10 minutes to complete execution and application start cpcm takes 10 to 15 minutes to complete execution. LDAP Configuration Parameters Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 18 Manage Users LDAP Configuration Parameters Table 4: LDAP Server Configuration Field Description Server IP address Enter the LDAP server name or IP address. Optionally enter the Backup LDAP server IP address. Server Port Enter the Port number on which the LDAP requests for the server is received. Non-secure port: 389 Secure SSL port: 636 Optionally enter the Backup LDAP server Port number. Note If the LDAP server is configured to use a non-standard port, that port should be entered here as well. Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 19 Manage Users Reset Cisco Prime Collaboration Assurance Passwords Field Description Admin Distinguished Name Admin Distinguished Name is the distinguished name to use. For example in the preceding image there is a user whose name is John Doe in the LDAP directory, so the Admin Distinguished Name will be as follows: • CN = John Doe • OU = Campus • OU = AdminBLR • OU = ABC • DC = eta • DC = com Admin Password Enter the password for the LDAP server authentication and reconfirm the password. Note LDAP User Search Base Do not use the pound sign (#) in the password, because the connectivity to the LDAP server fails if the LDAP user password contains the pound sign (#). Enter the user search base. LDAP server searches for users under this base. Search Base is as follows: • DC = eta • DC = com Note LDAP authentication fails if you enter special characters in the search base. Reset Cisco Prime Collaboration Assurance Passwords As a super administrator, system administrator or network operator, you can reset the password for other Cisco Prime Collaboration users. Prerequisite - Root access feature is mandatory to perform this task, hence you should raise a TAC case to obtain root access. You can reset the Cisco Prime Collaboration Assurance web client globaladmin password using the following procedure. Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 20 Manage Users Resetting Prime Collaboration Provisioning Passwords To reset the Cisco Prime Collaboration Assurance globaladmin password: Step 1 Step 2 Log in as a root user. Execute the following: #cd /opt/emms/emsam/bin/ # ./resetGlobalAdminPassword.sh Step 3 Enter a new password for the globaladmin when prompted, and also confirm the new password, when prompted. A message notifies that the globaladmin passwords has been successfully reset. Resetting Prime Collaboration Provisioning Passwords To reset the Prime Collaboration Provisioning globaladmin password: Step 1 Step 2 Log in as a root user. Execute the following commands: #cd /opt/cupm/sep/ipt/bin: #./ResetGlobalAdminPassword.sh 'new password' Enter a new password for the globaladmin and specify the server type. The server type can be one of the following: ALL—for a single machine install Database—for database server Application—for application server Note In case of a distributed system where database and application are in different servers, you must execute this procedure in both the servers. Change Passwords To change your own password, go to Administration > User Management, click Reset Password, and make necessary changes. Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 21 Manage Users Change Passwords Cisco Prime Collaboration Assurance Guide - Advanced, 10.6 22

Manage Users

Rating

Date

Size

Views

Categories

Share

Transcript

Forgot your password?.