.. _end_user_access_and_authentication:

End User Access and Authentication
----------------------------------

A user can log into the Self-Service GUI if a System User entry exists for the
user. A System User entry is created automatically when a user is added as a
subscriber. Refer to the topics under "Subscriber Management".

You can grant a user access to Self-Service by creating a user, with a
**Self-Service** role, directly in the System user interface. Such a user is not
able to view devices or any services associated with the devices, nor can a
manually added user view personal information such as first name, last name,
address, department, and so on. Refer to :ref:`create_a_user`.

Self-Service authentication is controlled by the administration interface using
the same three authentication methods: Standard, LDAP, and SSO.

Consolidated password and PIN management for end users is available as follows,
based on the self-service authentication method configured for the end user:

* Standard |VOSS Automate| authentication: end users can change their password and
  PIN from the Self Service interface.
* LDAP and SSO authentication: end users cannot change their password and PIN
  from the Self Service interface. 
  
To ensure the best user experience, it is recommended that all applications
(Self-Service and the Unified Communications applications) use the same
authentication method.



.. |VOSS Automate| replace:: VOSS Automate
.. |Unified CM| replace:: Unified CM