Add Admin Users#
Overview#
If you’re adding a multi-role admin user, the user must first reside at site level and then be assigned a self-service Role by a system administrator, and a selected Authorized Admin Hierarchy instance that has an administrator role.
If needed, this step should also be carried out manually in the case of synced in users or users moved to a site.
Note that enabling the system setting Additional Role Access Profile Validation will restrict Authorized Admin Hierarchy roles to those with linked access profiles that are in the subset of the administrator’s own access profile.
If the role is set to an administrator role and an Authorized Admin Hierarchy instance is also specified for the user, the role on Authorized Admin Hierarchy takes precedence. This is NOT a recommended configuration.
Related Topics
Manually Add an Admin User#
This procedure manually adds an admin user in Automate.
Log in at the hierarchy node where you want to create the admin user.
Go to (default menu) User Management > Users to open the Users page.
Click Add.
Fill out details for the admin user on tabs or panels of the Users Page.
Note
You’ll need to fill out at least the mandatory field values. Note that the read-only User Type field can have the following values:
“Admin” - this value is defined by the admin role
“End User + Admin” - this value is defined by a
data/AuthorizedAdminHierarchy
instance associated to the user as well as a self-service role
Click Save to add the new admin user.
You can view transaction progress and details in the Transaction Logs (when adding, updating, or deleting a user).
Important
Users are typically added or updated on Automate from the sync source, such as LDAP, CUCM, or CUC. See User Sync Source for more details.
Sync source precedence may override user input. When updating a user on Automate and the following conditions exist, field values are updated from the sync source and not from data input to Automate (in this case, the fields are read-only in the Admin Portal):
Exists on a sync source
Has mapped fields
Has a higher precedence than LOCAL (Automate) data
Related Topics
Users Page#
This page allows you to view, add, and update a user.
You can select the following tabs on this page:
User Details
Account Information
Contact Information
Hybrid Status
Provisioning Status
Services
Custom
LDAP
User Details#
Fields |
Description |
---|---|
User Name* |
Sign-in username. This field is mandatory. |
Role* |
Choose the user’s role. This field is mandatory. The list of created roles to choose from include those with the current hierarchy in the Hierarchies Allowed list. [1] |
Entitlement Profile |
Choose the entitlement profile that specifies which devices and services the user is entitled to. |
Language |
Choose the user’s language. Note: If no language is selected, the language is inherited from the nearest hierarchy node (at or above the user) that has a default language configured. If no default language is configured anywhere in the hierarchy at or above the user, the user’s language is English. Note: If a language is manually set for a user, that language remains unchanged even if the user is moved to a new place in the hierarchy. However, if the language is inherited, then the user’s language changes when the user is moved to a hierarchy node that has a different default language. |
Exclude from Directory |
If this check box is selected, the user will not appear in the corporate directory accessed via Automate Phone Services - [2] |
Sync Source |
Identifies the application from which the user (and user data) was synced, i.e. LOCAL (Automate), CUCM or MS-LDAP. This field is read only. |
User Type |
Read-only. Determined by the role interface. (“Admin”, “End User” or “End User + Admin”) - [3] |
Auth Method |
Identifies the authentication method for the user - [4] This section is applicable to End Users only. |
LDAP Server and Username |
Only editable when Auth Method is LDAP |
LDAP Username |
Only editable when Auth Method is LDAP |
SSO Identity Provider |
Only editable when Auth Method is SSO |
SSO Username |
Only editable when Auth Method is SSO. Defaults to Automate username. |
Authorized Admin Hierarchy |
Selected for users with multiple user roles to enable administrative capabilities for end users. [7] |
Account Information#
This tab/panel allows the administrator to manage user account information, including:
Change Password on next Login
Credential Policy
Disabled (Y/N)
Reason for Disable
Time Locked Due to Failed Login Attempts
Time of Last Successful Login
Locked (Y/N)
Number of failed login attempts since last successful login
Time of last password change
Time of last password change by user
Contact Information#
This tab/panel is relevant only to end users.
Defines contact information for the user, such as employee number, employee type, country, state, state, street, department, manager, Fax number, directory URL, Jabber ID, telephone number, mobile, and IP phone.
Hybrid Status#
This tab/panel is relevant only to end users and is available if the Global Setting Enable Cisco / Microsoft Hybrid is enabled on the Enabled Services - see Global Settings.
For details on the Hybrid Status tab and managing hybrid users, see: Hybrid Cisco-Microsoft Management.
Provisioning Status#
Provides a read-only view of the user’s provisioning status, including multi-vendor provisioning if applicable.
Assigned Lines#
This tab/panel is relevant only for hybrid multi vendor scenarios. The fields are blank by default.
The fields on this tab are used to capture line details for users set up with an integrated service between two vendors (for example, Cisco and Microsoft).
Provisioning Status#
This tab/panel is relevant only to end users.
Provides a view showing the composition of the user, this typically includes:
CUCM
CUC
Automate user hierarchy
CUCM user hierarchy
CUC user hierarchy
CUCM 1 to N
Select the Provisioned check box to view additional CUCM’s if applicable.
If the user is added to an LDAP server (see the LDAP section below), then the provisioning status will also show the server here next to the LDAP label.
Services#
This tab/panel is relevant only to end users, and provides direct links to the associated user apps, including: CUCM User, CUC User Voicemails, Webex App user, Pexip, UCCX Agent, MS 365 user, MS Teams user, and MS Exchange user. For example, clicking on the link for MS Exchange user opens the user’s User Mailboxes settings page.
Custom#
This tab/panel is relevant only to end users. User defined customized strings and booleans.
LDAP#
If a secure Microsoft Active Directory LDAP server (port 636
) is
configured higher in the user hierarchy and the server has
Enable Write Operations checked, user details can be managed on
the server if it is selected from the LDAP Server drop down list.
Only secure LDAP servers are listed. If no suitable servers have been
set up, then the tab will not display any fields.
If no such Microsoft Active Directory LDAP server is configured and enabled, the tab will show a message to indicate this.
For setup server details, see: LDAP Server. If the Microsoft Active Directory LDAP server is configured and the user already exists on this server, the tab will show a message to indicate this.
The Description field will display in the Microsoft Active Directory Users and Computers interface.
The User Account Control dropdown supports the following UserAccountControl values (associated with codes):
Normal Account (512)
Disabled Account (514)
Enabled, Password Not Required (544)
Disabled, Password Not Required (546)
Enabled, Password Doesn’t Expire (6648)
Disabled, Password Doesn’t Expire (66050)
Enabled, Password Doesn’t Expire & Not Required” (66080)
Disabled, Password Doesn’t Expire & Not Required” (66082)
Important
User management on the LDAP server from this tab/panel is not supported if the LDAP server is not secure, in other words if indicated with port
389
.When adding a user to the LDAP server for the first time:
A Password is required.
The Action > Push To Ldap menu must be used to add the user. The Save menu can then be used upon subsequent user updates on the LDAP server. (If the Save button is used the first time, other user details will be saved, but no LDAP user is added.)
When the LDAP user is added, the User Details tab/panel will show the
Sync Source and Sync Type of the user as LDAP
.
For details on updating and deleting the user on the LDAP server, see: Update a User.
Note
If SSO is enabled for the hierarchy node where the user is added, the corresponding SSO user is created.
IdPs are not configured at the site hierarchy node. Therefore, you can enable SSO for a user created at the site level only by performing these steps. Open the SSO User form (default menu Single Sign On > SSO User), click Add, and choose the IdP that can authenticate the user.