[Index]

Model: data/User

Add admin user

Full HTML Help

Tip

Use the Action search to navigate Automate

Overview

Note that enabling the system setting Additional Role Access Profile Validation will restrict Authorized Admin Hierarchy roles to those with linked access profiles that are in the subset of the administrator's own access profile.

If the role is set to an administrator role and an Authorized Admin Hierarchy instance is also specified for the user, the role on Authorized Admin Hierarchy takes precedence. This is NOT a recommended configuration.

Related Topics

Additional Role Access Profile Validation in Settings topic in the Advanced Configuration Guide.

Manually add an admin user

Tip

Use the Action search to navigate Automate

This procedure manually adds an admin user in Automate.

  1. Log in at the hierarchy node where you want to create the admin user.

  2. Go to the Users page.

  3. Click Add.

  4. Fill out details for the admin user on tabs or panels of the Users Page.

    Note

    You'll need to fill out at least the mandatory field values. Note that the read-only User Type field can have the following values:

    • "Admin" - this value is defined by the admin role
    • "End User + Admin" - this value is defined by a data/AuthorizedAdminHierarchy instance associated to the user as well as a self-service role

  5. Click Save to add the new admin user.

    You can view transaction progress and details in the Transaction Logs (when adding, updating, or deleting a user).

Important

Users are typically added or updated on Automate from the sync source, such as LDAP, Cisco UCM, or CUC. See User Sync Source for more details.

Sync source precedence may override user input. When updating a user on Automate and the following conditions exist, field values are updated from the sync source and not from data input to Automate (in this case, the fields are read-only in the Admin Portal):

Related Topics

Transaction Logging and Audit in the Core Feature Guide

User settings

On the Users page you can view, add, or update a user.

You can select the following tabs/panels on this page:

Note

Click the toolbar Switch to Tab/Panel layout option to toggle between a panel or tab layout.

User Details

Fields Description
User Name* Sign-in username. This field is mandatory.
Local Password The local, Automate password. The password specified when the user is manually added or provisioned in Automate.
Role*

Choose the user's role. This field is mandatory.

The list of created roles to choose from include those with the current hierarchy in the Hierarchies Allowed list. [1]
Entitlement Profile Choose the entitlement profile that specifies which devices and services the user is entitled to.
Language

Choose the user's language.

Note:

If no language is selected, the language is inherited from the nearest hierarchy node (at or above the user) that has a default language configured. If no default language is configured anywhere in the hierarchy at or above the user, the user's language is English.

Note:

If a language is manually set for a user, that language remains unchanged even if the user is moved to a new place in the hierarchy. However, if the language is inherited, then the user's language changes when the user is moved to a hierarchy node that has a different default language.
Exclude from Directory If this check box is selected, the user will not appear in the corporate directory accessed via Automate Phone Services - [2]
Sync Source Identifies the application from which the user (and user data) was synced, i.e. LOCAL (Automate), UCM or MS-LDAP. This field is read only.
User Type Read-only. Determined by the role interface. ("Admin", "End User" or "End User + Admin") - [3]
Auth Method

Identifies the authentication method for the user - [4]

This section is applicable to End Users only.

  • Local - Automate User
  • Automatic - If LDAP or SSO set at hierarchy or above, use this
  • LDAP - [5]
  • SSO - [6]
LDAP Server and Username Only editable when Auth Method is LDAP
LDAP Username Only editable when Auth Method is LDAP
SSO Identity Provider Only editable when Auth Method is SSO
SSO Username Only editable when Auth Method is SSO. Defaults to Automate username.
Authorized Admin Hierarchy Selected for users with multiple user roles to enable administrative capabilities for end users or for administrators who have permissions to a restricted set of hierarchies. [7]
[1]See Role Management
[2]See Phone Services Feature Setup
[3]See Authorized Admin Hierarchies and Roles under Introduction to role-based access
[4]See User Authentication Methods
[5]See View and Update LDAP Authentication Users
[6]See Single Sign On (SSO) Overview
[7]See Authorized Admin Hierarchies and Roles

Account Information

This tab/panel allows the administrator to manage user account information, including:

Contact Information

This tab/panel is relevant only to end users.

Defines contact information for the user, such as employee number, employee type, country, state, state, street, department, manager, Fax number, directory URL, Jabber ID, telephone number, mobile, and IP phone.

Hybrid Status

This tab/panel is relevant only to end users and is available if the Global Setting Enable Cisco / Microsoft Hybrid is enabled on the Enabled Services - see Global Settings.

For details on the Hybrid Status tab and managing hybrid users, see: Cisco-Microsoft Hybrid Users.

Provisioning Status

Provides a read-only view of the user's provisioning status, including multi-vendor provisioning if applicable.

Assigned Lines

This tab/panel is relevant only for hybrid multi vendor scenarios. The fields are blank by default.

The fields on this tab are used to capture line details for users set up with an integrated service between two vendors (for example, Cisco and Microsoft).

Provisioning Status

This tab/panel is relevant only to end users.

Provides a view showing the composition of the user, this typically includes:

Select the Provisioned checkbox to view additional UCM's if applicable.

If the user is added to an LDAP server (see the LDAP section below), then the provisioning status will also show the server here next to the LDAP label.

Services

This tab/panel is relevant only to end users, and provides direct links to the user's services, typically only their available and enabled services, which may include Cisco UCM user, CUC user voicemail, Webex App user, Pexip, UCCX Agent, MS 365, MS Teams, or MS Exchange. Clicking on the link for the service opens the settings for that service. For example, clicking the link for MS Exchange user opens the user's User Mailboxes settings page.

Note

You can choose to show or hide disabled services via the Enabled Services tab in the Global Settings.

Custom

This tab/panel is relevant only to end users. User defined customized strings and booleans.

LDAP

If a secure Microsoft Active Directory LDAP server (port 636) is configured higher in the user hierarchy and the server has Enable Write Operations checked, user details can be managed on the server if it is selected from the LDAP Server drop down list. Only secure LDAP servers are listed. If no suitable servers have been set up, then the tab will not display any fields.

If no such Microsoft Active Directory LDAP server is configured and enabled, the tab will show a message to indicate this.

For setup server details, see: Set up an LDAP Server. If the Microsoft Active Directory LDAP server is configured and the user already exists on this server, the tab will show a message to indicate this.

The Description field will display in the Microsoft Active Directory Users and Computers interface.

The User Account Control dropdown supports the following UserAccountControl values (associated with codes):

Important

When the LDAP user is added, the User Details tab/panel will show the Sync Source and Sync Type of the user as LDAP.

For details on updating and deleting the user on the LDAP server, see: Update a User.

Note

The User model for user details that correspond with Cisco Unified Communications Manager and Cisco Unity Connection server.

Model Details: data/User

Title Description Details
User Details Group Assigned by FDP
  • Field Name: User Details
  • Type: Object
User Name * User's Username.
  • Field Name: User Details.username
  • Type: String
First Name The User first name.
  • Field Name: User Details.first_name
  • Type: String
Last Name The User last name.
  • Field Name: User Details.last_name
  • Type: String
Display Name Display name of the user
  • Field Name: User Details.display_name
  • Type: String
Title Title.
  • Field Name: User Details.title
  • Type: String
Email Address The User email address.
  • Field Name: User Details.email
  • Type: String
Primary Line
  • Field Name: User Details.mvs_primary_line
  • Type: String
Local Password The User password.
  • Field Name: User Details.password
  • Type: String
  • Is Password: True
  • Store Encrypted: True
  • Pattern: .{8,}
Role * The role to which the user belongs. See: Role.
  • Field Name: User Details.role
  • Type: String
  • Target: data/Role
  • Target attr: name
  • Format: uri
Entitlement Profile
  • Field Name: User Details.entitlement_profile
  • Type: String
  • Target: data/HcsEntitlementProfileDAT
  • MaxLength: 1024
  • Format: uri
Language The preferred language for this user. Default: en-us
  • Field Name: User Details.language
  • Type: String
  • Target: data/Language
  • Target attr: lcid
  • Default: en-us
  • Format: uri
Set by Default Language Indicate if the user's language is set by language default in the hierarchy.
  • Field Name: User Details.set_language
  • Type: Boolean
Exclude from Directory Exclude from Directory flag to control the Phone Services directory lookup. If set to true the User's phone number will not appear in the directory lookup.
  • Field Name: User Details.exclude_from_directory
  • Type: Boolean
Auth Method The type of authentication that our user would be using. Typically this would be choices between a Standard VOSS 4 UC user, an LDAP user or an SSO user. Default: Local
  • Field Name: User Details.auth_method
  • Type: String
  • Default: Local
  • Choices: ["Local", "Automatic", "LDAP", "SSO"]
LDAP Server A reference to the LDAP server which this user must authenticate against.
  • Field Name: User Details.ldap_server
  • Type: String
  • Target: data/Ldap
  • Format: uri
LDAP Username The login attribute of the associated LDAP device model instance
  • Field Name: User Details.ldap_username
  • Type: String
SSO Identity Provider The entity id of the SSO Identity Provider.
  • Field Name: User Details.sso_idp
  • Type: String
  • Target: data/SsoIdentityProvider
  • Target attr: entity_id
  • Format: uri
SSO Username The name identifier that is used for an SSO authenticated user.
  • Field Name: User Details.sso_username
  • Type: String
Sync Source Sync source of the user. Identifies where the user was synced from. This value will determine the master of the data. The data in the User model will be derived from the fields of the master application (E.G. CUCM, CUC, MS-LDAP). Default: LOCAL
  • Field Name: User Details.sync_source
  • Type: String
  • Target: data/UserSyncSource
  • Target attr: name
  • Default: LOCAL
  • Format: uri
Sync Type Sync type of the user. Identifies the user type that was synced from device as indicated by Sync Source information, e.g. CUCM-Local, CUCM-LDAP, LOCAL. Default: LOCAL
  • Field Name: User Details.sync_type
  • Type: String
  • Default: LOCAL
User Type Indicate the user's login type. Default: Admin
  • Field Name: User Details.user_type
  • Type: String
  • Default: Admin
  • Choices: ["Admin", "End User", "End User + Admin"]
Hybrid Status
  • Field Name: User Details.mvs_hybrid_status
  • Type: String
Authorized Admin Hierarchy A reference an Authorized Admin Hierarchy instance that defines this user's administrative capabilities. This enables administrative capabilities for end users.
  • Field Name: User Details.authorized_admin_hierarchy
  • Type: String
  • Target: data/AuthorizedAdminHierarchy
  • Target attr: name
  • Format: uri
Account Information Group Assigned by FDP
  • Field Name: Account Information
  • Type: Object
Account Information Additional account information for the given user.
  • Field Name: account_information
  • Type: Object
Change Password on Next Login Indicates if the user must be forced to change their password the next time that login.
  • Field Name: Account Information.account_information.change_password_on_login
  • Type: Boolean
Credential Policy Specifies the policy with the rules used to govern this user's credentials.
  • Field Name: Account Information.account_information.credential_policy
  • Type: String
  • Target: data/CredentialPolicy
  • Target attr: name
  • Format: uri
Disabled Indicates if the account has been disabled to prevent the user from logging in until an administrator enables the account again.
  • Field Name: Account Information.account_information.disabled
  • Type: Boolean
Reason for Disabled A description of why the account is disabled.
  • Field Name: Account Information.account_information.reason_for_disabled
  • Type: String
Time Locked Due to Failed Login Attempts The time when the user account was locked as result of the number of failed login attempts exceeding the permitted thresholds.
  • Field Name: Account Information.account_information.failed_login_lock_date
  • Type: String
  • Format: date-time
Time of Last Successful Login The time the user last logged in successfully.
  • Field Name: Account Information.account_information.last_login_time
  • Type: String
  • Format: date-time
Locked Indicates if the account has been locked to prevent the user from logging in.
  • Field Name: Account Information.account_information.locked
  • Type: Boolean
Number of Failed Login Attempts Since Last Successful Login The total number of failed login attempts since last successful login. Default: 0
  • Field Name: Account Information.account_information.num_of_failed_login_attempts
  • Type: Integer
  • Default: 0
Time of Last Password Change The time when the password was last changed.
  • Field Name: Account Information.account_information.password_last_change_time
  • Type: String
  • Format: date-time
Time of Last Password Change By User The time when the password was last changed by the user.
  • Field Name: Account Information.account_information.password_last_change_time_by_user
  • Type: String
  • Format: date-time
License Audit Details License Audit Information.
  • Field Name: license_audit_details
  • Type: Object
License Audit Status The License Audit status of the user. Default: Unknown
  • Field Name: Account Information.license_audit_details.status
  • Type: String
  • Default: Unknown
  • Choices: ["Licensed", "Unlicensed", "Unknown"]
Last Checked The last time the License Audit Details were updated.
  • Field Name: Account Information.license_audit_details.last_checked
  • Type: String
  • Format: date-time
Contact Information Group Assigned by FDP
  • Field Name: Contact Information
  • Type: Object
Employee Number Employee number of the user
  • Field Name: Contact Information.employee_number
  • Type: String
Employee Type Employee type
  • Field Name: Contact Information.employee_type
  • Type: String
Country Country name.
  • Field Name: Contact Information.country
  • Type: String
State Contains full names of state or province.
  • Field Name: Contact Information.state
  • Type: String
City Contains the name of a person's locality.
  • Field Name: Contact Information.city
  • Type: String
Building Name Building name or number.
  • Field Name: Contact Information.building_name
  • Type: String
Street Contains site information from a postal address.
  • Field Name: Contact Information.street
  • Type: String
Postal Code Contains code used by a Postal Service to identify postal service zones.
  • Field Name: Contact Information.postal_code
  • Type: String
Department Department names and numbers.
  • Field Name: Contact Information.department
  • Type: String
Manager Manager.
  • Field Name: Contact Information.manager
  • Type: String
Directory URI Alphanumeric Directory URI (e.g. SIP URI)
  • Field Name: Contact Information.directory_uri
  • Type: String
Jabber ID Jabber ID
  • Field Name: Contact Information.jabber_id
  • Type: String
Physical Delivery Office Name Physical Delivery Office Name.
  • Field Name: Contact Information.physical_delivery_office_name
  • Type: String
Unverified Mail Box Unverified Mail Box.
  • Field Name: Contact Information.unverified_mailbox
  • Type: String
Home Phone Contains strings that represent the user's home phone number(s).
  • Field Name: home_phone.[n]
  • Type: Array
Telephone Number Telephone Number.
  • Field Name: telephone_number.[n]
  • Type: Array
Facsimile Telephone Number Contains strings that represent the user's facsimile telephone Number(s).
  • Field Name: facsimile_telephone_number.[n]
  • Type: Array
Mobile Contains strings that represent the user's IP mobile number(s).
  • Field Name: mobile.[n]
  • Type: Array
IP Phone Contains strings that represent the user's IP phone number(s).
  • Field Name: ip_phone.[n]
  • Type: Array
Other Mailbox
  • Field Name: other_mailbox.[n]
  • Type: Array
Organizational Unit The name of the person's organization unit.
  • Field Name: ou.[n]
  • Type: Array
Member Of The user can be a member of a variety of groups.
  • Field Name: member_of.[n]
  • Type: Array
Object Class
  • Field Name: object_class.[n]
  • Type: Array
Assigned Lines Group Assigned by FDP
  • Field Name: Assigned Lines
  • Type: Object
Extensions Extensions to select primary details from.
  • Field Name: mvs_extensions.[n]
  • Type: Array
Line
  • Field Name: Assigned Lines.mvs_extensions.[n].line
  • Type: String
Line E164
  • Field Name: Assigned Lines.mvs_extensions.[n].line_e164
  • Type: String
Class of Service
  • Field Name: Assigned Lines.mvs_extensions.[n].line_cos
  • Type: String
Custom Group Assigned by FDP
  • Field Name: Custom
  • Type: Object
Custom String 1 Custom String
  • Field Name: Custom.customString1
  • Type: String
Custom String 2 Custom String
  • Field Name: Custom.customString2
  • Type: String
Custom String 3 Custom String
  • Field Name: Custom.customString3
  • Type: String
Custom String 4 Custom String
  • Field Name: Custom.customString4
  • Type: String
Custom String 5 Custom String
  • Field Name: Custom.customString5
  • Type: String
Custom String 6 Custom String
  • Field Name: Custom.customString6
  • Type: String
Custom String 7 Custom String
  • Field Name: Custom.customString7
  • Type: String
Custom String 8 Custom String
  • Field Name: Custom.customString8
  • Type: String
Custom String 9 Custom String
  • Field Name: Custom.customString9
  • Type: String
Custom String 10 Custom String
  • Field Name: Custom.customString10
  • Type: String
Custom List of Strings 1 Custom List of Strings
  • Field Name: customListOfStrings1.[n]
  • Type: Array
Custom List of Strings 2 Custom List of Strings
  • Field Name: customListOfStrings2.[n]
  • Type: Array
Custom List of Strings 3 Custom List of Strings
  • Field Name: customListOfStrings3.[n]
  • Type: Array
Custom List of Strings 4 Custom List of Strings
  • Field Name: customListOfStrings4.[n]
  • Type: Array
Custom List of Strings 5 Custom List of Strings
  • Field Name: customListOfStrings5.[n]
  • Type: Array
Custom List of Strings 6 Custom List of Strings
  • Field Name: customListOfStrings6.[n]
  • Type: Array
Custom List of Strings 7 Custom List of Strings
  • Field Name: customListOfStrings7.[n]
  • Type: Array
Custom List of Strings 8 Custom List of Strings
  • Field Name: customListOfStrings8.[n]
  • Type: Array
Custom List of Strings 9 Custom List of Strings
  • Field Name: customListOfStrings9.[n]
  • Type: Array
Custom List of Strings 10 Custom List of Strings
  • Field Name: customListOfStrings10.[n]
  • Type: Array
Custom Boolean 1 Custom Boolean
  • Field Name: Custom.customBoolean1
  • Type: Boolean
Custom Boolean 2 Custom Boolean
  • Field Name: Custom.customBoolean2
  • Type: Boolean
Custom Boolean 3 Custom Boolean
  • Field Name: Custom.customBoolean3
  • Type: Boolean
Custom Boolean 4 Custom Boolean
  • Field Name: Custom.customBoolean4
  • Type: Boolean
Custom Boolean 5 Custom Boolean
  • Field Name: Custom.customBoolean5
  • Type: Boolean
Custom Boolean 6 Custom Boolean
  • Field Name: Custom.customBoolean6
  • Type: Boolean
Custom Boolean 7 Custom Boolean
  • Field Name: Custom.customBoolean7
  • Type: Boolean
Custom Boolean 8 Custom Boolean
  • Field Name: Custom.customBoolean8
  • Type: Boolean
Custom Boolean 9 Custom Boolean
  • Field Name: Custom.customBoolean9
  • Type: Boolean
Custom Boolean 10 Custom Boolean
  • Field Name: Custom.customBoolean10
  • Type: Boolean