Authentication and passwords in user syncs

Authentication and passwords in user syncs#

Users synced from LDAP to Automate (no sso)#

LDAP authentication is enabled by default in Automate on users that are synced top-down from LDAP into Automate.

When LDAP users are pushed to Cisco Unified Communications Manager (CUCM) and Cisco Unity Connection (CUC), authentication is either LDAP or local, depending on how the applications are configured. If LDAP authentication is not configured in CUCM or CUC, the user is considered to be a local user in UC applications.

Users synced from LDAP to Automate (sso-enabled)#

For users synced from LDAP to Automate with SSO enabled, passwords are created and enforced at the Identity Provider (IdP).

Users synced from LDAP to CUCM#

For users synced from LDAP to Cisco Unified Communications Manager (CUCM), passwords are not synced like other user details retrieved from LDAP.

When LDAP authentication is enabled, the password in the LDAP server is used unless the password was changed locally in CUCM, forcing the CUCM password to be used.

When LDAP authentication is disabled, the default password is whatever was configured in CUCM as the default. If no default password is defined, then configure a password manually.

Users synced from CUCM to Automate#

When users are synced from Cisco Unified Communications Manager (CUCM) to Automate, their passwords are not transferred. An administrator will need to configure the passwords before the accounts can be used.

This affects CUCM users that were manually added to CUCM, and users synced from LDAP.