.. _authentication-and-passwords-in-user-syncs:

Authentication and passwords in user syncs
--------------------------------------------


Users synced from LDAP to Automate (no sso)
............................................

LDAP authentication is enabled by default in Automate on users that are synced top-down from LDAP into 
Automate. 

When LDAP users are pushed to Cisco Unified Communications Manager (CUCM) and Cisco Unity Connection (CUC), 
authentication is either LDAP or local, depending on how the applications are configured. If LDAP 
authentication is not configured in CUCM or CUC, the user is considered to be a *local* user in 
UC applications.


.. _user-synchronized-from-ldap-to-voss-4-uc-(sso-enabled):

Users synced from LDAP to Automate (sso-enabled)
.................................................

For users synced from LDAP to Automate with SSO enabled, passwords are created and 
enforced at the Identity Provider (IdP).



.. _users-synchronized-from-ldap-to-cisco-unified-communications-manager:

Users synced from LDAP to CUCM
.................................

For users synced from LDAP to Cisco Unified Communications Manager (CUCM), passwords are not 
synced like other user details retrieved from LDAP. 

When LDAP authentication is enabled, the password in the LDAP server is used unless the 
password was changed locally in CUCM, forcing the CUCM password to be used.

When LDAP authentication is disabled, the default password is whatever was configured in CUCM as the 
default. If no default password is defined, then configure a password manually.


.. _users-synchronized-to-voss-4-uc:

Users synced from CUCM to Automate
....................................

When users are synced from Cisco Unified Communications Manager (CUCM) to Automate, their 
passwords are not transferred. An administrator will need to configure the passwords before the 
accounts can be used.

This affects CUCM users that were manually added to CUCM, and users synced from LDAP.