.. _end-user-access-and-authentication:

End User Access and Authentication
----------------------------------

Users with a "system user entry" may log in to the Self-service interface. 
A "system user entry" is created automatically when a user is added as a subscriber. Refer to the topics under "Subscriber Management".

You can grant a user access to Self-service by creating a user, with a
**Self-service** role, directly in the system user interface. Such a user is not
able to view devices or any services associated with the devices, nor can a
manually added user view personal information such as first name, last name,
address, department, and so on. Refer to :ref:`role-based-access-admins`.

Self-service authentication is controlled by the administration interface using
the same three authentication methods: Standard, LDAP, and SSO.

Consolidated password and PIN management for end users is available as follows,
based on the Self-service authentication method configured for the end user:

* Standard |VOSS Automate| authentication: end users can change their password and
  PIN from the Self-service interface.
* LDAP and SSO authentication: end users cannot change their password and PIN
  from the Self-service interface. 
  
To ensure the best user experience, it is recommended that all applications
(Self-service and the UC applications) use the same
authentication method.



.. |VOSS Automate| replace:: VOSS Automate
.. |Unified CM| replace:: Unified CM