[Index]

Model: relation/User

Admins

Full HTML Help

Overview

The Admins list view displays the system admin users, where user type is "admin" or "end user + admin":

• User type: Admin

  • Accesses the system to perform admin tasks
  • Can be assigned to any hierarchy

• User type: End User + Admin

  A single user account can be configured as both an End User (with services) and as an Administrator by assigning an Authorized Admin Hierarchy containing a self-service role to the user. See Authorized Admin Hierarchies and Roles (roles).

Related topics

• Authorized Admin Hierarchies and Roles
• System User Details
• User Sync Source

Admin user password updates

If the admin user password is updated, user passwords on Cisco UCM, CUC, and Webex are also updated if these have been provisioned for the user.

Add/update local admins and operators

This procedure manually adds or updates an admin user for an intermediate node, and adds or edits local admin or operators.

1. Log in as an admin user at the hierarchy where you want to add or update the admin user.

   Note

   If you're adding or updating an admin or operator below your current hierarchy, click Organization Hierarchy then select the relevant hierarchy from the tree view. For example, if you've logged in as Provider admin and you want to add a customer admin, select the relevant customer.

2. Go to the Admins list view.

   Note

   The Admins list view makes use of an [OR] condition to filter admins, Admin[OR]End User + Admin. For details on the filter, see: Ordering Lists.

3. Choose an option:

   • Update an existing admin user? Click on the admin to view their settings. Update the admin. Save your changes.

   • Add a new admin user? Click the Plus icon (+) to add a new record.

     Fill out the admin user's user details and their account information. Mandatory fields are indicated with an asterisk (*), typically, Username (sign-in username) and Role (for example, Automate - Admin).

     For details on the available settings for admins, see User settings.

4. Save your changes.

   View transaction progress and details in the Transaction Logs.

Related topics

• User settings
• Role-based dashboards and menus
• User Field Mapping
• Authorized Admin Hierarchies and Roles
• User Login Options by Authentication Method and Server Authentication Scope
• Cisco-Microsoft Hybrid Users
• Introduction to role-based access
• User Authentication
• User Authentication Methods
• View and Update LDAP Authentication Users
• Single Sign On (SSO) Overview

Transaction Logging and Audit in the Core Feature Guide

Additional Role Access Profile Validation in Settings topic in the Advanced Configuration Guide.

System User Details

Full HTML Help

Overview

The System User Details list view (relation/User) displays users at or below the current hierarchy node. Users can be created in the system in various ways, depending on your setup:

• Synced in from LDAP and promoted to a user
• Synced in from applications (for example, Voicemail or Conferencing)
• Added to Automate when creating an end user
• Added to Automate when creating an admin user

User creation can also vary across different hierarchies in the system.

Note the following user details:

• Click on a user to view its details. See also: Check User Provisioning Status.
• Click Add to add a user manually.
• You can filter the Users list view via the toolbar Filter icon, then select the field (attribute), condition, and a filter value. The list view returns only those users matching the attributes you specified. For example, you may want to filter the list to display only users with authorized admin hierarchy set up.

View a system user's details

On the System User Details page (relation/User) you can select a UC vendor user (Microsoft, Cisco, or Webex) to view and manage their user details (including their authorized admin hierarchy and sync source), their account information, license audit details, their provisioning and hybrid status, their contact details, and their services.

User settings for admins and end users

Full HTML Help

Overview

This section describes the user settings for admins and end users.

You can select the following tabs/panels to view and manage admins and users:

• User Details
• Account Information
• Provisioning Status
• Contact Information
• Hybrid Status
• Services
• Custom
• LDAP
• Assigned Lines

An additional More Actions toolbar overflow menu also provides additional user management actions on the System User Details form. See Additional user settings.

User Details tab/panel

This section describes the user details settings.

• User Name: Mandatory. The sign-in username.

• First name, Last Name, Title, Email Address

• Local Password: The local, VOSS system password (the password specified when the user is manually added or provisioned in VOSS)

• Role: Mandatory. This user's role (which will determine their menu layouts and dashboards). Available roles include those with the current hierarchy in the Permitted Hierarchy Types list. See Role-based dashboards and menus.

  For a provider, reseller, customer, or site administrator or operator, the available roles are limited to those applicable to the hierarchy level. For an intermediate node administrator or operator, the available roles are limited to those associated with the nearest non-intermediate node above the intermediate node in the hierarchy. For more details on roles, see Role-based dashboards and menus.

• Entitlement Profile: A profile that specifies devices and services that may be assigned to a user. This setting may not be available for Admin users.

• Language: User's preferred language.

  If you don't choose a language, the language is inherited from the nearest hierarchy node (at or above the user's hierarchy) that has a default language configured. If no default language is configured anywhere in the hierarchy at or above this admin user, their preferred language is set as English.

  If you're choosing a language on the Admins page, the language remains unchanged even if the admin user is moved to a different hierarchy. However, if language is inherited, the admin's language changes if they're moved to a different hierarchy, to the default language at that new hierarchy.

• Exclude from Directory: Defines whether to exclude the user from the corporate directory

  accessed via VOSS Phone Services. See Configure phone services for details. This setting may not be available for Admin users.

• Authentication Method: The type of authentication that will be used. See User Authentication Methods. Options are:

  • Local (VOSS user)
  • Automatic: Choose this option if LDAP or SSO set at hierarchy or above.
  • LDAP: See View and Update LDAP Authentication Users
  • SSO: See Single Sign On (SSO) Overview

  For user authentication method (Auth Method) changes when updating, see Authentication Method Setting Rules.

• LDAP Server: Displays only when authentication method is LDAP. The LDAP server the user must authenticate against.

• LDAP Username: Displays only when authentication method is LDAP. The login attribute of the associated LDAP device model instance.

• SSO Identity Provider: Displays only when authentication method is SSO. The entity ID of the SSO Identity Provider.

• SSO Username: Displays only when authentication method is SSO. The name identifier used for an SSO authenticated user. Defaults to VOSS username.

• Sync Source: Read-only. User's sync source. Sync source is "Local" when the user is created on VOSS. The application from which the user (and user data) was synced, that is, LOCAL (VOSS), UCM, MS-LDAP. Sync source determines the the master of the data. Data in the user mode will be derived from the fields of the master application (for example, CUCM, CUC, MS-LDAP). Default is LOCAL.

• Sync Type: The user's sync type. Identifies the user type that was synced from the device as indicated by sync source information, for example CUCM-Local, CUCM-LDAP, LOCAL. Default is LOCAL.

• User Type: Read-only. The user's login type. Default is Admin. Determined by the role interface (administration or selfservice). User types may be one of:

  • Admin (defined by the admin role)
  • End User (not an admin user; end user only, therefore won't display as a value for admin user)
  • End User + Admin (defined by a data/AuthorizedAdminHierarchy instance associated to the user as well as a self-service role)

  See Authorized Admin Hierarchies and Roles under Introduction to role-based access

• Authorized Admin Hierarchy: Selected for users with multiple user roles to enable admin capabilities for end users or for admins who have permissions to a restricted set of hierarchies. See Authorized Admin Hierarchies and Roles

Related topics

• User Authentication Methods
• Authentication Method Setting Rules
• Introduction to role-based access
• Authorized Admin Hierarchies and Roles
• View and Update LDAP Authentication Users
• Single Sign On (SSO) Overview
• Role-based dashboards and menus

Account Information tab/panel

This section describes user account information settings.

• Change Password on next Login: Defines whether the user must be forced to change their password the next time they log in.
• Credential Policy: Policy for rules governing the user's credentials.
• Disabled: Defines whether the account is disabled. When True, the user won't be able to log in until an admin user enables their account again.
• Reason for Disable: The reason the account is disabled, if applicable.
• Time Locked Due to Failed Login Attempts: Date-time stamp for when the user account was locked as result of the number of failed login attempts exceeding the permitted thresholds.
• Time of Last Successful Login: The last time the user last logged in successfully.
• Locked: Defines whether the account is locked to prevent the user from logging in.
• Number of failed login attempts since last successful login: Total number of failed login attempts since last successful login.
• Time of last password change: Date-time stamp indicating the last time the user changed their password.
• Time of last password change by user
• License Audit Details: Read-only
• License Audit Status: Read-only. The user's license audit status, either "Licensed", "Unlicensed", "Unknown".
• Last Checked: The last time the license audit details were updated.

Provisioning Status tab/panel

This tab/panel is relevant only to end users. Provides a read-only view of a user's provisioning status, including multi-vendor provisioning (if applicable).

Select the Provisioned checkbox to view additional UCM's if applicable.

If the user is added to an LDAP server (see the LDAP section below), then the provisioning status will also show the server at the LDAP field.

Contact Information tab/panel

This tab/panel is relevant only to end users.

Defines contact information for the user, such as employee number, employee type, country, state, state, street, department, manager, Fax number, directory URL, Jabber ID, telephone number, mobile, and IP phone.

Hybrid Status tab/panel

This tab/panel is relevant only to end users and is available if the Global Setting Enable Cisco / Microsoft Hybrid is enabled on the Enabled Services tab/panel in the Global Settings. See Global Settings.

For details on the Hybrid Status tab and managing hybrid users, see: Cisco-Microsoft Hybrid Users.

Assigned Lines tab/panel

This tab/panel is relevant only for hybrid multi vendor scenarios. The fields are blank by default.

The fields on this tab are used to capture line details for users set up with an integrated service between two vendors (for example, Cisco and Microsoft).

Services tab/panel

This tab/panel is relevant only to end users, and provides direct links to the user's services, typically only their available and enabled services, which may include Cisco UCM user, CUC user voicemail, Webex App user, Pexip, UCCX Agent, MS 365, MS Teams, or MS Exchange. Clicking on the link for the service opens the settings for that service. For example, clicking the link for MS Exchange user opens the user's User Mailboxes settings page.

Custom tab/panel

This tab/panel is relevant only to end users. User defined customized strings and booleans.

LDAP tab/panel

If a user is added as a Microsoft Active Directory LDAP user; then:

• The VOSS user settings page displays additional fields and the LDAP-related values are saved to the Microsoft Active Directory LDAP server.
• If changes to the user are made directly on the Microsoft Active Directory LDAP server, these updates are synced in to VOSS the next time the user is synced in to VOSS (via the VOSS system Sync & Purge tool).

If a secure Microsoft Active Directory LDAP server (port 636) is configured higher in the user hierarchy and the server has Enable Write Operations checked, user details can be managed on the server if it is selected from the LDAP Server drop down list.

Only secure LDAP servers are listed. If no suitable servers have been set up, then the tab will not display any fields.

If no such Microsoft Active Directory LDAP server is configured and enabled, the tab will show a message to indicate this.

For setup server details, see:

LDAP Server in the Core Feature Guide

If the Microsoft Active Directory LDAP server is configured and the user already exists on this server, the tab will show a message to indicate this.

The Description field will display in the Microsoft Active Directory Users and Computers interface.

The User Account Control dropdown supports the following UserAccountControl values (associated with codes):

• Normal Account (512)
• Disabled Account (514)
• Enabled, Password Not Required (544)
• Disabled, Password Not Required (546)
• Enabled, Password Doesn't Expire (6648)
• Disabled, Password Doesn't Expire (66050)
• Enabled, Password Doesn't Expire & Not Required" (66080)
• Disabled, Password Doesn't Expire & Not Required" (66082)

When the LDAP user is added, the User Details tab/panel will show the Sync Source and Sync Type of the user as LDAP.

For details on updating and deleting the user on the LDAP server (Delete from LDAP, Push to LDAP), see Additional user settings.

Additional user settings (More Actions)

The System User Details user management page (relation/User) contains a More Actions overflow menu that provides additional tools for managing users.

The table describes additional user management functionality available in the More Actions overflow menu:

Related topics

• System User Details

Webex users

Full HTML Help

Overview

You can view, update, and add Webex users into VOSS via:

• Webex User Services > System User Details (add record) (relation/User)
• Webex User Services > Onboard User (at site) (view/AddSubscriberFromProfile)
• Webex User Services > Webex User Details (at site) (relation/SparkUser)
• Webex User Services > Webex Quick User (at site) (view/WebexTeamsSubscriberQas)

Related topics

• Provision Webex App
• Webex Quick Add User

Webex User Details in the User Guide

Manage Users

On the Webex User Services > Manage Users page (relation/MultiVendorSubscriber) you can select a user to view and manage their user details, licenses, calling settings, phones, or services. You can also access quick actions available for the user, and enable or disable their login.

Access profile dependency for Add Cisco Webex (+)

To enable the Add (+) quick action for Cisco Webex on a user's management page, your access profile must include the following entry:

• Access profile model: device/webex/User
• Required operations: read, create

Related topics

• Add a Subscriber

Sync Webex user with flow through provisioning

Sync with flow through for Webex users requires pre-configuring several settings in Automate (including flow through provisioning criteria) before the initial sync from the Webex Control Hub. See: Flow through provisioning (FTP).

• Enable flow through provisioning in the Global Settings for a hierarchy (see: Global Settings)
• Configure Webex settings matching the user's location in the Site Defaults (see: Site Defaults) so that the move filter criteria are webexUserModelFilterCriteria. These criteria are used as a part of a user profile.
• The AddSubscriberFromProfile workflow at site uses the following configuration template: Webex_FlowThroughProvisioning_SubscriberFromProfile

This set up allows Automate to apply the correct configuration, licenses, and services to imported users, and to move users to sites. Once you run the sync, users are imported, provisioned, licensed, and moved to the correct synced in sites, as users - in accordance with configured Webex App user model filter criteria and user profile.

The flowchart sets out the sync with flow through of Cisco Webex users and services.

To access the flowcharts, view the topic via the release documentation at: https://documentation.voss-solutions.com/automate.html

Related topics

Flow Through Provisioning in the Core Feature Guide

Provisioning users with Cisco Webex

This section describes how to provision Cisco Webex for a user, either via the Users list view, or via Webex Quick User.

Related topics

• Add Webex App User
• Webex Teams Quick Add

User relation

Model Details: relation/User