Many employees start each working day by logging into a Windows desktop or laptop and authenticating to Active Directory. Since Active Directory was launched with Windows 2000 Server, organizations use it as the primary authentication for their end users. In most companies users need to log on via Active Directory before they can access non-Windows hosted applications such as SAP, Siebel and Oracle and mainframe or mid-range systems.
Use Active Directory with Cisco CUCM
Active Directory provides true single sign-on, but only to Windows-based and Windows-hosted applications. Other systems like Cisco Unified Communications are not covered directly. However, our Active Login Manager software can be added on top of your existing Microsoft Active Directory.
Active Directory and Cisco Extension Mobility
Cisco Extension Mobility uses a UserID and PIN Code to authenticate the user. So, it is not the domain password that is used for logging into the telephone. The PIN Code is stored in the CallManager when integrating with Single sign-on Active Directory but is not synchronized with Active Directory. The PIN Code can only be changed from the CallManager Administration page. When integrating with Single sign-on Active Directory user login, the UserID is the users domain username:
- User ID: To authenticate the user on the domain and identify the user for Extension Mobility
- Password: To authenticate the user on the domain and give access to the CCMUser page (alphanumeric)
- PIN: Extension Mobility logon code (numeric)
A typical scenario is described below:
- A user logs on to the (computer) domain using their personal username and password combination
- ALM will start automatically and the phone detection process will start
- After a suitable phone has been detected, the authentication process is started using the domain userID
- Next, the CallManager uses the “application user” to complete the authentication process
A user name will most likely never change, so a user never has to change their UserID which is being used by ALM and the users domain logon. Because the PIN Code is not being used by this authentication method the user does not need to remember the PIN when using ALM.
A user still needs their domain username and password to authenticate to the CCMUser page. These credentials are the user credentials from Single sign-on Active Directory (AD).
Single sign-on Active Directory Advantages:
- the ICT department doesn’t need to be involved in PIN change requests
- the user doesn’t have to remember the PIN
- no additional Microsoft Active Directory admin tools required