10-3
Installation Guide for Cisco Unity Release 5.x with IBM Lotus Domino (Without Failover)
OL-13599-01
Chapter 10 Setting Up Authentication for the Cisco Unity Administrator
Determining the Authentication Method to Use for the Cisco Unity Administrator
Table 10-2 lists the advantages and disadvantages of using Anonymous authentication with the
Cisco Unity Administrator.
How Integrated Windows Authentication Works with the Cisco Unity AdministratorWhen IIS is configured so that the Cisco Unity Administrator uses Integrated Windows authentication,
Cisco Unity does not authenticate the subscriber. Instead, the identity of the user is verified by Windows.
1. A Cisco Unity subscriber starts Internet Explorer and attempts to browse to the Cisco Unity
Administrator website.
2. Internet Explorer tries to get the home page for the Cisco Unity Administrator from IIS.
3. IIS indicates that it cannot authenticate the user.
4. When Internet Explorer is configured to prompt for a user name and password, it di splays a dialog
box and waits for the subscriber to enter the Windows domain account credentials. Once the
subscriber enters the credentials, Internet Explorer tries to get the Cisco Unity Administrator web
page again, but this time, it sends IIS an encrypted message regarding the Windows domain account
based on the credentials that the subscriber entered in the dialog box.
When Internet Explorer is not configured to prompt for a user n ame and password, Internet Explorer
tries to get the Cisco Unity Administrator web page again, but this time, it sends IIS an encrypted
message regarding the Windows domain account based on the credentials that the subscriber entered
to log on to Windows.
In both scenarios, the user password—or any representation of the password —is not sent across the
network because authentication relies on Windows challenge/response.
Tab l e 10-2 Using Anonymous Authentication with the Cisco Unity Administrator
Advantages Disadvantages
• Subscribers can choose whether to enter their Domino or Windows
credentials on the Cisco Unity Log On page. If subscribers use their
Domino credentials, they do not need to have Windows domain
accounts created for them. However, if subscribers have Windows
domain accounts, they can use their Windows credentials to access
the Cisco Unity Administrator if the Domino server goes down, for
example.
• When subscribers log on to the Cisco Unity Administrator fro m
another domain, they can enter the appli cable credentials on the
Cisco Unity Log On page for the domain that the Cisco Unity server
is in. Thus, you do not need to configure each subscriber browser to
prompt for a user name and password, nor do you ne ed to establish
trusts across domains.
• When subscribers log on to the Cisco Unity Administrator fro m
another domain, they are not prompted to re-enter their creden tials
each time that they want to use the phone as a recording and playback
device for the Media Master.
• When a subscriber enters Domino credentials
on the Cisco Unity Log On page, the
credentials are sent across the network in clear
text. To solve this problem, set up Cisco Unity
to use SSL.
• When a subscriber enters Windows domain
account credentials on the Cisco Unity Log
On page, the credentials are sent across the
network in clear text. To solve this problem,
set up Cisco Unity to use SSL.
• By default, IIS is not set up so that the
Cisco Unity Administrator uses the
Anonymous authentication method. You must
configure it.