10-2
Installation Guide for Cisco Unity 4.0(5) and Later Voice Messaging with Microsoft Exchange 2003/2000 (With Failover Configured)
OL-7371-02
Chapter 10 Setting Up Authentication for the Cisco Unity Administrator
Determining the Authentication Method to Use for the Cisco Unity Administrator
The following three subsections discuss the available authentication methods and how they work:
• Authentication Methods Available for the Cisco Unity Administrator, page 10-2
• How Integrated Windows Authentication Works with the Cisco Unity Administrator, page 10-3
• How Anonymous Authentication Works with the Cisco Unity Administrator, page 10-4
Authentication Methods Available for the Cisco Unity AdministratorBy default, IIS is configured so that the Cisco Unity Administrator uses the Integrated Windows
authentication method (formerly called NTLM or Windows NT Challenge/Response authentication) to
authenticate the user name and password. If you prefer, you can configure IIS so that the Cisco Unity
Administrator uses the Anonymous authentication method instead.
To determine which authentication method to use, first discuss it with the network administrator to
confirm that the method you choose aligns with the existing authentication scheme in the organization
and addresses security concerns for the site. In addition, consider the advantages and disadvantages of
using each authentication method with the Cisco Unity Administrator, as shown in Table 10-1 and
Table 10-2.
Refer to the Microsoft website for general information on the strengths and weaknesses of using either
Integrated Windows or Anonymous authentication.
Table 10-1 lists the advantages and disadvantages of using Integrated Windows authentication with the
Cisco Unity Administrator.
Tab l e 10-1 Using Integrated Windows Authentication with the Cisco Unity Administrator
Advantages Disadvantages
• User credentials are not sent across the
network. Instead, Internet Explorer and
Windows use a challenge/response
mechanism to authenticate the user.
• By default, IIS is already set up so that the
Cisco Unity Administrator uses the Integrated
Windows authentication method.
• Windows cannot validate the identity of a user when the user is
logged on to an untrusted domain. To solve this problem, configure
each subscriber browser to prompt for a user name and password so
that subscribers can enter the applicable credentials for the domain
that the Cisco Unity server is in. Alternatively, you can establish
trusts across domains.
• When subscribers log on to the Cisco Unity Administrator from
another domain, they are prompted to re-enter their credentials each
time that they want to use the phone as a recording and playback
device for the Media Master.