Chapter 10 Setting Up Authentication for the Cisco Unity Administrator

Determining the Authentication Method to Use for the Cisco Unity Administrator

6.Cisco Unity checks to see that there is a subscriber account associated with the Windows domain account used to authenticate the subscriber and that the subscriber account has COS rights to access the Cisco Unity Administrator.

7.If a subscriber account exists and it has the proper COS rights, Cisco Unity presents the first page of the Cisco Unity Administrator website, which is displayed in the browser.

If the subscriber account does not exist or does not have the proper COS rights, Cisco Unity presents a web page that indicates that the subscriber does not have permission to view the Cisco Unity Administrator website.

How Anonymous Authentication Works with the Cisco Unity Administrator

When IIS is configured so that the Cisco Unity Administrator uses Anonymous authentication, Cisco Unity authenticates the credentials that subscribers enter on the Cisco Unity Log On page.

1.A Cisco Unity subscriber starts Internet Explorer and attempts to browse to the Cisco Unity Administrator website.

2.Internet Explorer tries to get the home page for the Cisco Unity Administrator from IIS.

3.IIS allows access to Cisco Unity based on the privileges for the IUSR_[computer name] account. (This is the anonymous account that IIS uses for Anonymous authentication by default.)

4.Cisco Unity presents the Cisco Unity Log On page, which is displayed in the browser.

5.The Log On page prompts subscribers to enter their Windows domain account credentials, as shown in Table 10-3.

Table 10-3

Cisco Unity Log On Page for Windows Credentials

 

 

 

Field Name

 

Description

 

 

 

User Name

 

Subscribers must enter the alias for the Windows domain account that is associated with their

 

 

Cisco Unity subscriber account. (For example, they can enter tcampbell or they can enter the full path,

 

 

tcampbell@<domain name>.)

 

 

If subscribers enter the full path for their alias, they do not need to complete the Domain field.

 

 

 

Password

 

Subscribers must enter the password for their Windows domain account.

 

 

 

Domain

 

Subscribers must enter the name of the domain in which their Windows domain account resides, unless

 

 

they entered a full path for their alias in the User Name field. If that is the case, subscribers can leave

 

 

the field blank.

 

 

 

 

 

6. Internet Explorer sends the credentials—in clear text—to Cisco Unity. (To solve this security

 

 

problem, set up Cisco Unity to use SSL.)

 

 

7. Cisco Unity requests authentication of the credentials from Windows.

 

 

8. If Cisco Unity can authenticate the Windows credentials, Cisco Unity then confirms that there is a

 

 

subscriber account associated with the Windows domain account used to authenticate the subscriber

 

 

and that the subscriber account has COS rights to access the Cisco Unity Administrator. The process

 

 

continues with Step 9.

 

 

If the credentials cannot be authenticated, Cisco Unity presents a web page that indicates that the

 

 

subscriber does not have permission to view the Cisco Unity Administrator website.

Installation Guide for Cisco Unity 4.0(5) and Later Voice Messaging with Microsoft Exchange 2003/2000 (With Failover Configured)

10-4

OL-7371-02

 

 

Page 110
Image 110
Cisco Systems OL-7371-02 manual Field Name Description, 10-4