User management can take a lot of time when not done automatically. Especially for large organizations, assigning users and resources by hand can eat up valuable time.
Recently, quite a few clients asked us if this process can be simplified, especially with Cisco Unified Communication Manager. The good news is, it is possible. If a company uses MIM (Microsoft Identity Manager), then a simple add-on can make user management way more efficient. How? Read on for details!
Before we jump to the solution, let’s look at our case in more detail. Some of our clients deal with this scenario, perhaps you too will find it familiar.
Most often, system administrators directly look after user accounts in CUCM. This includes managing entire lifecycles, from creation to deprovisioning.
Quite often, the CUCM user management process is not centralized or incorporated into Identity and Access Management processes. CUCM Administrators, based on the information they receive, have to manually create user accounts. Then they need to configure them to include a device and user profile.
But that’s not all. They also need to manage services available to current users on an ongoing basis and responding to various service requests.
The main challenge is deprovisioning. This process usually differs per organization. However, it’s quite frequent that user accounts of people who have long since left the organization, remain active in Cisco CUCM. Their phone numbers are still assigned, instead of being freed up for new users.
Unfortunately, it is not uncommon for organizations to put more effort into assigning access than into revoking it when it’s no longer necessary. We’ve written about it here some time ago (solution included!), but unfortunately not much has changed yet. If it sounds like something you’d like to sort out – let us know!
In addition, maintaining data consistency can be difficult. Various teams may work independently of each other. As a result, System Administrators may not always have complete or accurate information. Relaying information about updates to other teams can also be delayed.
We have developed a solution that allows businesses to leverage their existing identity management solution based on MIM. Its functionalities are extended to cover automated user and/or device management in CUCM. The solution also enables several self-service features, such as password management, PIN management, etc.
This solution leverages a native web service available in CUCM and does not require any additional elements for deployment. Any organization using CUCM and MIM can take advantage of it without introducing additional systems.
Implementing the solution means that administrators of Cisco CUCM don’t have to manage user accounts on an ongoing basis. Phone numbers can be assigned and revoked automatically when people join or leave the company.
The system also takes care of profile configuration. This way, administrators can focus on more demanding tasks, such as developing or improving the communication system or functionalities available to users.
Another benefit of this solution is data consistency. Phone numbers are often used across different systems. With the CUCM integration, this information is synchronized across the entire organization, which eliminates any inconsistencies. Everyone within the business has access to an accurate and up-to-date phone directory, regardless of which system the data is stored in.
Predica CUCM Connector is a solution for CUCM. It is a custom component of our design that is easily configurable within most environments. It can also work with other telecommunication systems, such as Teams or Avaya. In that case, however, the web service client that is a part of the solution needs to be modified for compatibility.
The solution is composed of two main parts:
1. Automation – processes that manage automatic actions, such as phone number assignment for new users, profile configuration, phone number deprovisioning once a user leaves the organization
2. CUCM Connector – a management agent for MIM synchronization service. It’s responsible for exchanging data between the identity manager and CUCM to execute the necessary changes on user accounts and their configuration.
The solution is configured in Microsoft Identity Manager (MIM) that is responsible for data synchronization. The entire logic of generating and assigning numbers is set up in MIM Portal. The Portal also facilitates some self-service features, such as password reset.
Here is a simplified architecture of the solution:
The integration doesn’t need the cloud to operate. If your environment is based fully on-premises, the solution will work perfectly. If you do use the cloud, however, then you can use AD Connect to synchronize phone numbers with the cloud. This is an optional feature, so you can choose not to use it.
In addition, the service can be used with different phone systems, such as Teams + Voice, Avaya, and others. It will only require a slight modification adjusting the web service client, so it can work with the target system through API.
So no matter whether you’re in the cloud or on-premises, using Cisco CUCM or another phone system – if you need to assign phone numbers to users, we can configure the solution to work for you.
What if my CUCM is already configured for use with Active Directory?
In this case, you don’t need our connector for creating accounts, as CUCM does it by itself. However, you can still use the connector for other purposes, such as:
Get in touch with us to see how else it can help.
Let’s talk about how the integration works with MIM and CUCM to automate phone number management.
The provisioning process starts in MIM Portal. When a new user is created (directly in the portal or through HR information received), MIM checks whether the user needs a CUCM phone number, based on their data and defined conditions. If a number is needed, MIM performs the following actions:
The process can also be configured to assign phone numbers on demand instead of automatically provisioning phone numbers to all users. This feature is fully customizable. Here is the illustration of the process:
Depending on the additional requests, MIM can also update other parts of the CUCM user profile, e.g. International calls, Mobile calls, Voicemail, etc.
Revoking a phone number when a user leaves the organization follows a similar process. Once termination occurs, MIM returns the phone number to the pool. It also removes the assignment from the CUCM profile and updates information across all connected systems.
Depending on the deprovisioning process defined in the organization, it can also remove device and user profiles in CUCM, cleaning the environment from objects no longer in use.
The solution can be used for automated phone number provisioning, but it offers a lot of additional features for integration with Cisco CUCM. Here is what you can achieve with it.
Phone number management
You can import phone numbers and user numbers that were previously created and added to MIM Portal as a single number or a pool number.
You can use MIM Synchronization Engine to provision end users with basic attributes (FirstName, LastName etc.), as well as specified attributes depending on your environment, such as primary extension number. You can also manage:
Device provisioning and profile management
Using the integration, you can provision phone devices that you previously created in MIM Portal with basic and specified attributes. These can include:
Directory number management
It is possible not just to create but also manage numbers added to MIM. You can configure features such as:
You can set up simplified management for both PIN and password, along with synchronization and reset functionalities. Users can use this functionality online for simplified sign-on.
Integration with other systems
The solution also facilitates connection with other systems. For example, phone information can be created to enable integration with Jabber. Additionally, users in Cisco Unity can get an assigned template for voicemail features.
We can implement this integration in your environment within weeks. Just contact us to arrange a free phone call, and we’ll talk through your needs. We’ll then customize the solution to match your environment. Sounds good? Then just click here to send your query. Or, if you’d like to know more first, just leave your question in the comments!
I covered security in GitHub last time. But some of you likely use Azure DevOps for building your products, so let’s t...
Sometimes it feels like I'm pushing too much with security and software development, but then you prove me wrong. Rec...