CUCM How to automate user management in Cisco Unified Communications Manager using MIM?

User management can take a lot of time when not done automatically. Especially for large organizations, assigning users and resources by hand can eat up valuable time.

Recently, quite a few clients asked us if this process can be simplified, especially with Cisco Unified Communication Manager. The good news is, it is possible. If a company uses MIM (Microsoft Identity Manager), then a simple add-on can make user management way more efficient. How? Read on for details!

Before we jump to the solution, let’s look at our case in more detail. Some of our clients deal with this scenario, perhaps you too will find it familiar.

User management in CUCM (Cisco Unified Communications Manager)

Most often, system administrators directly look after user accounts in CUCM. This includes managing entire lifecycles, from creation to de-provisioning.

Quite often, the CUCM user management process is not centralized or incorporated into Identity and Access Management processes. CUCM Administrators, based on the information they receive, have to manually create user accounts. Then they need to configure them to include a device and user profile.

But that’s not all. They also need to manage services available to current users on an ongoing basis and respond to various service requests.

What are the disadvantages of managing user accounts manually?

The main challenge is de-provisioning. This process usually differs per organization. However, it’s quite frequent that user accounts of people who have long since left the organization, remain active in Cisco CUCM. Their phone numbers are still assigned, instead of being freed up for new users.

Unfortunately, it is not uncommon for organizations to put more effort into assigning access than revoking it when it’s no longer necessary. We’ve written about it here some time ago (solution included!), but unfortunately not much has changed yet. If it sounds like something you’d like to sort out – let us know!

In addition, maintaining data consistency can be difficult. Various teams may work independently of each other. As a result, System Administrators may not always have complete or accurate information. Relaying information about updates to other teams can also be delayed.

How does user management automation work?

We have developed a solution that allows businesses to leverage their existing identity management solution based on MIM. Its functionalities are extended to cover automated user and/or device management in CUCM. The solution also enables several self-service features, such as password management, PIN management, etc.

This solution leverages a native web service available in CUCM and does not require any additional elements for deployment. Any organization using CUCM and MIM can take advantage of it without introducing additional systems.

What are the benefits of user management automation?

Implementing the solution means that administrators of Cisco CUCM don’t have to manage user accounts on an ongoing basis. Phone numbers can be assigned and revoked automatically when people join or leave the company.

The system also takes care of profile configuration. This way, administrators can focus on more demanding tasks, such as developing or improving the communication system or functionalities available to users.

Another benefit of this solution is data consistency. Phone numbers are often used across different systems. With the CUCM integration, this information is synchronized across the entire organization, which eliminates any inconsistencies. Everyone within the business has access to an accurate and up-to-date phone directory, regardless of which system the data is stored in.

What is the Cisco Unified Communications Manager solution by Predica?

Predica CUCM Connector is a solution for CUCM. It is a custom component of our design that is easily configurable within most environments. It can also work with other telecommunication systems, such as Teams or Avaya. In that case, however, the web service client that is a part of the solution needs to be modified for compatibility.

The solution is composed of two main parts:

1. Automation – processes that manage automatic actions, such as phone number assignment for new users, profile configuration, phone number de-provisioning once a user leaves the organization

2. CUCM Connector – a management agent for MIM synchronization service. It’s responsible for exchanging data between the identity manager and CUCM to execute the necessary changes on user accounts and their configuration.

A diagram of our CUCM solution (click to view full-size)

The solution is configured in Microsoft Identity Manager (MIM) which is responsible for data synchronization. The entire logic of generating and assigning numbers is set up in MIM Portal. The Portal also facilitates some self-service features, such as password reset.

Here is a simplified architecture of the solution:

A simplified architecture of the solution

Compatibility

The integration doesn’t need the cloud to operate. If your environment is based fully on-premises, the solution will work perfectly. If you do use the cloud, however, then you can use AD Connect to synchronize phone numbers with the cloud. This is an optional feature, so you can choose not to use it.

In addition, the service can be used with different phone systems, such as Teams + Voice, Avaya, and others. It will only require a slight modification adjusting the web service client, so it can work with the target system through API.

So no matter whether you’re in the cloud or on-premises, using Cisco CUCM or another phone system – if you need to assign phone numbers to users, we can configure the solution to work for you.

How does the CUCM solution work?

Let’s talk about how the integration works with MIM and CUCM to automate phone number management.

Provisioning

The provisioning process starts in MIM Portal. When a new user is created (directly in the portal or through HR information received), MIM checks whether the user needs a CUCM phone number, based on their data and defined conditions. If a number is needed, MIM performs the following actions:

1. Look up a free phone number from the pool, which was not in use for more than the defined retention period, and assign it to the user
2. Provision the User object into CUCM
3. Define Device Profile and assign it to the User in CUCM
4. Gather information about the assigned Device Profile
5. Provision the Phone Number object and assign it to the Device Profile in Cisco CUCM
6. Send notification to the user with instruction on how to reset PIN
7. Write the phone number information back to the HR system, AD and other systems connected through MIM.

The process can also be configured to assign phone numbers on demand instead of automatically provisioning phone numbers to all users. This feature is fully customizable. Here is the illustration of the process:

Assigning a phone number using Predica CUCM solution

Depending on the additional requests, MIM can also update other parts of the CUCM user profile, e.g. International calls, Mobile calls, Voicemail, etc.

Deprovisioning

Revoking a phone number when a user leaves the organization follows a similar process. Once termination occurs, MIM returns the phone number to the pool. It also removes the assignment from the CUCM profile and updates information across all connected systems.

Depending on the de-provisioning process defined in the organization, it can also remove device and user profiles in CUCM, cleaning the environment from objects no longer in use.

Revoking a phone number using Predica CUCM solution

What features can be configured using Predica CUCM Connector?

The solution can be used for automated phone number provisioning, but it offers a lot of additional features for integration with Cisco CUCM. Here is what you can achieve with it.

Phone number management

You can import phone numbers and user numbers that were previously created and added to MIM Portal as a single number or a pool number.

End-user provisioning

You can use MIM Synchronization Engine to provision end users with basic attributes (FirstName, LastName etc.), as well as specified attributes depending on your environment, such as primary extension number. You can also manage:

• controlled profiles in Extension mobility options
• Mobility Information
• roles and group permissions.

Device provisioning and profile management

Using the integration, you can provision phone devices that you previously created in MIM Portal with basic and specified attributes. These can include:

• Device pool selection
• Phone button template
• Cisco camera and video capabilities
• Line number assignment

Directory number management

It is possible not just to create but also to manage numbers added to MIM. You can configure features such as:

• specify route partition
• associated devices
• voicemail profile
• calling search space
• call forward and pickup settings (various settings)
• complete de-provisioning of end users and phone devices based on information from MIM or other related systems.

Self-service

You can set up simplified management for both PIN and password, along with synchronization and reset functionalities. Users can use this functionality online for simplified sign-on.

Integration with other systems

The solution also facilitates connection with other systems. For example, phone information can be created to enable integration with Jabber. Additionally, users in Cisco Unity can get an assigned template for voicemail features.

How to get started with the solution?

We can implement this integration in your environment within weeks. Just contact us to arrange a free phone call, and we’ll talk through your needs. We’ll then customize the solution to match your environment. Sounds good? Then just click here to send your query. Or, if you’d like to know more first, just leave your question in the comments!