Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
862
Views
0
Helpful
5
Replies

no single sign on for phone agent and EM?

johnhsnow
Level 1
Level 1

‎06-20-2012 01:28 PM - edited ‎03-14-2019 10:05 AM

Hi,

I have configured EM for the contact center agents via phone login, but it requires AD credentials when you subscribe the contact center to the EM profile. This means I need to enter the credentials for the agents; i dont see EM carry forward the contact center credentials (AD) so this password has to match the AD password which they enter also in the user web page. My understanding is uccx uses cm for ad authentication, so not sure why it is limited within the EM profile?

Is this a limitation or was it designed this way? It doesnt make sense to me and maybe the configuration is incorrect.  I have tested this and so when I changed my domain password, i wasnt able to login. I would have to change the agents p/w's everytime they changed their domain password?

cucm 8.5 and uccx 8.5

Thanks in advance for the help.

Labels:
0 Helpful
5 Replies 5

brian1mcc
Level 4
Level 4

‎06-20-2012 01:46 PM

The EM service and the IPPA service are 2 separate services. EM will not pass the AD credentials on to the IPPA service. You can configure single sign on for IPPA where the user credentials are saved when you set up the IPPA subscription. This means that agents could log in to EM, then just select the single sign on service for IPPA.

The problem here is that AD passwords often change, so you'll need to allow your users to update this on the IPPA service themselves. This was discussed here previously in this thread ..

https://supportforums.cisco.com/message/3623463#3623463

Hope this helps,

Brian

0 Helpful

johnhsnow
Level 1
Level 1
In response to brian1mcc

‎06-22-2012 07:32 AM

Thanks Brian.

currently cm is using this url in the IPPA -

http://:6293/ipphone/jsp/sciphonexml/IPAgentLogin.jsp

The discussion you sent me to has this url in the IPPA -

http://:6293/ipphone/jsp/sciphonexml/IPAgentInitial.jsp.

You know what the difference is?

0 Helpful

brian1mcc
Level 4
Level 4
In response to johnhsnow

‎06-22-2012 08:19 AM

The IPAgentInitial.jsp page allows users to enter the id, password and ext on the phone itself. The IPAgentLogin.jsp page actually logs in the agent and needs the 3 parameters to be set up in CUCM to pass on the details.

Not sure why IPAgentInitial.jsp is mentioned there.

But essentially, what you need to do is set up the phone service on CUCM - assign it to the phone and create the 3 parameters that it needs. Then, the end user can log in to the ccmuser page at https:///ccmuser/ go to user options --> device --> select device from drop down list --> click phone services --> select agent login service.

Here they will be able to change their password themselves.

Brian

Message was edited by: Brian McCormick  - added screenshot of phone service setup

0 Helpful

johnhsnow
Level 1
Level 1
In response to brian1mcc

‎06-22-2012 08:52 AM

Thanks Brian,

I havent tested this yet, but would the IPAgentInitial.jsp solve this problem by allowing users to authenticate to AD for IPPA in EM? Im thinking, if they can login to their EM and then login to IPPA, they could control their logon and update their passwords from user page.

0 Helpful

brian1mcc
Level 4
Level 4
In response to johnhsnow

‎06-22-2012 08:55 AM

If you use IPAgentInitial.jsp they'll have to enter their password through the phone keypad (similar to what they do for EM login). If you use IPAgentLogin.jsp, you can set the parameters up in CUCM and give users access to update it via the ccmuser page.

Brian

0 Helpful
Customers Also Viewed These Support Documents