McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 239

↗ View in doc context
page
239
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::238

• Improves productivity because you spend less time re-entering credentials for the same identity. • Reduces costs as fewer help desk calls are made for password reset, thereby leading to more savings. Trust Relationship with IdP SAML SSO Deployments rely on the creation of a trust relationship between a Service Provider (Cisco Unified Communications Manager) and the third-party Identity Provider. You can configure a SAML SSO relationships using one of two SSO modes: • Per Node agreement—The UC metadata zip file contains separate XML files for each node • Per Cluster agreement—A single metadata file for the cluster This trust relationship is created through an initial exchange of metadata files. The Cisco UC metadata file is an XML file which contains the following information: • A unique identifier • Organization • Expiration time for this information • Caching period • XML signature of this information • Contact persons • Unique identifier of the entity (entity ID) • Description of SAML role of this SAML instance (identity provider, service provider, and so forth) Authorization Once authentication is provided by the IdP, user access to Cisco Unified Communications Manager resources is determined by locally configured access control groups and the role permissions that those groups provide. SAML SSO Configuration and Identity Provider Requirements For more detailed information on SAML SSO, including configuration information and requirements for Identity Providers, see the SAML SSO Deployment Guide for Cisco Unified Communications Applications. LDAP Authentication If you have not deployed SAML SSO, and you have users synced against a company LDAP Directory, LDAP Authentication lets you authenticate user passwords against the credentials that are stored in the company LDAP directory. This option enables the Identity Management System (IMS) library on Cisco Unified Communications Manager to use the company LDAP directory to authenticate user passwords for LDAP synchronized users. When end users login to the Self-Care Portal, they enter their company password (for example, their AD password), as configured in the company LDAP directory. When this option is configured: Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 221 User Security LDAP Authentication