McDewey

• Expired soft lock (expired credential) • Inactive lock (credential not used for some time) • User must change (credential set to user must change) • LDAP inactive (switching to LDAP authentication and LDAP not active) • Successful user credential updates • Failed user credential updates If you use LDAP authentication for end user passwords, LDAP tracks only authentication successes and failures. Note All event messages contain the string “ims-auth” and the user ID that is attempting authentication. Procedure Step 1 From Cisco Unified CM Administration, choose User Management > End Users. Step 2 Enter search criteria, click Find, and then choose a user from the resulting list. Step 3 Click Edit Credential to view the user's authentication activity. What to do next You can view log files with the Cisco Unified Real-Time Monitoring Tool (Unified RTMT). You can also collect captured events into reports. For detailed steps about how to use Unified RTMT, see the Cisco Unified Real-Time Monitoring Tool Administration Guide at http://www.cisco.com/c/en/us/support/ unified-communications/unified-communications-manager-callmanager/products-maintenance-guides-list.html. Configuring Credential Caching Enable credential caching to increase system efficiency. Your system does not have to perform a database lookup or invoke a stored procedure for every single login request. An associated credential policy is not enforced until the caching duration expires. This setting applies to all Java applications that invoke user authentication. Procedure Step 1 From Cisco Unified CM Administration, choose System > Enterprise Parameters. Step 2 Perform the following tasks as needed: Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 232 User Security Configuring Credential Caching