McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 295

↗ View in doc context
page
295
source
cucm/v15/security-guide/security-guide.md
chunk_id
cucm::v15::security-guide::security-guide::296

To secure the user connection to CTIManager, you must add the application user or end users to the Standard CTI Secure Connection user group. You can assign a CTI application to either an application user or an end user, but not both. If you want the application and CTIManager to secure the media streams, you must add the application user or end users to the Standard CTI Allow Reception of SRTP Key Material user group. Before the application and end user can use SRTP, the user must exist in the Standard CTI Enabled and Standard CTI Secure Connection user groups, which serve as a baseline configuration for TLS. SRTP connections require TLS. After the user exists in these groups, you can add the user to the Standard CTI Allow Reception of SRTP Key Material user group. For an application to receive SRTP session keys, the application or end user must exist in three groups: Standard CTI Enabled, Standard CTI Secure Connection, and Standard CTI Allow Reception of SRTP Key Material. You do not need to add the application users, CCMQRTSecureSysUser, IPMASecureSysUser, and the WDSecureSysUser, to the Standard CTI Allow Reception of SRTP Key Material user group because Cisco Unified Communications Manager Assistant, CiscoQRT, and Cisco Web Dialer do not support encryption. For information on deleting an application or end user from a user group, refer to the Administration Guide for Cisco Unified Communications Manager. For information about security-related settings in the Role Configuration window, refer to the Administration Guide for Cisco Unified Communications Manager. Tip Procedure Step 1 From Cisco Unified Communications Manager Administration, choose User Management > User Groups. Step 2 To display all user groups, click Find. Step 3 Depending on what you want to accomplish, perform one of the following tasks: a) Verify that the application or end users exist in the Standard CTI Enabled group. b) To add an application user or end users to the Standard CTI Secure Connection user group, click the Standard CTI Secure Connection link. c) To add an application user or end users to the Standard CTI Allow Reception of SRTP Key Material user group, click the Standard CTI Allow Reception of SRTP Key Material link. Step 4 To add an application user to the group, perform steps 5 through 7. Step 5 Click Add Application Users to Group. Step 6 To find an application user, specify the search criteria; then, click Find. Clicking Find without specifying search criteria displays all available options. Step 7 Check the check boxes for the application users that you want to add to the group; then, click Add Selected. The users are displayed in the User Group window. Step 8 To add end users to the group, perform steps 9 through 11. Step 9 Click Add Users to Group. Step 10 To find an end user, specify the search criteria; then, click Find. Clicking Find without specifying search criteria displays all available options. Step 11 Check the check boxes for the end users that you want to add to the group; then, click Add Selected. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 277 Advanced System Security Add Application and End Users to Security-Related Access Control Groups