User Accounts; Root Accounts; Configuring Login Account Authentication; Account Authentication Using Ldap - Cisco TelePresence Video Communication Server Administrator's Manual

User accounts

User accounts are used by individuals in an enterprise to configure the devices and locations on which
they can be contacted through their FindMe ID.
Each user account is accessed using a username and password.
If local user account authentication is selected, each user account must be created locally by a
n
VCS administrator.
If remote user account authentication is selected, a VCS administrator must set up user groups to
n
match the corresponding group names in the remote directory service.
Note that if remote user account authentication is selected, only the username and password details
are managed remotely. All other properties of the user account, such as the FindMe ID, devices and
locations are stored in the local VCS database.
See the Configuring user accounts
and their associated FindMe devices and locations, and for enabling basic Starter Pack provisioning.
Note: use TMS if you need to provision a large number of user accounts. See the FindMe deployment
guide [29] for more details on configuring FindMe and user accounts.

Root accounts

The VCS provides a root account which can be used to log in to the VCS operating system. The root
account should not be used in normal operation, and in particular system configuration should not be
conducted using this account. Use the admin account instead.
See the Root account section for more information.
Note: remember to change the passwords for the admin and root accounts from their default values.

Configuring login account authentication

The Login account authentication configuration page
Configuration) is used to configure where administrator and user account credentials are
authenticated (and authorized) before access is allowed to the VCS.
The Administrator authentication source and User authentication source options are:
Remote: credentials are verified against an external credentials directory (the VCS currently
n
supports only Windows Active Directory). If a Remote source is selected you need to configure the
appropriate LDAP settings on the
Local: credentials are verified against a local database stored on the VCS.
n
After specifying where accounts are authenticated you must set up the appropriate account details or
directory service group details. See the Authenticating VCS accounts using LDAP deployment guide
[30] for more details on configuring a remote directory service.

Account authentication using LDAP

The Login account LDAP configuration page
configuration) is used to configure an LDAP connection to a remote directory service for
administrator and/or user account authentication.
To use LDAP for account authentication, you must also go to the
configuration page and select a Remote administrator or user authentication source.
The configurable options are:
Cisco VCS Administrator Guide (X6.1)
section for more information about defining user account details
(Maintenance > Login accounts >
Login account LDAP configuration
(Maintenance > Login accounts > LDAP
page.
Login account authentication
Page 205 of 401
Maintenance