Active Directory for Unified ICM/CCE
Microsoft Windows Active Directory (AD) is a Windows Directory Service that provides a central repository to manage network resources. Based on the registry settings, Unified ICM uses AD to control user access rights to perform setup, configuration, and reporting tasks. AD also grants permissions for different components of the system software to interact; for example, it grants permissions for a Distributor to read the Logger database.
This document provides details of how the system software uses AD.
Note |
This document does not provide detailed information on AD. Unified ICM administrators must be familiar with the Microsoft AD. See Microsoft documentation for details on Microsoft AD. |
Note |
This guide uses the term "Unified ICM" to generically refer to Cisco Unified Contact Center Enterprise (Unified CCE) and Cisco Unified Intelligent Contact Management (Unified ICM). You can use either Unified CCE or Unified ICM for advanced call control, such as IP switching and transfers to agents. Both provide call center agent-management capabilities and call scripting capabilities. Scripts running in either environment can access Unified CVP applications. |
Note |
Unified CCE no longer creates or deletes Active Directory user accounts. You can manage these user accounts within their active Directory infrastructure. |
Single Sign On (SSO) Support
Single sign-on (SSO) is an authentication and authorization process. (Authentication proves that you are the user you say that you are, and authorization verifies that you are allowed to do what you are trying to do.) SSO allows users to sign in to one application and then securely access other authorized applications without a prompt to reenter user credentials. As an agent or supervisor, when you login to a Unified CCE solution web component using a username and password, SSO provides a security token that allows you to securely access all other web based application and services without providing your login credentials repeatedly from the same web browser instance. By using SSO, Cisco administrators can manage all users from a common user directory and enforce password policies for all users consistently. If you move to a different browser you need to re-authenticate the SSO.
To enable SSO, the Unified CCE Solution requires an Identity Provider (IdP) to interface with Microsoft Active Directory (AD). The IdP stores user profiles and provides authentication services to support SSO sign-ins to the contact center solution. However, the IdP does not replace AD. Irrespective of the IdP used to interface with the identity source, the Active Directory infrastructure is a mandatory component for SSO because AD is still required to support Unified CCE administrator sign-ins.
For detailed information about SSO in the contact center solution, see the Cisco Unified Contact Center Enterprise Features Guide.