Filter
Top Products
10-3
Installation Guide for Cisco Unity Release 5.x with IBM Lotus Domino (Without Failover)
OL-13599-01
Chapter 10 Setting Up Authentication for the Cisco Unity Administrator
Determining the Authentication Method to Use for the Cisco Unity Administrator
Table 10-2 lists the advantages and disadvantages of using Anonymous authentication with the
Cisco Unity Administrator.
How Integrated Windows Authentication Works with the Cisco Unity
Administrator
When IIS is configured so that the Cisco Unity Administrator uses Integrated Windows authentication,
Cisco
Unity does not authenticate the subscriber. Instead, the identity of the user is verified by Windows.
1. A Cisco Unity subscriber starts Internet Explorer and attempts to browse to the Cisco Unity
Administrator website.
2. Internet Explorer tries to get the home page for the Cisco Unity Administrator from IIS.
3. IIS indicates that it cannot authenticate the user.
4. When Internet Explorer is configured to prompt for a user name and password, it displays a dialog
box and waits for the subscriber to enter the Windows domain account credentials. Once the
subscriber enters the credentials, Internet Explorer tries to get the Cisco
Unity Administrator web
page again, but this time, it sends IIS an encrypted message regarding the Windows domain account
based on the credentials that the subscriber entered in the dialog box.
When Internet Explorer is not configured to prompt for a user name and password, Internet Explorer
tries to get the Cisco
Unity Administrator web page again, but this time, it sends IIS an encrypted
message regarding the Windows domain account based on the credentials that the subscriber entered
to log on to Windows.
In both scenarios, the user password—or any representation of the password—is not sent across the
network because authentication relies on Windows challenge/response.
Table 10-2 Using Anonymous Authentication with the Cisco Unity Administrator
Advantages Disadvantages
• Subscribers can choose whether to enter their Domino or Windows
credentials on the Cisco
Unity Log On page. If subscribers use their
Domino credentials, they do not need to have Windows domain
accounts created for them. However, if subscribers have Windows
domain accounts, they can use their Windows credentials to access
the Cisco
Unity Administrator if the Domino server goes down, for
example.
• When subscribers log on to the Cisco Unity Administrator from
another domain, they can enter the applicable credentials on the
Cisco
Unity Log On page for the domain that the Cisco Unity server
is in. Thus, you do not need to configure each subscriber browser to
prompt for a user name and password, nor do you need to establish
trusts across domains.
• When subscribers log on to the Cisco Unity Administrator from
another domain, they are not prompted to re-enter their credentials
each time that they want to use the phone as a recording and playback
device for the Media Master.
• When a subscriber enters Domino credentials
on the Cisco
Unity Log On page, the
credentials are sent across the network in clear
text. To solve this problem, set up Cisco
Unity
to use SSL.
• When a subscriber enters Windows domain
account credentials on the Cisco
Unity Log
On page, the credentials are sent across the
network in clear text. To solve this problem,
set up Cisco
Unity to use SSL.
• By default, IIS is not set up so that the
Cisco
Unity Administrator uses the
Anonymous authentication method. You must
configure it.