If you are installing a new MiCollab or MiCollab with Voice system on a site with an existing directory service database, use IDS to seed the MiCollab database with the entries from the directory service. After initial configuration, you can manage updates primarily from the directory service. Roles and templates support the configuration of the phone and application services on MiCollab. Single point provisioning automatically applies the user data and phone services to the MiVoice Business system.
To integrate the system database with the corporate directory server database:
Review the General Guidelines and Limitations.
If IDS is enabled on any MiVoice Business platforms or applications, run a synchronization operation with the directory server to ensure that the MiVoice Business platforms, applications, or both have the latest updates from the directory server. Refer to Integrated Directory Services in the MiVoice Business System Administration Tool online help for instructions.
Note: You must resolve the detained updates from the MiVoice Business on the associated MiCollab. If there are multiple MiCollab systems on site, ensure that you make the required updates on the correct MiCollab.
Disable IDS from the MiVoice Business platforms and applications.
To disable IDS on an MiVoice Business system:
Log into the MiVoice Business System Administration Tool.
Access the Network Element Assignment form and delete the directory server.
To disable IDS (LDAP Integration) for the MiCollab Audio, Web and Video Conferencing application:
Click Audio, Web and Video Conferencing in the MiCollab server manager.
Click LDAP Configuration.
Clear the Use LDAP check box.
To disable IDS (Active Directory/LDAP synchronization) on a MiCollab Client application that is running in integrated mode:
Note: You do not have to disable MiCollab Client-IDS, if MiCollab Client is running in co-located mode.
Click MiCollab Client Service in the MiCollab server manager.
Click Configure MiCollab Client Service.
Click the Synchronization tab.
Select None and click Apply.
Create a MiCollab synchronization account on the directory service domain. The account must have read access.
If Active Directory Authentication is required, ensure that a valid Certificate Authority (CA) has been configured for Active Directory. If Active Directory Authentication is not required, you assign users new passwords on MiCollab using roles and associated user templates.
On the directory server, ensure that the user data fields contain entries for the following attributes: samAccountName, givenName, sn, and distinguishedName. Otherwise, failed update errors are generated on MiCollab during the synchronization. If an employeeType field is not specified the entry is sent to the detained queue.
In the MiCollab Users and Services application, create user templates for the various roles in the enterprise. In the templates, assign the phone and application services that you want to apply to the user data that is obtained from the directory server. In the templates, also set a password policy for the user data. You have the option of creating these templates from the UCC default templates.
In the MiCollab Users and Services application, create roles that correspond to the employeeType attribute entries on the directory service. You can create these roles from the UCC default roles. Note that when users are obtained from the directory server, if a user entry has a blank employeeType field, the update is sent to the detained user updates queue.
Create a connection to the directory server:
Under Configuration, click Integrated Directory Service.
Click Add connection. The Add Integrated Directory Service connection page opens.
Complete the fields to create a connection. See Manage IDS Connections for field descriptions. At a minimum, you must enter the hostname of the primary directory server, enter the primary directory server username and password, enable Synchronization, and then schedule a synchronization interval. It is recommended that you enable the Defer all operations option to send all operations to the detained updates queue for the initial synchronization. This option allows you to validate all the updates and then apply or discard updates as required.
If Active Directory Authentication is required, the Synchronization option must be enabled. Also, set the Connection Method to either TLS or TSL/SSL. The Connection Method cannot be Unsecured. To use SSL/TLS for IDS, LDAP over SSL must enabled on the active directory server. See the following links for more information:
Click Save. MiCollab verifies the connection parameters and indicates if any errors are present.
Configure Active Directory Authentication if required.
Check the Enable authentication box beside the desired domain. You can only enable authentication on a single domain. So, if you want to select a different domain, you must first disable the currently selected domain.
Note: Do not enable Authentication only for MiVoice Business integrations.
Note: You can connect the Active Directory Authentication to a Global Catalogue on the domain controller. If multiple connections are used, and if those connections point to domains which are under the same forest, you can configure one connection to use the global catalogue. With global catalogue enabled, all users from all connections under the same forest should be able to authenticate. Note that using global catalogue limits the fields that can be used for synchronization.
Secure authentication requests are required as part of the IDS connection.
Click Save.
If your server is using the default LDAP attributes, you do not need to modify the IDS Attribute Mappings. If not, clear the Use default attribute mappings box and then map the LDAP attributes to the following IDS attributes: Distinguished Name, First Name, Last Name, and Email. All other fields can have blank LDAP Attributes.
Note: If you are migrating from MiCollab Client, you must either clear ipPhone attribute from the directory server or enter a different attribute.
By default, user service data and Active Directory authentication is synchronized for all users. Specify any user records that you do not want to receive changes from the directory service. To prevent a user record from receiving updates from the directory server:
Under Applications, click User and Services.
Locate the user using the Search function.
On the User tab in the Personal Information section, clear the IDS Manageable box.
Click Save.
Schedule synchronizations with the directory server database to occur on a regular basis during off-business hours (for example: daily at 12:00 am). These re-occurring synchronizations keep the MiCollab database up to date with database changes that are entered on the directory server.
Under Configuration, click Integrated Directory Service.
Click Edit next to the directory service connection. The Manage IDS connections page opens.
Ensure the Re-initialize on next cycle box is clear.
In the Schedule field, set the schedule using the drop-down menus.
Click Save.
To configure a new MiCollab or MiVoice Business Express system, perform an initial synchronization:
Under Configuration, click Integrated Directory Services.
Click the Sync link of the connection. The synchronization status is displayed at the top of the screen.
At the end of the synchronization, any new users added to the MiCollab USP database are sent a Welcome E-mail. If you configured authentication, the e-mail instructs the users to log into their MAS application interfaces using their directory service credentials
To upgrade or reinstall an existing MiCollab or MiCollab with Voice system, perform a full synchronization from MiCollab with the directory server database. Ensure that the Re-initialize on next cycle box is enabled. The directory service entries are added to MiCollab.
If the directory server and MiCollab system have entries with matching e-mail addresses, the fields in the directory service entry overwrite the fields in the MAS entry.
If directory server and MiCollab system have entries with matching login IDs, the fields in the directory service entry overwrite the fields in the MAS entry.
If the directory server and MiCollab system have entries with matching e-mail addresses but different login IDs, the fields in the directory service entry overwrite the fields in the MAS entry.
After the synchronization is complete, view the IDS Detained Updates in the Bulk Operations Tool and manage the detained updates.
If errors are present in the Manage Detained Queue, see Resolve Failed IDS Updates.
If single point provisioning is enabled to the MiVoice Businesss, log into the MiVoice Business System Administration Tool and check the User and Device Configuration forms. Ensure that the required users and phone services have been created in the MiVoice Business database. If single point provisioning is not enabled or supported for the communications platform, manually update its database with the users and phones services. Use the list of detained updates to identify the required updates.