Configure MiCollab or MiVoice Business Express System with IDS

If you are installing a new MiCollab or MiCollab with Voice system on a site with an existing directory service database, use IDS to seed the MiCollab database with the entries from the directory service. After initial configuration, you can manage updates primarily from the directory service. Roles and templates support the configuration of the phone and application services on MiCollab. Single point provisioning automatically applies the user data and phone services to the MiVoice Business system.

To integrate the system database with the corporate directory server database:

  1. Review the General Guidelines and Limitations.

  2. If IDS is enabled on any MiVoice Business platforms or applications, run a synchronization operation with the directory server to ensure that the MiVoice Business platforms, applications, or both have the latest updates from the directory server. Refer to Integrated Directory Services in the MiVoice Business System Administration Tool online help for instructions.

Note: You must resolve the detained updates from the MiVoice Business on the associated MiCollab. If there are multiple MiCollab systems on site, ensure that you make the required updates on the correct MiCollab.

  1. Disable IDS from the MiVoice Business platforms and applications.

To disable IDS on an MiVoice Business system:

To disable IDS (LDAP Integration) for the MiCollab Audio, Web and Video Conferencing application:

To disable IDS (Active Directory/LDAP synchronization) on a MiCollab Client application that is running in integrated mode:

Note: You do not have to disable MiCollab Client-IDS, if MiCollab Client is running in co-located mode.

  1. Create a MiCollab synchronization account on the directory service domain. The account must have read access.

  2. If Active Directory Authentication is required, ensure that a valid Certificate Authority (CA) has been configured for Active Directory. If  Active Directory Authentication is not required, you assign users new passwords on MiCollab using roles and associated user templates.

  3. On the directory server, ensure that the user data fields contain entries for the following attributes: samAccountName, givenName, sn, and distinguishedName. Otherwise, failed update errors are generated on MiCollab during the synchronization. If an employeeType field is not specified the entry is sent to the detained queue.

  4. In the MiCollab Users and Services application, create user templates for the various roles in the enterprise.  In the templates, assign the phone and application services that you want to apply to the user data that is obtained from the directory server. In the templates, also set a password policy for the user data. You have the option of creating these templates from the UCC default templates.

  5. In the MiCollab Users and Services application, create roles that correspond to the employeeType attribute entries on the directory service. You can create these roles from the UCC default roles.  Note that when users are obtained from the directory server, if a user entry has a blank employeeType field, the update is sent to the detained user updates queue.

  6. Create a connection to the directory server:

  1. Configure Active Directory Authentication if required.

Note: Do not enable Authentication only for MiVoice Business integrations.

Note: You can connect the Active Directory Authentication to a Global Catalogue on the domain controller. If multiple connections are used, and if those connections point to domains which are under the same forest, you can configure one connection to use the global catalogue. With global catalogue enabled, all users from all connections under the same forest should be able to authenticate. Note that using global catalogue limits the fields that can be used for synchronization.

  1. If your server is using the default LDAP attributes, you do not need to modify the IDS Attribute Mappings. If not, clear the Use default attribute mappings box and then map the LDAP attributes to the following IDS attributes: Distinguished Name, First Name, Last Name, and Email. All other fields can have blank LDAP Attributes.

Note: If you are migrating from MiCollab Client, you must either clear ipPhone attribute from the directory server or enter a different attribute.

  1. By default, user service data and Active Directory authentication is synchronized for all users. Specify any user records that you do not want to receive changes from the directory service. To prevent a user record from receiving updates from the directory server:

  1. Schedule synchronizations with the directory server database to occur on a regular basis during off-business hours (for example: daily at 12:00 am). These re-occurring synchronizations keep the MiCollab database up to date with database changes that are entered on the directory server.

  1. To configure a new MiCollab or MiVoice Business Express system, perform an initial synchronization:

To upgrade or reinstall an existing MiCollab or MiCollab with Voice system, perform a full synchronization from MiCollab with the directory server database. Ensure that the Re-initialize on next cycle box is enabled. The directory service entries are added to MiCollab.

  1. After the synchronization is complete, view the IDS Detained Updates in the Bulk Operations Tool and manage the detained updates.

  2. If errors are present in the Manage Detained Queue, see Resolve Failed IDS Updates.

  3. If single point provisioning is enabled to the MiVoice Businesss, log into the MiVoice Business System Administration Tool and check the User and Device Configuration forms. Ensure that the required users and phone services have been created in the MiVoice Business database. If single point provisioning is not enabled or supported for the communications platform, manually update its database with the users and phones services. Use the list of detained updates to identify the required updates.