The IDS feature synchronizes the database entries in a corporate directory server with the MiCollab system database. If single point provisioning is enabled on MiCollab, the entries are updated on the MiVoice Business platform. The following guidelines and limitations apply:
IDS integration is supported for Active Directory 2008, 2008 R2, 2012 and 2012R2, MiVoice 5000 directory service, MiVoice 5000 Manager directory service, and Generic LDAP servers. IDS connection to the MiVoice Office 400 LDAP server is not supported.
Note: Generic LDAP support is at protocol level only.
Authentication of MiCollab-IDS users is limited to Active Directory 2008, 2008 R2, 2012 and 2012R2.
MiCollab IDS supports Secure Socket Layer (SSL).
Do not enable IDS on MiCollab and enable IDS separately for the NuPoint UM SAA, MiCollab Client, or MiCollab Audio, Web and Video Conferencing applications. These configurations are not supported. IDS must not be running separately on the NuPoint UM SAA, MiCollab Client, or MiCollab Audio, Web and Video Conferencing applications. In this scenario, MiCollab create and update user operations will fail if the updates were previously processed through the application.
In order for MiCollab to obtain data from the directory server, you must set up a MiCollab synchronization account (username and password) on the directory server domain with Read access.
From a single MiCollab you can only create one IDS connection per directory service domain. Multiple connections from one MiCollab to different directory service domains are supported, however multiple connections from one MiCollab system to the same directory service domain are not supported. More than one MiCollab system can connect to the same directory service domain.
Changes made to entries on the directory server are copied to the MiCollab system database. However, changes made in the MiCollab system database are not updated on the directory server.
Synchronization operations only query the directory server database for changes that have occurred since the last successful synchronization. A full synchronization of all directory server entries with the MiCollab database only occurs on the initial synchronization or if you check the Re-initialize on next cycle box in the Manage IDS connections page. Typically this option should only be used to recover the MiCollab database from the directory server. It will most likely result in a large number of detained user updates.
Ensure telephony fields on the directory server and MiCollab database remain in sync, Data mismatches that occur between telephony fields are not sent to the Managed Detained Queue because they cannot be reconciled from MiCollab. The following telephony fields are ignored during a synchronization update: Home Element, DID Directory Number; Primary Phone Directory Number and Secondary Phone Directory Number:
Non-IDS-manageable user service data is applied to a MiCollab entry from a template that is linked to the Role field. A template is applied whenever a new user and device record is added, and whenever new phone service information is added to an existing record. A template is not applied when an existing record that already contains user and phone service information is modified.
When you create an entry on the directory service, the role and the associated template data is applied to the entry that is added to MiCollab. If you modify a user role on the directory server, it has no effect on the entry in MiCollab. If you modify an entry on the directory server, the directory update is automatically sent to the detained queue in the Bulk Operating Tool of the USP application
When you create an entry on the directory service, you must assign a role. Roles are only applied to create operations. If you create an entry without a role, it will be sent to the detained queue.
The roles specified on MiCollab must match the "employeeTypes" entries on the directory server exactly (case sensitive). IDS cannot reconcile roles if they are different on both the MiCollab and the directory server. If they are different, the entry is sent to the detained queue. Note that the "employeeTypes" is the default directory service attribute mapped to Role. You can customize the attribute mappings (see Manage IDS Attribute Mappings).
You can configure Active Directory Authentication to allow MiCollab-IDS users to use their directory server credentials (domain login and password) to log into their MiCollab end-user interfaces. In order to support authentication with MiCollab IDS, a Certificate Authority (CA) must be installed on the directory server. If you do not configure Authentication, users on MiCollab are assigned new passwords based upon the assigned role and associated user template.
When Authentication is enabled, user passwords are maintained on the directory server only. The user password is not stored in the MiCollab database. Therefore, there is no requirement to synchronize user passwords.
When you add entries form the directory server, any errors that occur on the MiCollab system are not identified in the directory server interface. Errors only appear in the manage detained queue on MiCollab.
Any non-Mitel PBX phone created in the Users and Services application is distributed to MiCollab Client.
IDS is only supported on MiCollab Release 5.0 and later with MiVoice Business Release 5.0 SP1 or later.
If multiple MiCollab systems are supporting the same MiVoice Business, Flow Through Provisioning must be enabled on only one of the MiCollab systems.
MiCollab users can be configured with multiple phones and each phone extension consumes a device (Multi-Device User Group device) on the MiVoice Business system. On a 2500 or 5000-user MiCollab system, it is possible to exceed the device limits of the MiVoice Business system(s). To minimize the possibility of over provisioning, do not assign users with unnecessary phones. Also, during initial provisioning of a 2500 or 5000-user MiCollab system, create roles and templates that assign the actual phone requirements for the users. For example, if you have UCC Premium users who only require two phones, create and apply a "UCC Premium - 2 phone" role and template. If you use the default UCC roles and templates, the maximum number of phones are applied, increasing the risk of over provisioning.
IDS must not be running separately on any of the MiVoice Business platform(s) that are managed by MiCollab.
Basic voice mail features are supported for the NuPoint Messenger application. Speech Auto Attendant is not supported. Refer to the MiCollab Installation and Maintenance Guide for a complete list of unsupported features.
MiVoice 5000 6.1 SP2 or higher is required to support integration with MiCollab Release 7.0 or higher.
MiVoice MX-ONE 6.0 SP2 or higher is required to support integration with MiCollab Release 7.0 or higher.
For MiVoice 5000 and MiVoice MX-ONE integrations, the IDS connection is only used to synchronize external and internal contacts (not users). If the IDS connection is via an Active Directory server, user authentication is also supported.
You perform user adds, edits, and deletes from the MiVoice 5000 or MiVoice MX-ONE administration interfaces (not from the Users and Services application). The updates can be applied automatically to the MiCollab database on a periodic cycle (scheduled synchronizations) or applied manually if you initiate an immediate synchronization.
In order to synchronize contacts from Active Directory, create an IDS connection that specifies a query for Active Directory records of type objectClass=contact. In addition, any Active Directory record that has the MiCollab Role of "Contact" is also added to the MiCollab server as a contact record.
For MiVoice 5000 integrations, a single IDS connection to an Active Directory server can provide both authentication and contact synchronization. In this case the "Authentication only" box in the "Add connection to directory server" page is not checked.
Users with MiCollab services: These are users who are assigned MiCollab services. They are provisioned from the MiVoice 5000 or MiVoice MX-ONE management interfaces. They have presence monitoring and the functionality provided by MiCollab Client. Typically, a UCC Entry, Standard, or Premium role would is applied during user creation. For this user class, external numbers are not sent to MiCollab Client. End users can provision the them in their MiCollab Mobile or Desktop Client.
Corporate contacts with monitoring: Some users may require presence monitoring but not availability or any additional MiCollab services. These users are also provisioned from the MiVoice 5000 or MiVoice MX-ONE management interfaces. Typically these users are created using UCC Basic. For this user class, external numbers are not sent to MiCollab Client. End users can provision the them in their MiCollab Mobile or Desktop Client.
Corporate contacts without monitoring: MiVoice Business 5000 and MiVoice Business MX-ONE communications platforms manage more users than a single MiCollab server. To support the click-to-call feature to these non-MiCollab users are added to the MiCollab Client directory as corporate contacts without monitoring. External numbers are sent to MiCollab Client for this user class.
Non-corporate contacts: External contacts are provisioned in MiCollab via a directory services synchronization initiated from MiCollab IDS to either the MiVoice 5000 Manager, MX-ONE Manager Platform, or Active Directory. This synchronization polls the directory and creates, updates, or deletes contacts as needed in MiCollab Client Service. The external numbers for non-corporate contacts are sent from the directory sever to the MiCollab Client Corporate Directory.