Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2)

Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) July 2011 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE.ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTEDWITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OFANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKETTHAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THESOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED "AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES,INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at http://www.cisco.com/go/trademarks.Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Copyright 2011 Cisco Systems, Inc. All rights reserved. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) ii Contents Preface ...........................................................................................................................v Purpose ........................................................................................................................................ v Audience ...................................................................................................................................... v Organization ................................................................................................................................. v Related Documentation ............................................................................................................... vi Product Naming Conventions .................................................................................................... vii Conventions ............................................................................................................................... vii Obtaining Documentation and Submitting a Service Request .................................................... ix Documentation Feedback ........................................................................................................... ix 1. Unified Contact Center Management Portal ............................................................ 1 Partitioning Considerations ......................................................................................................... 1 Inheritance and Policy Roots ...................................................................................................... 2 2. Setting up Security Roles .........................................................................................3 How to Create Roles ................................................................................................................... 3 How to Create a Non-Global Role .......................................................................................... 3 How to create a Global Roles ................................................................................................. 4 3. Setting Default Security Groups .............................................................................. 5 Default Security Groups .............................................................................................................. 5 Setting up Default Security Group .......................................................................................... 5 4. Folder Structure ........................................................................................................7 Creating a Folder Tree ................................................................................................................ 7 How to Create Folders ............................................................................................................ 7 Removing Default Folder Permissions ........................................................................................ 7 How to Remove Permissions from the Shared Folder ........................................................... 7 5. Configuring Security Groups ...................................................................................9 Global Permissions Groups ........................................................................................................ 9 How to Create Groups ............................................................................................................ 9 How to Assign Global Permissions to a Group ....................................................................... 9 Folder Permissions Groups ....................................................................................................... 10 How to Add Non-Global Permissions to a Group ................................................................. 10 How to Add a Group to a Group ........................................................................................... 11 6. Creating Users ......................................................................................................... 13 How to Create a User ................................................................................................................ 13 How to Add a User to a Group .............................................................................................. 14 7. Creating New Folders.............................................................................................. 15 Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) iii Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) iv Preface Purpose This document explains how to set up and maintain security for the Unified Contact Center Management Portal (Unified CCMP). It should be read in conjunction with the security section of the User Manual for Cisco Unified Contact Center Management Portal, which describes the entities and operations involved in greater detail. Audience This document is intended to be used by administrators responsible for the commissioning and ongoing maintenance of the Unified Contact Center Management Portal. All users responsible for managing security should have access both to this document and to any records of the exact system setup chosen. Organization The following table describes the information contained in each chapter of this guide. Chapter Description Chapter 1, “Unified Contact Center Management Portal” Discusses the nature of partitioning, and describes issues that must be considered when planning the security setup Intended Audience: all audiences Chapter 2, “Setting up Security Roles” Intended Audience: System Administrators Chapter 3, “Setting up Default Security Groups ” Intended Audience: System Administrators Chapter 4, “Folder Structure” Intended Audience: System Administrators Chapter 5, “Configuring Security Groups” Intended Audience: System Administrators Chapter 6, “Creating Users” Intended Audience: System Administrators Explains how to determine which roles, or sets of permissions, will be required within your system, and how to create them Describes how to configure security in order for the system to automatically set up necessary permissions when certain folders are created Describes how to set up the folder structure on which security will be defined, including how security permissions are inherited and how this inheritance can be removed from specific folders Explains how to assign permissions to users via user groups, and how to set up groups and their memberships to allow users to navigate to and work within the appropriate folders Describes how to create users and assign them to the appropriate security groups Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) v Chapter Description Chapter 7, “Creating New Folders” Summarizes the steps needed to extend the security infrastructure to newly added folders Intended Audience: System Administrators Related Documentation Documentation for Cisco Unified ICM/Contact Center Enterprise & Hosted, as well as related documentation, is accessible from Cisco.com at: http://www.cisco.com/cisco/web/psa/default.html. • Related documentation includes the documentation sets for Cisco CTI Object Server (CTIOS), Cisco Agent Desktop (CAD), Cisco Agent Desktop - Browser Edition (CAD-BE), Cisco Unified Contact Center Management Portal, Cisco Unified Customer Voice Portal (CVP),Cisco Unified IP IVR, Cisco Unified Intelligence Center, and Cisco Support Tools. • For documentation for these Cisco Unified Contact Center Products, go to http://www.cisco.com/cisco/web/psa/default.html, click Voice and Unified Communications, then click Customer Contact, then click Cisco Unified Contact Center Products or Cisco Unified Voice Self-Service Products, then click the product/option you are interested in. • For troubleshooting tips for these Cisco Unified Contact Center Products, go to http://docwiki.cisco.com/wiki/Category:Troubleshooting, then click the product/option you are interested in. • Documentation for Cisco Unified Communications Manager is accessible from: http://www.cisco.com/cisco/web/psa/default.html. • Technical Support documentation and tools are accessible from: http://www.cisco.com/en/US/support/index.html. • The Product Alert tool is accessible from (login required): http://www.cisco.com/cgi-bin/Support/FieldNoticeTool/field-notice. • For information on the Cisco software support methodology, refer to Software Release and Support Methodology: ICM/IPCC available at (login required): http://www.cisco.com/en/US/partner/products/sw/custcosw/ps1844/prod_bulletin s_list.html. • For a detailed list of language localizations, refer to the Cisco Unified ICM/Contact Center Product and System Localization Matrix available at the bottom of the following page: Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) vi http://www.cisco.com/en/US/products/sw/custcosw/ps1001/prod_technical_refer ence_list.html. Product Naming Conventions In this release, the product names defined in the table below have changed. The New Name (long version) is reserved for the first instance of that product name and in all headings. The New Name (short version) is used for subsequent instances of the product name. Note: This document uses the naming conventions provided in each GUI, which means that in some cases the old product name is in use. Old Product Name New Name (long version) New Name (short version) Cisco IPCC Enterprise Edition Cisco Unified Contact Center Enterprise Unified CCE Cisco System IPCC Enterprise Edition Cisco Unified System Contact Center Enterprise Unified SCCE Note: Cisco Unified System Contact Center Enterprise (Unified SCCE) is supported in 8.5(2); however, there is not a separate 8.5(2) version. If you request features that are in 8.5(2), you must migrate to the Unified ICM/CCE/CCH software. Full migration information is documented in the Upgrade Guide for Cisco Unified ICM/Contact Center Enterprise &Hosted. Cisco IPCC Hosted Edition Cisco Unified Contact Center Hosted Cisco Intelligent Contact Management (ICM) Enterprise Edition Cisco Unified Intelligent Contact Management (ICM) Enterprise Cisco Intelligent Contact Management (ICM) Hosted Edition Cisco Unified Intelligent Contact Management (ICM) Hosted Cisco CallManager/Cisco Unified CallManager Cisco Unified Communications Manager Unified CCH Unified ICM Unified CM Conventions This manual uses the following conventions: Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) vii Convention Description boldface font Boldface font is used to indicate commands, such as entries, keys, buttons, folders and submenu names. For example: italic font • Chose Edit > Find. • Click Finish Italic font is used to indicate the following: • To introduce a new term; for example: A skill group is a collection of agents who share similar skills. • For emphasis; for example: Do not use the numerical naming convention. • A syntax value that the user must replace; for example: IF (condition, true-value, false-value) • window font < > A book title; for example: Refer to the Cisco CRS Installation Guide Window font, such as Courier, is used for the following: • Text as it appears in code or that the window displays: for example: <html><title>Cisco Systems, Inc. </title></html> • Navigational text when selecting menu options; for example ICM Configuration Manager > Tools > Explorer Tools > Agent Explorer Angle brackets are used to indicate the following: • For arguments where the context does not allow italic, such as ASCII output • A character string that the user enters, but does not appear on the window such as a password Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) viii Obtaining Documentation and Submitting a Service Request For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0. Documentation Feedback You can provide comments about this document by sending email to the following address: mailto:ccbu_docfeedback@cisco.com We appreciate your comments. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) ix Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) x 1. Unified Contact Center Management Portal All resources within Unified Contact Center Management Portal (Unified CCMP) are stored in individual folders in a hierarchical folder structure. This forms a virtualized organizational structure unrelated to the configuration of the Unified CCMP platform. Unified CCMP allows individual users or groups of users to be restricted to performing actions within their own areas of responsibility, without being able to see that other areas exist. • Users on one tenant folder are by default unable to see any details of other tenant folders. Where one Unified ICM is shared between multiple organizations (for example, a company and one or more outsourcers), a similar level of partitioning can be achieved by separating resources into different folder hierarchies and granting permissions on individual folders. In this way, outsourcer users do not have permission to browse resources within the company’s folder hierarchy. • Host administrators must be configured to allow full view of the folder structure seeing resources across multiple tenants. Partitioning Considerations The permissions that users have on a folder determine their ability to see and manipulate that folder and the folders inside it. For example, if a user does not have Browse Folders permissions on a folder they cannot see that folder. Note Granting permissions on a folder automatically grants users the ability to see all the folders above it in the tree, or they would be unable to navigate to that folder. This does not grant the user permission to see or manipulate the resources within those folders. In general, the Portal provides two different kinds of permissions: • Browse permissions allow a user to see the items of the specified type. For example, having Browse Dimensions permissions on a folder allows a user to examine resources in that folder when using the System Manager. • Manage permissions allow a user to move, add, change and delete items of that type within the specified folder. There is no way to separate these permissions; for example, to permit a user to change an item but not delete it. If you want users to be able to manage some resources but not others, you should place these resources in separate folders. In order to modify some items, users need browse permissions on related items. For example, in order to modify Agent and/or Skill Group configuration, a user must be able to see the Peripheral that they belong to. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 1 Inheritance and Policy Roots Each folder in the hierarchy is either a policy root, which can have specific permissions applied to it, or inherits its own permissions from a policy root. For example, a user given Browse Dimensions permissions on the tenant folder (which is a policy root) in the diagram below would automatically receive Browse Dimensions permissions on all the inheriting folders beneath it, as indicated by the blue arrows. If you change an inheriting folder into a policy root, any existing permissions that users have on that folder are copied in. If you change a policy root into an inheriting folder, all the existing permissions that users have on that folder and its inheriting folders are overwritten by the permissions set on its new policy root. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 2 2. Setting up Security Roles Sets of individual permissions (or tasks), such as creating agents or viewing resources, are gathered together into roles. There are two kinds of role that must be used to grant permissions: • Global roles globally ‘switch on’ the ability to perform certain kinds of action within the system, for example the ability to access the Security Manager tool. • Non-global roles specify the tasks that can be performed within specific folders, for example the ability to manage security within a specific tenant folder. To manage security for a folder, a user needs both a global role granting security management permissions and a non-global role granting permission to manage security within a particular folder. Typically, a system is intended to be used primarily by a few categories of user. For example, your users might fall into three categories: • Level 1 users - Supervisors, using the system solely in basic mode, to manage agents, teams and skillgroups. • Level 2 users - Managing agents, teams and skillgroups, and also posting information notices within their areas of responsibility. • Level 3 users - Performing administrative tasks such as managing resources, creating users and adding them to user groups. For each of these levels of user, you must set up a corresponding set of permissions, or roles. You need to create both a non-global role and a global role containing the necessary permissions for each category of user. Note If the permissions you require are supplied by one or more of the system default roles, you can use these instead of creating your own custom roles. How to Create Roles How to Create a Non-Global Role From the Tools page, click Role Manager beneath the Security Manager tool: 1. Click New to display the New Role page. 2. Perform the following: • Name field enter the name of the role as it will appear in the system. • Description field enter any explanatory text, if required. 3. The tasks that can be added to the role are listed beneath the Name column. Explanatory text for each task is displayed beneath the Description column. Select the check boxes of the tasks to be added to the role. 4. Click Save to return to the Roles page, where your new role is now listed. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 3 How to create a Global Roles From the Tools page, click the Global Security Manager link beneath the Security Manager tool: 1. Click New to display the New Role page. 2. Perform the following: • Name field enter the name of the role as it will appear in the system. • Description field enter any explanatory text, if required. 3. The tasks that can be added to the role are listed beneath the Name column. Explanatory text for each task is displayed beneath the Description column. Select the check boxes of the tasks to be added to the role. 4. Click Save to return to the Roles page, where your new role is now listed. Note When creating global roles that allow access to the System Manager, Information Notices or other tools, you also need to include the Advanced User task to allow access to the Tools page. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 4 3. Setting Default Security Groups Although permissions may be assigned to users individually, doing so makes the security system chaotic and difficult to maintain. A security group, also known as a user group, grants permissions to all users who are members of that group. Groups may also be members of other groups, and therefore ‘inherit’ permissions from them. Default Security Groups By default, each time a policy root folder is created, up to three security groups are automatically created within that folder, with permissions on that folder automatically set up. These default groups should be set to provide the permissions that users most commonly require on folders. Setting up Default Security Group Click Settings from the menu at the top right of every page: 1. Select Security Settings. At the bottom of this page is the list of default groups. 2. Check the groups that you want to have automatically created in each policy root. 3. For each group, select a folder role, either an existing role or a custom role created earlier, that that group should have on the policy. 4. Click Save. Note It is not currently possible to change the global roles associated with the default groups. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 5 Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 6 4. Folder Structure Permissions in Unified CCMP are folder based, and therefore a basic folder structure for the system must be in place before security can be set up. You can add folders to the system later, but it is easier to set up access to these correctly if the basic folder and security structure is already in place. You must read through this entire document before planning your folder structure. Creating a Folder Tree Typically, users and resources are kept in separate branches, but it is not necessary to use this model. For example, you may find it convenient to store supervisor users in the same folder as their agent teams. Note For ease of maintenance, do not create more than eight hierarchical layers of folders beneath the tenant root. How to Create Folders From the Tools page, click Create a Folder beneath the System Manager tool: Caution It is not possible to edit a folder’s name or description once it has been created, so you must be careful when choosing and entering the folder details. 1. In the Name field, enter a name for the new folder. 2. In the Description field, enter any explanatory text for the folder, if required. 3. Uncheck the Inherit Permissions box to create a policy root, or check it to create an inheriting folder. 4. Click Save to save the new folder in the tree. Select the Create Another check box if you wish to create further folders. Note Policy roots must be kept to a minimum to optimize system performance; however, it is possible to designate every folder in the tree as a policy root. Removing Default Folder Permissions By default, every user created is added to the Everyone security group in the Root folder. The Everyone group gives users permission to browse any items in the Shared folder. If you intend a user to have this permission, remove the Everyone group’s permissions on the Shared folder tree. How to Remove Permissions from the Shared Folder From the Tools page, click the View Groups link beneath the Security Manager tool: 1. Select the root folder to display the groups contained in that folder. 2. Select the check box of the Everyone group and click Assign Permissions. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 7 3. Select the Shared folder in the tree. The roles (sets of permissions) which you can grant the group on this folder are displayed. 4. Ensure all check boxes are unchecked and click OK. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 8 5. Configuring Security Groups Global Permissions Groups In the tenant root folder, create a number of user groups corresponding to the different classes of permission that that tenant will be granting its users and assign them the appropriate global roles. Setting up these global permissions groups allows other users to assign a limited set of global security permissions while keeping the number of users able to edit global security to a minimum. How to Create Groups From the Tools page, click the Group Manager link beneath the Security Manager tool: 1. Select the folder to which you wish to add the new group (in this case, the tenant root). 2. Click New. The Create a new user group page displays. 3. Fill in the following fields: • Name field, enter a name for the new group. • Description field, enter any explanatory text, if required. 4. If you wish to create more than one new group for the selected folder, select the Create Another check box. 5. Click OK to save the new group in the selected folder. How to Assign Global Permissions to a Group From the Tools page, click the Global Security Manager link beneath the Security Manager tool: 1. Click the global role name to open the Edit Global Role. 2. Select the Members tab. This tab lists the existing Global Role members. 3. Select Add Members. This displays a tree structure with a list of users and groups located in the selected folder. 4. Select users and groups to add/remove them from the global role. 5. Select Close. 6. Select Save to add these users to the global role. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 9 Folder Permissions Groups Each policy root requires a set of groups corresponding to the different categories of user who need to perform tasks within that folder or set of folders. If the default groups do not provide all the permissions your users need, you need to set up further groups in each policy root. Assign each of them the appropriate folder role you created earlier and make each a member of the appropriate global permissions group. In most cases, users with permission to perform a task in a parent folder must be able to perform it in a sub-folder. For example, senior administrators with the ability to manage resources across the tenant need to have permissions on the tenant root and on all policy roots beneath. To achieve this, each group in a policy root should be made a member of the corresponding group in any policy root beneath it in the folder tree. The exception to the rule is any supervisor users group, as supervisors using Basic Mode cannot work with resources in more than one folder. Note When changing a user or group’s permissions in a folder, you can apply those changes to sub-folders using the Change permissions for sub-folders check box. How to Add Non-Global Permissions to a Group From the Tools page, click View Groups beneath the Security Manager tool: 1. Select the folder in the tree that contains the group that is to be granted permissions. The groups associated with the selected folder displays. 2. Select the check box of the required group and click Assign Permissions. 3. Select the folder in the tree that you want to grant permissions on. The roles that you can apply to the selected folder displays. Note If the available roles are dimmed, this means that the folder is currently inheriting permissions from its parent. Click the link provided to make the folder a policy root and assign folder-specific permissions to it. 4. Select the check box of the required role and click Save. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 10 How to Add a Group to a Group From the Tools page, click View Groups beneath the Security Manager tool: 1. Select the parent folder to display the groups associated with that folder. 2. Select the check box of the group to be given membership of another group and click Add to Group. 3. Select the child folder. 4. Select the check box of the corresponding group and click OK. Members of the group in the parent folder are now able to perform the same actions in the child folder. Note Groups may be members of multiple groups. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 11 Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 12 6. Creating Users Unified CCMP treats user accounts similarly to resources. That is, each user account must be contained within a specific folder and users with appropriate permissions on that folder can change the user’s properties (such as the password), or move or delete the account. The folder that contains a particular user account determines only which users have permissions to modify that user account. The home folder specified for each user account determines which folder that user automatically works within when they log in to Unified CCMP. Advanced Users might navigate out of their home folder to work in other folders that they have permissions on, but Basic Users are only able to see, change, and create resources within their home folder. The home folder is entirely independent of the folder that contains the user account. For example, you can create a user in the folder Users/Atlanta but set their home folder to be Resources/Atlanta. Once a user has been created, grant them folder permissions by adding them to the appropriate group within each folder that they should have access to. For example, if you want the above user to have Advanced permissions within their home folder, you would add them to the Advanced Users group for Resources/Atlanta. Note No user other than the host administrator must ever be given any security management permissions on the folder that contains their user account. How to Create a User From the Tools page, click View Users beneath the Security Manager tool: 1. Select the folder in which to create the new user. 2. Click New to display the Create a new user page. 3. Fill in the following fields: • User Name field, enter the name for the new user account. The user will use this name to login to the Portal. • Password field, enter the password for the new user. • Confirm Password field, re-enter the selected password. • First Name and Last Name fields, enter the user's details. • Email field, enter the email address (if any) of the new user. • Description field, optionally enter any explanatory text. • User Home Folder the home folder that the user will start in when they log in. If you leave this blank, it defaults to the folder the user is created in. 4. Select any of the following check boxes that are applicable: • Advanced check box if the user is to be assigned global roles that allow them to access Advanced Mode tools such as the System Manager. Note The number of advanced users must be limited as far as is practical. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 13 • Enabled check box to ensure that the user is live in the system. If unchecked, the system saves the new user account, but the user is unable able to log in. • User must change password at next Logon check box to prompt the new user to change their password after their first login. • Password Never Expires check box to assign the password to the new user indefinitely. • User cannot change password check box to prevent the new user from changing their own password (it can still be changed by administrators). 5. To create more than one new user in the selected folder, select the Create Another check box. 6. Click OK. You may now optionally add the new user to a group using the Add to Group menu option. Note All users created for a tenant are automatically assigned to the Everyone group, so it is important to be sure that the permissions of this group have been set up as desired. How to Add a User to a Group From the Tools page, click the User Manager link beneath the Security Manager tool: 1. Select the folder containing the user to display the users contained in that folder. 2. Click the user to display a page showing the user details. 3. Select the Groups tab. 4. Click Add to Group. A pop-up opens. 5. Navigate through the folder tree on the left to the folder containing the group the user is to be added to. 6. Check the check box of the group or groups. You may select groups from multiple folders. 7. Close and Save. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 14 7. Creating New Folders Once the basic security structure has been set up, any new folder created that is not intended to inherit permissions from its parent must have the standard groups set up within it. This procedure is summarized as follows: 1. Create the new folder. 2. Edit the default groups if necessary. 3. Create any non-default groups required in the folder. 4. Grant each new group the appropriate role on the new folder. 5. Add each new group to the appropriate global security role. 6. Add each folder permissions group in the parent folder to the corresponding group in the new folder. You can then grant permissions on the new folder to users as described previously. Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2) 15

Security Guidelines for Cisco Unified Contact Center Management Portal Release 8.5(2)

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib