All the applications included in the UC Suite share the same users list. This list can be edited manually through the web interface, adding users one by one, or automatically, importing the user list from a CSV file. If you have a large number of users, you might want to keep the user list in sync with an external directory.
The Synchronization Service lets you import users from an external source such as Active Directory, a database or the PBX. Once synchronization is enabled, the service will align the list of users once a day. When a new user is added to the external source it is inserted into the UC Suite users list. When the properties of a user are updated, the changes are written to UC Suite user data. Data transfer is optimized and only the differences are written to the database.
You could also use the synchronization service to import users once, then disable it and adjust the list manually.
The user synchronization service can perform three types of operation:
An UC Suite User list is considered to be the same as an Active Directory User when the "Active directory username" field combined with the "Domain" field value matches the Active directory account. E.g.
By default users which are deleted from the external source are automatically removed from the UC Suite. This is the main difference between importing users from CSV and synchronization. CSV import does not remove users, while the synchronization does.
If you want to create additional local users which will not be deleted when the sync operation is performed, make sure that the fields used as synchronization key (Active directory username and Domain) are blank.
You can access user synchronization through the web interface by selecting "User Management", then clicking the link "Synchronize users with an external data source" on the top of the page.
On the Welcome screen press the "Begin" button. This will enable the service.
To properly configure user synchronization, you have to:
Click the "Configure Data Source" link and select the type of external directory from which you want to import users. These may vary depending on your telephony system. Active Directory is available for all platforms.
Enter a name for the source, e.g. MyCompanyDC, and press the "Add new source" button. The name must be unique, al least three characters long, and must contain no blanks.
Fill the form fields with these values:
Note: If you leave the "LDAP object path" field blank, the "Users" branch will be queried.
Press "Add" and "Back". When the new source has been added, enable it through the checkbox. Once enabled, the service will test the connection parameters.
As of March 2020, Microsoft is updating security requirements for LDAP connections to Active Directory. After this update, Secure LDAP (LDAPS) will become mandatory for all LDAP connections to Active Directory. LDAP connections to Active Directory will not work unless Secure LDAP is configured.
Starting from Spring 2020 release and above, Imagicle follows above Microsoft statement and, for new IAS installations, Secure LDAP using SSL on port 636 is automatically enabled for both authentication and users' synchronization.
If you are upgrading an existing IAS to Spring 2020 or above, the connection is automatically migrated to Secure LDAP and a test is performed to verify AD server reachability. If reachability is granted, then it means Microsoft statement has been respected. If AD can't be reached, then we just leave the connection as it is.
It is also possible to change manually the LDAP authentication settings:
<?xml version="1.0" encoding="utf-8"?> <configuration> ... <preference key="Authentication.UseSecureLDAPConnection" value="SecureThenUnsecure" /> <!-- OR --> <preference key="Authentication.UseSecureLDAPConnection" value="SecureOnly
" /> <!-- OR --> <preference key="Authentication.UseSecureLDAPConnection" value="UnSecureOnly
" /> ... </configuration>
The external directory will not contain all the information needed to fill the Users profile properties. You have to provide the missing values through the web interface.
On the top of this page, select the type of source you want to configure the rules for (Active Directory).
For each field you have the various choices including the following.
Other options may involve specifying a prefix to be added to another field value. For instance the First extension number may be imported from the Telephone Number or IP Phone or Skype for Business SIP URI Active Directory fields.
Warning: not all the choices may be available for all the fields. E.g. there is no point in assigning the same default value to a user's personal address.
The Apply button saves the changes. The Reload button undoes the changes. The Default button resets to the default values.
Press "Next" or "Back" to continue.
This table list the Active Directory user attributes and shows the UC Suite fields they are mapped to.
General Tab |
||||
Active Directory Display Name | LDAP Attribute Name | UC Suite Label | UCSuite Database name | Example Value |
First Name | givenName | First Name | user_nome | John |
Initials | initials | - | - | JS |
Last Name | sn | Last Name | user_cognome | Smith |
Display Name | displayName | - | - | "John, Smith" |
Description | description | - | - | Sales Manager |
Office | physicalDeliveryOfficeName | - | user_office_location | London Office |
Telephone Number | telephoneNumber | First Extension Number* | user_telnum, user_amnum | 0123 456 789 |
Telephone Number (Other) | otherTelephone | - | - | 0123 4457 89 |
Email, "Voicemail Address", "Fax to Email Address", "Single Sign-on Id" | user_mail, user_voicemailaddr, user_pref_fax_mailinaddr, ssoid | JSmith@domain.com | ||
Web Page | wWWHomePage | - | - | www.johnsmith.com |
Web Page (Other) | url | - | - | www.John.net,www.John.org |
Password | password | - | - | JohnsPass321 |
Destination OU | destinationOU | - | - | OU=Sales,DC=Domain,DC=Com |
Common Name | CN | - | - | John Smith or %lastname% %firstname% |
Modify User if already exists | Modify | - | - | True or False |
Delete User | Delete | - | - | True or False |
Address Tab |
||||
Active Directory Display Name | LDAP Attribute Name | UCSuite Label | UCSuite Database name | Example Value |
Street | streetAddress | User address | user_address | 10 Downing St;London (Use a semi-colon for carriage return) |
PO Box | postOfficeBox | - | - | Po Box 1 |
City | l (Lowercase L) | - | - | London |
State/Province | st | - | - | New York |
Zip/Postal Code | postalCode | - | - | 20013 |
Country | c | - | - | GB |
Account Tab |
||||
Active Directory Display Name | LDAP Attribute Name | UCSuite Label | UCSuite Database name | Example Value |
User Logon Name | userPrincipalName | Active Directory username, Domain, Single Sign-on Id*** | userPrincipalName, user_ad (without domain), user_domain (without the username), user_authname, ssoid | JSmith@domain.com |
User Logon Name (Pre W2K) | sAMAccountName | PBX username | user_ccmname | JSmith |
User Logon Name | sAMAccountName | Screen recording agent username | user_ScreenRecordingUserId | JSmith |
User Logon Name | Mail, userPrincipalName,Uid | Conversational AI username | user_ConvAiUserId | JSmith@domain.com |
Telephones Tab |
||||
Active Directory Display Name | LDAP Attribute Name | UCSuite Label | UCSuite Database name | Example Value |
Home | homePhone | Home phone | user_telcasa | 123 123 123 |
Home (Other) | otherHomePhone | - | - | 0123 123 123 |
Pager | pager | - | - | 1234 |
Pager (Other) | otherPager | - | - | 123 |
Mobile | mobile | Mobile business number | user_mobileBusinessNumber | 123 456 789 |
Mobile (Other) | otherMobile | - | - | 123 456 789 |
Fax | facsimileTelephoneNumber | Fax number | user_faxNumber | 123 456 789 |
Fax (Other) | otherFacsimile TelephoneNumber |
- | - | 0123 456 789 |
IP Phone | ipPhone | First Extension Number* | user_telnum, user_amnum | 750 |
IP Phone (Other) | otherIpPhone | - | - | 330750 |
Notes | info | - | - | General information (Use a semi-colon for carriage return) |
User Logon Name | userPrincipalName | Cdr User ID | CdrUserId | JSmith |
Organization Tab |
||||
Active Directory Display Name | LDAP Attribute Name | UCSuite Label | UCSuite Database name | Example Value |
Title | title | - | - | Manager |
Department | department | Department | user_department | Sales |
Company | company | - | - | Big Corp |
Manager | manager | - | - | CN=Ste Jobs,OU=Managers,DC=Domain,DC=Com |
Employee ID | employeeID | - | - | |
Employee Type | employeeType | - | - | |
Employee Number | employeeNumber | - | - | |
Car License | carLicense | - | - | |
Division | division | - | - | |
Middle Name | middleName | - | - | |
Room Number | roomNumber | - | - | |
Assistant | assistant | - | - | CN=Joe Blog,OU=Managers,DC=Domain,DC=Com |
User permissions | Multiple custom attributes | - | Permission levels are saved in SQL DB | from level (1) up to level (10) |
User's Picture | jpegPhoto / thumbnailPhoto | - | Pictures are saved in SQL DB | JPEG pictures supported. Max 200KB size |
Recording Group name |
|
Recording Group name | - | Sales |
* Either telephoneNumber or ipPhone attributes can be imported based on synch rules configuration
*** Single Sign-On feature, based on SAML or OpenID Connect protocols, is supported from Imagicle 2022.Winter.1 release.
You can import user permissions from different string-type custom attributes by application, to be manually added in your AD server. Please find below the custom attributes list, with possible priviledge values:
Att Name | Description | Priv name |
privMai | Users management default users' permission | Default |
privMai | No access to users management | BasicUser |
privMai | Access to department users list | DepartmentUsersSupervisor |
privMai | Access to department users management | DepartmentUsersManager |
privMai | Complete users management | CompleteUsersManagement |
privMai | System admin | Administrator |
Att Name | Description | Priv name |
privBib | Call Analytics default users' permission | Default |
privBib | No access to Call Analytics data | NoAccess |
privBib | Call Analytics access to own data only | BasicUser |
privBib | Call Analytics access to whole own dept. data | DepartmentSupervisor |
privBib | Call Analytics access to whole own Cost Center data | CostCenterSupervisor |
privBib | Call Analytics access to whole own Office Location data | OfficeLocationSupervisor |
privBib | Call Analytics access to whole Call Accounting data | GlobalSupervisor |
privBib | Call Analytics Administrator | Administrator |
Att Name | Description | Priv name |
privBdg | Budget Control default users' permission | Default |
privBdg | No access to Budget Control data | NoAccess |
privBdg | Budget Control access to own budget data | BasicUser |
privBdg | Budget Control access to whole own dept. budgets | DepartmentManager |
privBdg | Budget Control access to whole own Cost Center budgets | CostCenterManager |
privBdg | Budget Control Administrator | Administrator |
Att Name | Description | Priv name |
privSlo | Phone Lock default users' permission | Default |
privSlo | No access to Phone Lock line | NoAccess |
privSlo | Phone Lock access to own phone line | BasicUser |
privSlo | Phone Lock access to all phone lines associated to own dept. | DepartmentManager |
privSlo | Phone Lock Administrator | Administrator |
Att Name | Description | Priv name |
privSfx | Digital Fax default users' permission | Default |
privSfx | No access to Digital Fax documents | NoAccess |
privSfx | Digital Fax access to own fax documents | BasicUser |
privSfx | Digital Fax access to all fax documents associated to own dept. | DepartmentManager |
privSfx | Digital Fax Administrator | Administrator |
Att Name | Description | Description |
privSpd | Contact Manager default users' permission | Default |
privSpd | No access to Contact Manager directories | NoAccess |
privSpd | Contact Manager access to own directories | BasicUser |
privSpd | Contact Manager access to all directories associated to own dept. | DepartmentManager |
privSpd | Contact Manager access to all directories | DirectoryManager |
privSpd | Contact Manager Administrator | Administrator |
Att Name | Description | Priv name |
privIvr | Auto Attendant default users' permission | Default |
privIvr | No access to Auto Attendant services | NoAccess |
privIvr | Access to Auto Attendant services, only if assigned as AutoAtt Manager | BasicUser |
privIvr | Auto Attendant Administrator | Administrator |
Att Name | Description | Priv name |
privQme | Advanced Queuing default users' permission | Default |
privQme | No access to Advanced Queuing queues | NoAccess |
privQme | Access to Advanced Queuing queues, only if assigned as queue Supervisor or Advanced supervisor | BasicUser |
privQme | Access to Advanced Queuing queues as Supervisor | Supervisor |
privQme | Access to Advanced Queuing queues as Advanced Supervisor | AdvancedSupervisor |
privQme | Advanced Queuing Administrator | Administrator |
Att Name | Description | Priv name |
privIvy | IVR Manager default users' access | Default |
privIvy | No access to IVR Manager scripts | NoAccess |
privIvy | IVR Manager Administrator | Administrator |
Att Name | Description | Priv name |
privRec | Call Recording default users' permission | Default |
privRec | No access to Call Recording data | NoAccess |
privRec | Call Recording access to own data only | BasicUser |
privRec | Call Analytics access to whole own recording group data | GroupSupervisor |
privRec | Call Recording Administrator | Administrator |
Att Name | Description | Priv name |
privHtl | Hotel Services default users' access | Default |
privHtl | No access to Hotel Services panel and configurations | NoAccess |
privHtl | Hotel Services Administrator | Administrator |
Att Name | Description | Priv name |
privCx | Conversational AI default permission | Default |
privCx | No access to Conversational AI | NoAccess |
privCx | System admin | Administrator |
This field is by default left empty, If required, you can synch this user's field from the following attributes:
Starting from Imagicle UC Suite Summer 2021, we can import Site Name from Active Directory or LDAP, to enable overlapping dial plan across multiple gateways or PBXs.
Depending on the users repository source, the Site Name can be synchronized from one of the following attributes (selectable in the synch rules page):
Starting from Imagicle UC Suite Winter 2020, users' pictures can be synchronized with Active Directory LDAP, to enable two UC Suite features:
Depending on the users repository source, the picture can be synchronized from one of the following attributes (selectable in the synch rules page):
The default maximum picture size is 200 KB, bigger pictures will be discarded. If you need to adjust such size threshold, please contact Imagicle Support.
Pictures are saved in the Imagicle database.
The Synchronization service is able to send alarms and warnings should a problem occur during or after synchronization. A brief report is included. The options are pretty self-explanatory. The global SMTP settings are used.
Once the configuration is complete, you can test it live by pressing the "Run now" button.
Warning: the synchronization process can take a long time if you have a large number of users, depending on the data source type.
To setup the daily schedule, use the "Enable Auto mode" checkbox. Set the hour of the day when you want the service to run, and press save the changes. A countdown will tell you the time left to the beginning of the process.
Every time the synchronization process is completed, a text report is generated. You can download the report through the web interface. Reports older than 15 days will be automatically removed.
If the synchronization operation is successful, the report contains only statistics. If a user is skipped, details are included so you can edit the user in the data source and try again.
Should an unexpected error be raised, debug information is included in the report. In this case, please send the file to Imagicle Support.