Scribd
Upload
10 views79 pages

Module 03

This document outlines a training module focused on System Manager User Administration, detailing objectives such as understanding user roles, creating user groups, and assigning custom roles. It includes lessons on user management, navigating the System Manager interface, and practical exercises for creating users and roles. The module emphasizes the importance of roles and permissions in managing access to resources within the system.

Uploaded by

NEO
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views79 pages

Module 03

This document outlines a training module focused on System Manager User Administration, detailing objectives such as understanding user roles, creating user groups, and assigning custom roles. It includes lessons on user management, navigating the System Manager interface, and practical exercises for creating users and roles. The module emphasizes the importance of roles and permissions in managing access to resources within the system.

Uploaded by

NEO
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Module 03: System Manager User

Administration

Module Duration: 3 hours


© 2012 Avaya, Inc. All rights reserved, Page 1
Module Objectives
After completing this module, you will be able to:
 Understand the relationship between SMGR users, roles &
groups.
 Create groups of different types.
 Create & assign custom roles carrying specific resource
permissions.

Module Duration: 3 Hours


© 2012 Avaya, Inc. All rights reserved. Page 2
Module 3: System Manager User
Administration

Lesson 01: Users, Roles, & Groups

Lesson Duration: 30 minutes


© 2012 Avaya, Inc. All rights reserved, Page 3
Our training Enterprise – Roles, Users, & Groups
Roles  After installation there is just one
Network defined user: admin. (head of IT?)
Convenient way of
Administrator
out-of-box role
combining permissions  In this module’s exercises we will:
– Create users
– Assign ‘out-of-box’ roles
SM Administrator
– System Administrator
Head of IT for Sequenced Apps only – Create and assign custom roles
System
(You)
Administrator Custom role – SM Sequenced Apps admin
out-of-box role User Administrator – User admin for a specific team
for his team only of users
Custom role
– Create a user Group
Users  We will learn about:
– Users, Roles, Groups, Resources,
Permissions, Actions, Attributes

Alice Brown Chip Dunn


Access all
users
Access
all SM features
Access only
Chips group
Access only Sequenced
Apps SM features
Groups (sub-groups)
Convenient way of sub-grouping
Users, operations and/or resources
End End End End
User User User User

User One User Two User Three User Four


All Session Managers Denver SMs group
all users Chip’s group of users
© 2012 Avaya, Inc. All rights reserved, Page 4
Topic 1: Create a User and Assign System Admin Role
Network I will Whilst working on this topic we
Administrator
out-of-box role create will learn…
user  How to log in for the first time
Head of IT
− including the mandatory
(You) System change of password
Administrator
out-of-box role  About navigating the System
Manager interface
Users
 About different types of user
 How to create a user
Alice Brown
 About roles
− What are they?
 How to assign an out-of-box
role to a user

© 2012 Avaya, Inc. All rights reserved, Page 5


Logging in to SMGR – Login & URL
You may access the SMGR interface using…
 SMGR’s IP Address
 A fully qualified domain name (FQDN) that
resolves to SMGR’s IP address
– Assumes that SMGR has been registered with
a domain name service (DNS)
 SMGR’s hostname

All three options will work in the student lab.


Host names are in the form smgr-
labX.training.com

© 2012 Avaya, Inc. All rights reserved, Page 6


Login – Change Password First

admin
admin123

Warning.
You must change password
before logging in for the first
time!

© 2012 Avaya, Inc. All rights reserved, Page 7


Changing Password

admin
admin123
Passw0rd!
Passw0rd!

Password aging policy


Passwords will expire with time. Must be changed at regular intervals

© 2012 Avaya, Inc. All rights reserved, Page 8


After Changing Password Go Back to Log In

admin
admin123
Passw0rd!
Passw0rd!

© 2012 Avaya, Inc. All rights reserved, Page 9


Exercise: Login to SMGR and Change Password
Objective & Outcome
The objective of this exercise is to learn how to log in to SMGR for the first time,
and how to change the default password. By the time you are done, both
students should be logged in to SMGR with the new password.
1. ONLY STUDENT A: Open a browser and enter the SMGR login URL for your
assigned SMGR. Student B to shadow using second VNC session
– http://<SMGR hostname>. Check the student lab guide for your SMGR
hostname
– Eg smgr-labX.training.com
2. Click the ‘Change Password’ link (on the right) and change the admin password
– Original password: admin123
– Change to: Passw0rd!
3. BOTH STUDENT A & STUDENT B: Log into SMGR using the new password

Individual Exercise – both students


The keyboard layout on your remote
desktop may not match your own! Be
careful to ensure you enter the password
correctly – Recommend type in notepad,
then copy & paste?
Student A Student B
© 2012 Avaya, Inc. All rights reserved. Page 10
System Manager Navigation: The SMGR Home Page

● Current log
on info
● Context
sensitive
Network General help
User tasks
element tasks services

Task oriented panels

© 2012 Avaya, Inc. All rights reserved, Page 11


System Manager Navigation – Tabbed Browsing

● Clicking links in Home opens new tab


● Tabs allow you to quickly navigate
back & forth
● State preserved as you navigate
between tabs
● Maximum of 6 tabs, inc Home

© 2012 Avaya, Inc. All rights reserved, Page 12


System Manager Navigation – Contextual Menus

● Each subject Tab has its own


contextual menu

© 2012 Avaya, Inc. All rights reserved, Page 13


System Manager Navigation – Tabs within Tabs

Some screens have tabs within tabs


● Helps with negotiating fields – helpful
when there is a lot of data
● State preserved as you navigate
between tabs

© 2012 Avaya, Inc. All rights reserved, Page 14


Creating a User
I will
create
user

Click User Management from Home page

© 2012 Avaya, Inc. All rights reserved, Page 15


Creating a User (continued)

● To begin with there will be only one user


– the default admin user.
● Click ‘New’ to create a user.

© 2012 Avaya, Inc. All rights reserved, Page 16


Users: Different Types

Users
Head of IT Admin users
(You)

There are different types of users:


● Administrator users
Alice Brown Chip Dunn
- Senior - all powerful
- Junior - focussed
responsibility
● End users
- SIP users
- H.323 users End users (phone users)
- Unistim users
- Google talk users
- Etc, etc
● All users have some essential
required data, but not all data
is needed for all users

© 2012 Avaya, Inc. All rights reserved, Page 17


Users: User Identity – Identity Tab

Who & where.


● Mandatory fields for all user types:
- Last & first name of user
- Login name – must be in format
username@domain
- Initial password for user
- Password for logging in to
SMGR console (not phone)
- will be changed on first login
● Optional fields:
- Localised name
- Language preference
- Time zone
- Etc, etc
● Data in the identity tab does not
determine the type of user.
- User type determined in
Communication Profile and
Membership tabs

© 2012 Avaya, Inc. All rights reserved, Page 18


Users: End User Profiles – Communication Profiles Tab

End User details:


● Communication Password
– For logging in to
communication
devices, such as
phones

© 2012 Avaya, Inc. All rights reserved, Page 19


Users: End User Profiles – Communication Profiles Tab
(continued)

End User details:


● Communication Password
– For logging in to
communication
devices, such as
phones
● Different types of end-user
address
– Avaya E.164
– Avaya SIP
– Google Talk
– Etc, etc
● Can have multiple end-
user addresses

© 2012 Avaya, Inc. All rights reserved, Page 20


Users: End User Profiles – Communication Profiles Tab
(continued)
End User details:
● Communication Password
– For logging in to
communication devices,
such as phones
● Different types of end-user
address
– Avaya E.164
– Avaya SIP
– Google Talk
– Etc, etc
● Can have multiple end-user
addresses
● There are currently 7 types of
communication profile
– Each opens to reveal
specific server & service
settings
– Users can have all, some or
none of these profiles
● Covered in other dedicated
courses
© 2012 Avaya, Inc. All rights reserved, Page 21
Users: Roles & Groups – Membership Tab

Mostly for Administration:


● Roles determine which
SMGR resources a user
can access (typically an
administrator user)
● Groups are for organising
resources (including
users) into subset groups.
Roles
● Need to understand
End User ‘Resources’ and
‘Operations’ in order to
System understand Roles –
Administrator
coming next

Groups

© 2012 Avaya, Inc. All rights reserved, Page 22


SMGR Resources & Operations
What is a resource?
● Anything administered with
SMGR CM Resources
● Some resources will be product ● Dial Patterns
specific.
● Gateways
– SM resources
Resources ● Features
– CM resources
● Policies
● Others will be cross platform
+ more
– User management tools
– System tools
(backup/restore, etc)

SM Resources
● Domains
● Locations
● Adaptations
● SIP Entities
+ more

© 2012 Avaya, Inc. All rights reserved, Page 23


SMGR Resources & Operations (continued)
What is an Operation?
● Anything on a SMGR menu
● Provides access to perform an
action on a resource

Operations

© 2012 Avaya, Inc. All rights reserved, Page 24


Operations are Combined & Made Accessible through Roles
● By default all operations are
locked
● A user needs permission (keys)
to access a resource
● Permissions are combined in
Roles

● Roles are then assigned to


users
System Operations
Administrator

© 2012 Avaya, Inc. All rights reserved, Page 25


SMGR Roles: Out-of-the-Box Roles

The System Administrator role is an out-


of-the-box role.
It has permission (keys) to almost all
SMGR resources, operations and groups
© 2012 Avaya, Inc. All rights reserved, Page 26
SMGR Roles: Custom Roles

We can create custom roles


that provide permissions to
specific resources, operations
and groups.

© 2012 Avaya, Inc. All rights reserved, Page 27


Practical: Creating a User

● Now ready to create a user


I will
create ● Will enter only mandatory data
user in Identity tab
● No need for Communication
Profile or Contact data yet
● Remember: Password set here
will need to be changed on first
log in
– Use ‘Passw0rd!2’
– Will change to ‘Passw0rd!’
● Will assign System
Administrator role through
Membership tab

© 2012 Avaya, Inc. All rights reserved, Page 28


Exercise: Create a System Administrator User
Objective & Outcome
The objective of this exercise is to learn to create a basic user and assign her the
System Administrator role. By the time you are done, both students should have
created a new System Administrator user, and should be able to log in as that
user and see a Home page with all menu items (operations) available.
1. Create new user
– Navigate to: Home > User Management > Manage Users. Click button ‘New’
– Identity tab: Enter mandatory data
Student A - Last Name: Brown1 Student B - Last Name: Brown2
Student A - First Name: Alice Student B - First Name: Alice
Student A - Login: [email protected] Student B - Login: [email protected]
Student A - Password: Passw0rd!2 Student B- Password: Passw0rd!2
2. Assign System Administrator Role to new user
– Navigate to Membership tab. Click ‘Assign Roles’
– From Assign Roles screen: scroll down and select role ‘System Administrator’
– Click ‘Commit’
3. Log in as new System Administrator
– Log off as ‘admin’ Individual Exercise – both students
– before logging on as new System Administrator, first change the
password from ‘Passw0rd!2’ to ‘Passw0rd!’. See previous exercise
for tips
– Log in with new credentials. You should see a full Home page
Student A Student B
© 2012 Avaya, Inc. All rights reserved. Page 29
Topic 2: Create Custom Roles – SM Seq Apps Admin
SM Administrator
Network for Sequenced Apps only
Administrator Custom role
out-of-box role I will:
● Create custom admin role
● Create new user
Head of IT
● Assign new role to user
(You) System
Administrator

Whilst working on this topic we


Users will learn how to…
 Create custom roles
Chip Dunn  Give roles access to
Alice Brown
operations and resources
 Choose which actions are
permissible on each resource
 Assign custom roles to a user

RBAC
Role Based Access Control

© 2012 Avaya, Inc. All rights reserved, Page 30


Creating a Custom Role

1. Choose Role name and


add description.
2. Commit & Continue

The Role Details screen


appears.
3. Click ‘Add Mapping’ – we
will map operations to this
new role

© 2012 Avaya, Inc. All rights reserved, Page 31


Elements and Network Services

Ignore Groups for now.


We will re-visit later

There are many Elements /


Network Services in the list
ready to be mapped to roles
● Each entry in this list is a
Category
● Behind each category are
typically many Elements
and Services
● E.g. – Operations. Inside
the operation category are
850 individual operations
© 2012 Avaya, Inc. All rights reserved, Page 32
Adding Individual Operations to a New Role

SM Administrator
for Sequenced Apps only

Once selected and committed, each


operation will be allocated to the new role.
Selecting an operation can be thought of as
unlocking it for the user.

© 2012 Avaya, Inc. All rights reserved, Page 33


Selected Operations Define Menu Offered to User

The menu that a user will see depends on


which operations are selected and added to
his role.
E.g. The Session Manager > Application
Configuration menu is presented to the user
because these operations have been
selected and added to the user’s role.
© 2012 Avaya, Inc. All rights reserved, Page 34
Operations Category – 850 Elements to Choose From!

850 © 2012 Avaya, Inc. All rights reserved, Page 35


Elements and Network Services

The Elements / Services


Categories are organised in to 4
subsets:
● All Elements by Type
● Individual Element by name
● Network Services
● Individual Resource by name

© 2012 Avaya, Inc. All rights reserved, Page 36


Practical: Creating a Custom Role

After selecting Operation category, select all individual operations that relate to SM Sequenced
Apps.
● Elements
● Elements/SessionManagerEM
● All operations beginning with Elements/SessionManagerEM/ApplicationConfiguration
(there are 14)
● All operations beginning with Elements/SessionManagerEM/SMDashboard (there are 2)
Students will need to scroll across (3 columns) and scroll down to find them all.
© 2012 Avaya, Inc. All rights reserved, Page 37
Practical: Creating a User and Assigning a Role

You will also need to create a


new user – Chip Dunn, and
assign him Membership of the
new role

© 2012 Avaya, Inc. All rights reserved, Page 38


Practical: Creating a Custom Role – Expected Outcomes

By the time you are done you should:


● Be able to log as new administrator
● Have access only to Session Manager
elements (on home page) Note how
other elements are not accessible
● When clicking on Session Manager
link, see only the Dashboard and the
Application Configuration menu
options
© 2012 Avaya, Inc. All rights reserved, Page 39
Exercise: Create & Assign a Custom SM SeqAppAdmin Role
Objective & Outcome
The objective is to learn to use RBAC. Specifically you will create a custom role that will
permit a user to administer Session Manager’s Sequenced Applications. When done, you will
log in as the new user and have access only to the Session Manager Sequenced Applications
operations.

1. Create custom role


– Navigate to: Home > Groups & Roles > Roles. Click button ‘Add’.
– Enter Role Name ‘SmAppSeqAdminA’ or ‘SmAppSeqAdminB’. Click ‘Commit and Continue’
– Click button ‘Add Mapping’. (Leave Group Name unselected).
– Select ‘operation’ from Element list. Click ‘Next’.
– From Permission Mapping screen, select all of the following operations
* Elements Individual Exercise –
* Elements/SessionManagerEM both students can
* the 14 ops that begin with Elements/SessionManagerEM/ApplicationConfiguration work simultaneously
* The 2 ops that begin with Elements/SessionManagerEM/SMDashboard
– Commit
– Scroll down and check the new Role ‘SmAppSeqAdmin’ is showing in the list.

2. Create new user


– Navigate to: Home > User Management > Manage Users. Click button ‘New’
– Identity tab: Enter mandatory data – Chip, Dunn1/2, cdunn1/[email protected], Passw0rd!2 Student A

3. Login as new user and check you have permissions for Session Manager Applications
– Log out as abrown. Change cdunn1/[email protected]’s password from Passw0rd!2 to
Passw0rd!
– Check that Session Manager is the only Element available on the Home Page
– Click ‘Session Manager’ link and test that you only have access to Session Manager Apps Student B

© 2012 Avaya, Inc. All rights reserved. Page 40


Topic 3: Create Custom ‘Group Based’ Role – User Admin
Network
Administrator I will
out-of-box role ● Create some end users
● Add two end users to a group
● Create role for managing only users in
group
Head of IT ● Assign the new role to Chip User Administrator
(You) System for his team only
Custom role
Administrator

Whilst working on this topic we


Users will learn how to…
 Create custom roles that
focus on a particular sub-
Alice Brown group of resources
 Create groups
 Choose which actions are
permissible on each group
 Assign a custom role to a
user

User One User Two User Three User Four

Chip’s group of users


© 2012 Avaya, Inc. All rights reserved, Page 41
SMGR Resources – System Admin has Access to
Everything System
Administrator

All resources of type ‘User’ All resources of type ‘Session Manager’

User One User Two User Three User Four

All resources of type ‘Role’ All resources of type ‘Operation’

© 2012 Avaya, Inc. All rights reserved, Page 42


SMGR Groups – Subsets of Resources
System
Administrator

User Administrator SM Administrator


for his Group only for SM’s in HR group only

All resources of type ‘User’ All resources of type ‘Session Manager’

User One User Two User Three User Four

Chip’s group of users Highlands Ranch SMs group

All resources of type ‘Role’ All resources of type ‘Operation’ group of operations
group of roles

© 2012 Avaya, Inc. All rights reserved, Page 43


SMGR Groups – Can be Combinations of Resources
System
Administrator

All resources of type ‘User’ All resources of type ‘Session Manager’

User One User Two User Three User Four


Group of combined
resource types: Users,
Roles, Operations,
Elements
All resources of type ‘Role’ All resources of type ‘Operation’

© 2012 Avaya, Inc. All rights reserved, Page 44


Being in a Group does not Enable Permissions on Other
Group Resources System
Administrator

I don’t get automatically


assigned the roles that
are in the same group as
me.

All resources of type ‘User’ All resources of type ‘Session Manager’

User One User Two User Three User Four


Group of combined
resource types: Users,
Roles, Operations, I don’t get permission to
Elements access operations just
All resources of type ‘Role’ All resources of type ‘Operation’
because I’m in the
same group.

© 2012 Avaya, Inc. All rights reserved, Page 45


Creating a Group

To create a new group…


● Navigate to Home > Users > Groups & Roles >
Groups
● Click ‘New’
● The New Group screen will be displayed

© 2012 Avaya, Inc. All rights reserved, Page 46


Creating a Group (continued)

● Choose a suitable group name


● Select the type of resource you
want to sub-group
– Note how there are many
resource types to choose from.
● Click ‘Assign resource’ to select the
specific resources to be added to
the group

© 2012 Avaya, Inc. All rights reserved, Page 47


Creating a Group of Different Resource Types

● To create a group that includes


different types of resource, select All
from the drop down list.

© 2012 Avaya, Inc. All rights reserved, Page 48


Adding Resources for a Group: Query or Selection?

There are two ways to select resources


to add to a group:
● Query-based
– Define a rule to automatically
extract resources - uses pattern
matching
● Selection-based
– Manually select from a list

© 2012 Avaya, Inc. All rights reserved, Page 49


Adding Resources for a Group, Using a Query
● To execute a query you must be able to
formulate a pattern that describes which
resources you want in the group.
– E.g. All users who’s userName
(extension) starts with a 4
Type = Users?

Type = Operations?

© 2012 Avaya, Inc. All rights reserved. Page 50


Complex Queries
 Build complex queries using the + button to add multiple conditions
 To see the contents of a query defined group, you’ll need to execute the query
– Helpful to think of a query based group as being a description, rather than a discrete
set of items

© 2012 Avaya, Inc. All rights reserved. Page 51


Adding Resources for a Group, Using Manual Selection
● Selection based is conceptually
much simpler but perhaps more
time consuming
– Manually select from a list

© 2012 Avaya, Inc. All rights reserved. Page 52


Manually Selecting Resources for a Group

● To manually choose
resources, select
Selection based
button
● Manually choose the
resources to be
added to the group
– All* resources
of the selected
type will be
listed
● Click ‘Add to Group’
* When choosing type
All, not all resources will
be listed. See next slide.
© 2012 Avaya, Inc. All rights reserved, Page 53
Manually Selecting Resources for a Group – All types?
● Having chosen a Group of type
ALL…
…the resources list will not
show all of the resources – there
are too many!
● Click ‘Advanced Search’ then
select the resource type you
wish to see listed
● Manually select the desired
resources
● Repeat to add resources of
other types

© 2012 Avaya, Inc. All rights reserved. Page 54


Finishing the Group
● Once all resources have
been selected…
… and the ‘Add to group’
button has been clicked…
● The resources will be
combined into the group and
the group will be listed in the
View group screen

© 2012 Avaya, Inc. All rights reserved, Page 55


Finishing the Group (continued)
● Clicking ‘Done’…
… takes you back to the
Group Management page,
where the new group will be
listed

© 2012 Avaya, Inc. All rights reserved, Page 56


Adding Users to a Group: Two Methods
 Users may also be subsequently added to a group through the User Profile editor.

Add several users to group at once Add user individually


(User Management screen) (Edit user profile)

© 2012 Avaya, Inc. All rights reserved. Page 57


Practical: Create a Group of Users
Network
Administrator
out-of-box role I need to
● Create 4 users
● Add two of them to a
Head of IT group
(You) System
Administrator

Users

Alice Brown Chip Dun

User One User Two User Three User Four

Chip’s group of users

© 2012 Avaya, Inc. All rights reserved. Page 58


Exercise: Create a Group of Users
Objective & Outcome
The objective is to learn how to use groups to specify fine grained RBAC
permissions. In this exercise, you will create a group of users and add them to a
group. (In the next exercise, you will use the group in defining a custom role.)
When done, you will see the list of groups, including the new group with its two
users.
1. Create 4 new users that can be added to a group. (Log back in as System Admin –
abrown)
– Navigate to: Home > User Management > Manage Users. Click button ‘New’
– Identity tab: Enter only the mandatory data – choose your own names, etc.
Repeat 4 times. Individual Exercise –
both students can
2. Create Group of users for Chip’s team work simultaneously
– Navigate to: Home > Groups & Roles. Click ‘Groups’ in the menu. Click button
‘New’
– In the New Group screen enter the Name ‘ChipDunnsTeam’. Set Group
Membership radio button to ‘Selection based’. Click button ‘Assign Resources’.
The Resources screen now lists all resources of type User.
Student A
– Select 2 of the new users. Click ‘Add to group’. From New Group screen click
‘Commit’.
3. Check the Group of users
– Check that the new group appears in the list of groups
– Edit the group to check that it contains only two users – the same two you
added a moment ago Student B

© 2012 Avaya, Inc. All rights reserved, Page 59


Create a Role with Permissions Only for Resources in a
Group Network
Administrator Now that group is created…
out-of-box role I must
● Create role for managing
only users in the group User Administrator
● Begins with same steps for his team only
Custom role
Head of IT as before
(You) System ● Assign the new role to
Administrator Chip

Users

Alice Brown Chip Dunn

● Need to understand
User One User Two User Three User Four Attributes and Actions
Chip’s group of users
© 2012 Avaya, Inc. All rights reserved. Page 60
Elements and Network Services

There are many Elements /


Network Services in the list
● To create a role that has ready to be mapped to roles
permissions to access…  Each entry in this list is a
…all the users Category
 Behind each category are
…in Chip Dunn’s group typically many Elements and
● we select both the resource Services
type and the group name.  E.g. – Operations. Inside the
operation category are 850
individual operations

© 2012 Avaya, Inc. All rights reserved. Page 61


Operations, Attributes and Actions

● An Action determines what


can be done with the
Attribute – i.e. permissions
to…
– View
– Edit
● An Operation maps directly
to a menu item – Delete,
– E.g. Manage Users – etc
operation
● An Attribute maps directly to
a field of data
– EG. A user’s Last Name

© 2012 Avaya, Inc. All rights reserved. Page 62


Permissions to Take Action and Change Attributes

● An Action determines what


can be done with the
Attribute – i.e. permissions
to…
– View
– Edit
– Delete,
– etc

● An Attribute maps directly to


a field of data
– EG. A user’s Last Name

Selecting ALL has the effect of


permitting the selected Actions on all
attributes.
© 2012 Avaya, Inc. All rights reserved, Page 63
Practical: Create Custom ‘Group based’ Role
User Admin Network
Administrator Now that the group is
out-of-box role
created, I will…
● Create role for managing
only users in the group I
created a moment ago
Head of IT
● Assign the new role to Chip User Administrator
(You) System
Administrator for his team only
Custom role

Users

Alice Brown Chip Dunn

User One User Two User Three User Four

Chip’s group of users


© 2012 Avaya, Inc. All rights reserved. Page 64
Exercise: Create and Assign a Custom Group-Oriented Role
Objective & Outcome
The objective is to learn how to use groups to specify fine grained RBAC permissions. In the
previous exercise you created a group of users. In this exercise you will create a custom role
that will permit a user to administer only the users in the group. When done, you will log in as
the new administrator and should have access only to the users belonging to the group.

1. Create a new role that gives access only to the subset of users in the new group
– Navigate to: Home > Groups & Roles > Roles. Click button ‘Add’
– Enter new Role Name ‘TeamManagerChipsTeam’ and description. Click ’Commit & Continue’
– From the Select Element… screen select ‘ChipDunnsTeam’ from the Group Name list.
– Select ‘users’ from the Elements list. Click ‘Next’.
– From the Permission Mapping screen, select all Resource Type Actions, and the top most
Role Resource Type Attribute ‘ALL’, signifying all the subsequent attributes are also selected. Individual Exercise –
Click ‘Commit’. both students can
work simultaneously
– From the Role Details screen, check the new mapping has been added and click ‘Commit’.

2. Assign the new role to Chip


– Navigate to: Home > Users > User Management > Manage Users
– Select Chip Dunn from the list of users and click button ‘Edit’
– From ‘Membership’ tab, click button ‘Assign Roles’
Student A
– Select role ‘TeamManagerChipsTeam’ and click ‘Select

3. Check that Chip has access to his team members


– Log out of [email protected] and log back in as [email protected] (password Passw0rd!)
– Navigate to: Home > User Management > Manage Users
– Check that only the 2 users allocated to ‘ChipDunnsTeam’ are listed. Student B
© 2012 Avaya, Inc. All rights reserved, Page 65
Module 03: System Manager User
Administration

Lesson 02: User Authentication

Lesson Duration: 30 Minutes


© 2012 Avaya, Inc. All rights reserved, Page 66
Logon Authentication & LDAP

● The User Name and


Password authentication
discussed so far have been
of type ‘Basic’

● With Basic authentication the User


Name and Password set in the Identity
page will be the User Name and
Password with which the user will log
in.
● There is another way of authenticating
users

Lesson Duration: 30 Minutes


© 2012 Avaya, Inc. All rights reserved, Page 67
Topic 4: Logon Authentication & LDAP

Local
Authentication

Corporate
LDAP Directory

● ‘Enterprise’ level authentication uses an LDAP


(Lightweight directory access protocol) database
such as Microsoft Active Directory, Lotus Domino,
or Open LDAP.
● SMGR can synchronise users with that directory,
and then subsequently to authenticate those users
against that directory each time they log in
© 2012 Avaya, Inc. All rights reserved, Page 68
LDAP Integration
LDAP Server?
 SMGR can be configured to authenticate against a central LDAP server
 In this way, an enterprise can extend the use of a single sign-on (SSO) for all their
core services – Aura & enterprise
 Services might include:
– SMGR
– Email services etc.
– Laptop login

Corporate
LDAP Directory

SSO

© 2012 Avaya, Inc. All rights reserved, Page 69


LDAP Integration (continued)
LDAP v. SMGR
What about SMGRs role as the central user database?
 SMGR is still the central place for Aura product admin
 Using LDAP to populate SMGR with users & authenticate them can be very
convenient – especially for an enterprise with lots of users already in an LDAP
server

Corporate
LDAP Directory

V.

© 2012 Avaya, Inc. All rights reserved, Page 70


LDAP Integration (continued)
 Synch SMGR with LDAP (Populate SMGR with users)

© 2012 Avaya, Inc. All rights reserved, Page 71


LDAP Integration (continued)
 Configure LDAP data source

Any name you want


Network address of LDAP server
Username with permission to create / update users
Password of principal LDAP user
LDAP port (default: 339)
Node in LDAP tree where users will be sync’d from
Schema defines object mappings
Search filter for matching entities
Encrypt connection to server
Want to delete an already synchronized
user deleted from the Active Directory

© 2012 Avaya, Inc. All rights reserved, Page 72


LDAP Integration (continued)
 Configure LDAP data source

Any name you want


Network address of LDAP server
Username with permission to create / update users
Password of principal LDAP user
LDAP port (default: 339)
Node in LDAP tree where users will be sync’d from
Schema defines object mappings
Search filter for matching entities
Encrypt connection to server
Want to delete an already synchronized
user deleted from the Active Directory

© 2012 Avaya, Inc. All rights reserved, Page 73


Exercise: Locate & Inspect LDAP Synchronization Screens
Objective & Outcome
Although there is no LDAP server running in the training lab, the objective
of this exercise is to navigate to the LDAP screens and familiarise yourself
with them.

1. Navigate to Users > Directory Synchronisation


2. Clicking ‘New’ to create a dummy sync data source
3. Inspect the synch attribute fields. Be sure not to commit any changes.

Individual Exercise –
both students can
work simultaneously

Student A

Student B
© 2012 Avaya, Inc. All rights reserved, Page 74
Updating and Deleting a User
Network
Administrator
out-of-box role User 1 is changing her name.
I must update her account.

User 4 is leaving the


Head of IT organisation. I must remove
(You) System her account.
Administrator

Users

Alice Brown Chip Dun I am leaving the


I am getting
married. Will organisation
soon be Mrs Five

User One User Two User Three User Four

Chip’s group of users


© 2012 Avaya, Inc. All rights reserved, Page 75
Updating Details in a User Profile

● Navigate to
Home > Users >
User
Management >
Manage Users
● Select the user
to modify
● Click Edit

● Make the change


● Click Commit

© 2012 Avaya, Inc. All rights reserved. Page 76


Deleting Users

● Navigate to Home >


Users > User
Management >
Manage Users
● Select the user to
delete
● Click Delete
● This action simply
moves the user to the
recycle bin.
● The account is
suspended

Recycle bin
© 2012 Avaya, Inc. All rights reserved. Page 77
Further Actions with Deleted Users: Restore/Delete

#2
● SMGR keeps deleted
users in the ‘recycle bin’
● Deleted users can be
– Reinstated
– Permanently
deleted
…through the More
Actions menu

© 2012 Avaya, Inc. All rights reserved. Page 78


Exercise: Modifying and Deleting Users
Objective & Outcome
The objective of this exercise is to become familiar with the process of
updating and deleting user profile accounts. By the time you are done, you
will have changed a user’s Last Name, deleted and reinstated one user and
permanently deleted another.
1. Change User One’s Last Name to Five
– Navigate to Home > Users > User Management > Manage Users
– Select User One. Click Edit
– Change the Last Name to ‘Five’. Click Commit
2. Delete User Two and User Four Individual Exercise –
– Select User Two and User Four. Click Delete. Confirm User Delete both students can
– Check the users no longer appear in the list of User Management users work simultaneously

3. Reinstate User Two


– Click More Actions and select Show Deleted Users
– Select User Two and click Restore
– Confirm User Two should be restored.
Student A
– Check that he is listed again with other users
4. Permanently delete User Four
– Click More Actions and select Show Deleted Users
– Select User Four and click Delete. Confirm User Four should be deleted.
– Check that he is not listed with the other users Student B
© 2012 Avaya, Inc. All rights reserved. Page 79

You might also like