SMACS require service accounts for all the servers it interacts with. This document will cover how to create these accounts on all UC servers.
CUCM
To proceed you will need access to the Application User section of the CUCM cluster. Please note that each CUCM cluster needs an Application User for SMACS to access them. Stack8 does not recommend reusing service accounts between SMACS and other applications and between multiple UC nodes.
To create an Application User, log into the CUCM Publisher node and select “User Management” then “Application User” then click “Add New”.
On the “Application User Configuration” view, enter a User ID, a password and confirm the password a second time. Scroll down to the “Permission Information” section and click “Add to Access Control Group”. In the new window, click “Find” and locate the following Names and check the checkbox next to each of them then click “Add Selected”:
Standard AXL API Access Group
Standard CCM Server Monitoring group
Once back to the Application User Configuration” view, click “Save”.
Your CUCM service account has been created for this cluster, if there is other CUCM clusters in the environment, follow the same steps on the other CUCM Publisher nodes and import theses servers in SMACS via the Server Management page.
Does SMACS return an error message that a role is missing when trying to add CUCM?
If that is the case, review your groups in CUCM to make sure at least one group contains the “Standard AXL API Access“ role. You may need to add this role to a group manually.
IM & Presence
This server uses the same account as CUCM. After adding your CUCM server to SMACS, click on “Add Server”, enter a description, the host URL or IP of the IM & Presence publisher, select “IM & Presence” and re-use the same credentials as used with CUCM.
UCCX
The UCCX administrator account cannot share the same User ID as the CUCM Application user.
To proceed you will need access to the End User section of the CUCM cluster assigned to UCCX and access to UCCX’s Administration portal. Please note that, if you have multiple UCCX clusters in your environment, each UCCX cluster needs an account with administrator rights for SMACS to access them. Stack8 does not recommend reusing service accounts between SMACS and other applications and between multiple UC nodes.
Note: It is possible to use an LDAP synchronized user but we do not recommend it as it may lock the application out of UCCX due to organization password policies. If you prefer to use an LDAP synchronized user, make sure that the password is set to not expire or to setup reminders to update it in both LDAP and SMACS. If you are using an LDAP synchronized user, search the user in End User view rather than creating an new user in CUCM.
To start, connect to the CUCM Publisher node and select “User Management” then “End User” then click “Add New”. Enter a User ID, a password, confirm it in the second textbook and enter a last name. Save the end user settings and log out of CUCM.
Connect to UCCX’s Administrator portal and select “Tools” > “User Management” > “Administrator Capability View”. Find your user and move it from the “Available Users” section to the “Cisco Unified CCX Administrator” section using the arrows in the middle.
Your UCCX service account has been created for this cluster, if there is other UCCX clusters in the environment, follow the same steps on the other UCCX Publisher nodes and import theses servers in SMACS via the Server Management page.
Unity
To proceed you will need access to the Administration section of the CUC cluster. Please note that each CUC cluster needs a User with system administrator rights for SMACS to access them. Stack8 does not recommend reusing service accounts between SMACS and other applications and between multiple UC nodes.
Note: It is possible to use an LDAP synchronized user but we do not recommend it as it may lock the application out of CUC due to organization password policies. If you prefer to use an LDAP synchronized user, make sure that the password is set to not expire or to setup reminders to update it in both LDAP and SMACS. If you are using an LDAP synchronized user, you will need to import the user via “Import Users” rather than creating a new user via “Users” in CUC.
To create the service account for CUC, log into CUC Administration and select “Users” from the sidebar and click “User” > “New User”. Select the User Type “User without Mailbox”, select any templates in “Based on Template”, enter an Alias and click “Save”. Once saved, click on “Edit” > “Change Password“, make sure the dropdown menu is set to “Web Application” and enter a password and confirm it and click “Save”. Once saved, click on “Edit” > “Roles” and assign the role “System Administrator” and click “Save”.
Your CUC service account has been created for this cluster, if there is other CUC clusters in the environment, follow the same steps on the other CUC Publisher nodes and import theses servers in SMACS via the Server Management page.
PCCE
SMACS requires that a new administrator account must be created in PCCE to enable PCCE provisioning.
Connect to your AD server and create a new user account,
Create the new account in PCCE,
Log into the Administration page of your PCCE instance,
Under “System”, select “Administrator”, and click “New”,
Make sure to select the domain from your User logon name created at step 1-C in the dropdown menu and enter the username as well under “Username”,
Under “Role” select “SystemAdmin”, make sure that “Read Only” is unselected and that “Access to All Departements” is selected,
Click “Save” and the account should now appear in the Administrator list,
Log out of PCCE.
Add the PCCE server to SMACS.
Log into SMACS and go in “Settings” and select “Server Management”
Click “Add Server”,
Fill out the form by providing the host or IP address, a description and select “PCCE” as the Type,
Make sure to use the full User logon name (username@domain.local) and password from step 1-C,
Click “Save”.