How to create service accounts for CUCM, CUC and PCCE

Owned by Benoit Desnoyers
Last updated: Feb 16, 2023 by Sean McDade
3 min read

ZPC require service accounts for all the servers it interacts with. This document will cover how to create these accounts on all UC servers.

CUCM

To proceed you will need access to the Application User section of the CUCM cluster. Please note that each CUCM cluster needs an Application User for ZPC to access them. Stack8 does not recommend reusing service accounts between ZPC and other applications and between multiple UC nodes.

To create an Application User, log into the CUCM Publisher node and select “User Management” then “Application User” then click “Add New”.

On the “Application User Configuration” view, enter a User ID, a password and confirm the password a second time. Scroll down to the “Permission Information” section and click “Add to Access Control Group”. In the new window, click “Find” and locate the following Names and check the checkbox next to each of them then click “Add Selected”:

  • Standard AXL API Access Group

  • Standard CCM Server Monitoring group

Once back to the Application User Configuration” view, click “Save”.

Your CUCM service account has been created for this cluster, if there is other CUCM clusters in the environment, follow the same steps on the other CUCM Publisher nodes and import theses servers in ZPC via the Server Management page.

Does ZPC return an error message that a role or a group is missing when trying to add CUCM?

If your CUCM instance does not have the groups listed in the step-by-step guide, create a group that contains the following roles:

  • Standard AXL API Access

  • Standard CCM Admin Users

  • Standard SERVICEABILITY

IM & Presence

This server uses the same account as CUCM. After adding your CUCM server to ZPC, click on “Add Server”, enter a description, the host URL or IP of the IM & Presence publisher, select “IM & Presence” and re-use the same credentials as used with CUCM.

UCCX

Please follow the steps in this guide to provision a ZPC service account for UCCX.

Unity

To proceed you will need access to the Administration section of the CUC cluster. Please note that each CUC cluster needs a User with system administrator rights for ZPC to access them. Stack8 does not recommend reusing service accounts between ZPC and other applications and between multiple UC nodes.

Note: It is possible to use an LDAP synchronized user but we do not recommend it as it may lock the application out of CUC due to organization password policies. If you prefer to use an LDAP synchronized user, make sure that the password is set to not expire or to setup reminders to update it in both LDAP and ZPC. If you are using an LDAP synchronized user, you will need to import the user via “Import Users” rather than creating a new user via “Users” in CUC.

To create the service account for CUC, log into CUC Administration and select “Users” from the sidebar and click “User” > “New User”. Select the User Type “User without Mailbox”, select any templates in “Based on Template”, enter an Alias and click “Save”. Once saved, click on “Edit” > “Change Password“, make sure the dropdown menu is set to “Web Application” and enter a password and confirm it and click “Save”. Once saved, click on “Edit” > “Roles” and assign the role “System Administrator” and click “Save”.

Your CUC service account has been created for this cluster, if there is other CUC clusters in the environment, follow the same steps on the other CUC Publisher nodes and import theses servers in ZPC via the Server Management page.

PCCE

ZPC requires that a new administrator account must be created in PCCE to enable PCCE provisioning.

  1. Connect to your AD server and create a new user account,

  2. Create the new account in PCCE,

    1. Log into the Administration page of your PCCE instance,

    2. Under “System”, select “Administrator”, and click “New”,

    3. Make sure to select the domain from your User logon name created at step 1 in the dropdown menu and enter the username as well under “Username”,

    4. Under “Role” select “SystemAdmin”, make sure that “Read Only” is unselected and that “Access to All Departements” is selected,

    5. Click “Save” and the account should now appear in the Administrator list,

    6. Log out of PCCE.

  3. Add the PCCE server to ZPC.

    1. Log into ZPC and go in “Settings” and select “System” and “Server Management”

    2. Click “Add Server”,

    3. Fill out the form by providing the host or IP address, a description and select “PCCE” as the Type,

    4. Make sure to use the full User logon name (username@domain.local) and password from step 1,

    5. Click “Save”.