Installation Guide for Cisco Unity Release 5.x with IBM Lotus Domino (Without Failover)
Chapter 10 Setting Up Authentication for the Cisco Unity Administrator
Determining the Authentication Method to Use for the Cisco Unity Administrator
5. If Windows can confirm the identity of the Windows domain user, then IIS sends the user and
domain name to Cisco
Unity, and the process continues with Step 6.
If Windows cannot validate the identity of the Windows domain user (as would be the case if the
subscriber logged on to an untrusted domain), Internet Explorer prompts the subscriber for a user
name and password. Once again, the credentials are not sent across the network; instead, Internet
Explorer sends IIS an encrypted message regarding the Windows domain account based on the
credentials that were entered in the dialog box. If Windows still cannot authenticate the user,
Internet Explorer displays a message indicating that access to the website is denied because the
domain account is unknown.
6. Cisco Unity checks to see that there is a subscriber account associated with the Windows domain
account used to authenticate the subscriber and that the subscriber account has COS rights to access
the Cisco
Unity Administrator.
7. If a subscriber account exists and it has the proper COS rights, Cisco Unity presents the first page
of the Cisco
Unity Administrator website, which is displayed in the browser.
If the subscriber account does not exist or does not have the proper COS rights, Cisco Unity presents
a web page that indicates that the subscriber does not have permission to view the Cisco
Administrator website.
How Anonymous Authentication Works with the Cisco Unity Administrator
When IIS is configured so that the Cisco Unity Administrator uses Anonymous authentication,
Unity authenticates the credentials that subscribers enter on the Cisco Unity Log On page.
1. A Cisco Unity subscriber starts Internet Explorer and attempts to browse to the Cisco Unity
Administrator website.
2. Internet Explorer tries to get the home page for the Cisco Unity Administrator from IIS.
3. IIS allows access to Cisco Unity based on the privileges for the IUSR_[computer name] account.
(This is the anonymous account that IIS uses for Anonymous authentication by default.)
4. Cisco Unity presents the Cisco Unity Log On page, which is displayed in the browser.
5. By default, the Log On page prompts subscribers to enter the Domino credentials, as shown in
Table 10-3. However, subscribers can click the Log On Using Windows Authentication link
provided on the Log On page to browse to another Log On page, as shown in Table 10-4, on which
they can enter their Windows domain account credentials.
Table 10-3 Cisco Unity Log On Page for Domino Credentials
Field Name Description
Full Name Subscribers must enter the full Lotus Notes user name that is associated with their Cisco Unity
subscriber account.
The full name consists of the user name, any organizational units that the Domino Person document
resides in, and the IBM Domino certifier domain. (For example, subscribers can enter Terry
Password Subscribers must enter the Internet password for their Domino user account.