Print

Enterprise directory user authorization policy for DMCC applications

The enterprise directory user authorization policy relies on the LDAP enterprise directory for user authorization. DMCC applications can take advantage of this capability.

To implement the enterprise directory authorization policy you must administer the settings on the Enterprise Directory page in the AE Services Management Console. The following settings on the Enterprise Directory page are critical to this authorization method:

When this authorization mechanism is selected, DMCC uses LDAP to query the user record for the provisioned device ID (such as the phone number). DMCC then caches the retrieved device ID. When DMCC attempts to authorize a request, it verifies that the device ID retrieved from the user record is a substring of the device ID specified in the request. This allows per-user authorization without per-user provisioning in AE Services. The substring match accounts for a very common scenario where a Tel URI is specified in the request (tel:+13035381234) but the user record contains an E.164 number (+13035381234) or extension (5380112).

For more information about leveraging advanced authentication (AA) policies from DMCC applications, see the following documents: