Avaya Support Forums  

Go Back   Avaya Support Forums > Avaya Aura & Unified Communications

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 05-06-2021, 05:11 AM
rquebe rquebe is offline
Aspiring Member
 
Join Date: Apr 2021
Posts: 1
rquebe has 10 reputation points
Default Additional information for binding AADS with AD Microsoft

Hi,
We have an Aura platform already in operation. Users are currently created manually in SMGR. The Login Name of the users based on their extension number followed by the domain. ex .: ####@Enterprise.Domain.com

In addition, users connect to their telephone by entering their extension number followed by a default password. This allows one person to impersonate another by logging in from any telephone extension using an existing extension number followed by the default password.

We want to counter this security problem and make it easier for users to connect to their telephones using their Windows session account (SSO). So, for example, a user who logs on to a Windows workstation on the local network will see his phone (softphone or physical) come up with his DN and corresponding (personal) password.

To achieve this, we have been advised to install an Avaya Aura Devices Services server on our phone platform which will synchronize with the enterprise AD on Windows.

My question is how are we going to link the user ID under Windows to the user under Aura, because nothing links the two entities eg: user ID, IP phone ... Could you give us your advice.


Regards,
Reply With Quote
  #2  
Old 05-06-2021, 10:10 AM
mlombardi1's Avatar
mlombardi1 mlombardi1 is offline
Legend
 
Join Date: Sep 2010
Location: New York
Posts: 492
mlombardi1 has 25 to 49 reputation pointsmlombardi1 has 25 to 49 reputation pointsmlombardi1 has 25 to 49 reputation points
Default

AADS integrates with your enterprise directory and acts as an authentication front-end for single-sign-on. You elect in AADS what LDAP attribute to use for the username, typically something like e-mail address or sAMAccountName.

Whatever is chosen must be added to the SIP user profile in SMGR under the communication address section. This is in addition to the SIP extension. For example, use the "Microsoft Exchange" option if using e-mail. This should also work for sAMAccountName but only the user portion is referenced.

When the user logs into the softclient with domain credentials, AADS sends the username and password to enterprise directory for validation. If authenticated, AADS then performs an inquiry into SMGR to discover the user profile containing the matching username. When found, it grabs the SIP extension and communication profile password in that user account and sends those back to the softclient. These SIP credentials are used to login and register with Session Manager for telephony services without further user input.

This is really only applicable to SIP softclients such as Equinox, or Workplace as its now known. Hardphones, with the exception of the Vantage video device, do not make use of AADS in this way because they do not support domain credentials.
__________________
Meridian IT - Senior Engineer
Reply With Quote
Reply

Tags
aads, binding, ldap

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 04:18 AM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.