Cisco CUCM - Self Provisioning, Feature Groups, User Device Templates, User Profiles - What it all means and how to use it to get zero-touch deployment! - Part 2

CUCM Self Provisioning

Hi Guys

In part 1 of CUCM provisioning we talked about the new features available in CUCM 9 to make life easier for adding users, in continuation of this theme we are going to look at Self-provisioning, which allows the user to provision their own phone. LDAP is used to provide this information.

The feature is available in CUCM 10 and is quite nifty.

If you have not read part 1 of this blog, I strongly recommend you do so before continuing.

Overview

The basic premise of this feature is very similar to a technology many of you will already be familiar with: Cisco TAPS. Cisco TAPS allowed you to bulk insert phones and then, using a UCCX script have users phone a number in order to self-provision their phones. This is like TAPS but with a few important differences:

- You don't need UCCX
- You don't bulk insert the phones.

Configuration

The first thing you will need to do (other than setting up the universal device template and user line template that I already outlined in blog post 1) is configure a CTI route point and assign it a number, this CTI route point doesn't have to be anything special but you should assign it a DN that is reachable by phones configured for auto-registration

Second thing, is to enable auto registration with a CSS that can reach the number you assigned to your CTI Route point


Next, you must create an application user, ensure it is enabled for "Standard CTI Enabled" access control group and also ensure that it controls this CTI device you just created

Once this is done, go to the self-provision section under User Management -> Self provisioning

 Once this is done, you will be prompted to reset the service, obviously this is a good idea.

The final step is to configure our LDAP directory:

Go to your LDAP directory page after configuring your LDAP system and specify a directory containing the users, note you could use filters here to control which users from which area in your business are imported into LDAP, so for example, if you had users in NJ who should receive a CSS that is allowed to call international, you would create a seperate LDAP directory entry for these groups that uses a custom LDAP filter that looks for membership in a particular Windows Group. Or you could place them into a separate OU, the point is that you will need to create multiple LDAP directories.
 
 In the example below I have just pointed to the default AD CN for simplicity

 Next, you will assign the "Feature group" that controls what universal device template and what user line template are assigned to users contained in this LDAP directory.

It's important to select "Apply mask to Synched Telephone numbers to create a new line for the inserted users" also, and enter the mask as you want it to appear based on the imported telephone number field.

Once this is done. Sync the directory, what should happen is that every entry in your LDAP directory with a phone number assigned in LDAP will now create a DN in CUCM that has not yet been associated with a phone:

 When a user first plugs in a phone, and then dials the CTI Route point number (in our case, 9999) they will be prompted to enter the extension of the phone they wish to provision. Once this is done, the phone will be created based on the settings in the line and device template!!

See below an example:

 There you have it!!! Now all you have to do to create a user is simply create it in LDAP, grab a phone, dial 9999 and enter your extension, you could even have the users do this, and the phone will be provisioned!

Finally LDAP integration worth configuring!!

I hope this helps someone out there