Course13:IT Connect - 04 Managing Users

From innovaphone wiki
Jump to navigation Jump to search
This book is about
  • editing and modifying users
  • assigning phones to users

Editing Users

As we have discussed in the previous topic, myApps gives access to various apps which provide the functionalities needed. When it comes to editing users, this is the UsersAdmin app.

As you will be the PBX administrator of your little training PBX, it makes sense to video2.png add the UsersAdmin app to your home screen, so it is accessed easily. Fortunately, the Install has already done this job for us.

You can now start the UsersAdmin app right from your home screen and it will show all the users defined so far (which is only you of course wink). You can see all the details of a particular user by video2.png clicking on that user.


Running UsersAdmin "detached"

Unfortunately, the data presented for the user details is a bit too large to be shown in the client. Of course, you could resize the client so there is more space. However, there is a more convenient solution if you are using the native client.

One of the benefits brought by the native myApps client (also known as launcher) is the ability to run Apps in a separate window, detached from the client. This only works when running the native myApps client and is indicated by a screenshot.png symbol in the clients header line.

So if you have not yet done so, start myApps again from the windows Start menu and open the UsersAdmin App. Then click on this symbol and video2.png the App will open in a new, large window. Now there is plenty of room to display the user's detail data when you click on a user entry smile



Basic User Properties

So let us see which properties of a user we have in UsersAdmin.

  • Username
    A short and unique identifier for the user. Within the PBX, it is possible to call the user using both the extension and the username. Also, it is used as login name for myApps. Usually, the userpart of the E-Mail is used (e.g. ckl if the E-Mail is ckl@innovaphone.com)
    (Further Hints) In any case, you must set it so that it could be a valid user-part of a SIP-URI. As a simple rule of thumb, only use A-Z, a-z, 0-9 as wells as . (dot) and - (hyphen). The Username must not start with a . (dot) however.
    Note that identifiers such as Username are case-sensitive in many places. Therefore, while you can use upper and lower case letters, you must make sure that you use the same spelling everywhere

  • First Name, Last Name
    These are used for searching in the user database

  • ID
    A unique name which identifies the user. It is usually derived from the first and last name of the user and is displayed in the phones screenshot.png home screen. Also, it is displayed on the receiving end of a call

  • Display Name
    The string to be displayed for the user (this is for example shown on the user's phone idle screen or on the remote side when the user does a call). If it is empty, the ID (see below) is used instead. So it normally not necessary to set a value

  • E-mail
    The user's E-mail address, used for example for two-factor authentication messages

  • Extension
    Also self explanatory

  • Executive / Secretary
    If set, this check-mark enables a set of functions that especially handles the situation where a secretary handles the calls for an executive. For normal users, it is not checked

  • Hide from LDAP
    If set, the user will be excluded in LDAP search requests towards the PBX. Such requests are done from hardware phones for example to list local PBX users

  • Template
    The name of the configuration template active for the user. A configuration template is a collection of user properties that can be easily applied to multiple users. The Install has created two commonly useful templates, Config User and Config Admin (for users with admin rights)

  • Node
    The name of the user's position in the numbering plan. In many cases, there is only a flat numbering plan and in this case, there is only a single Node called root

  • PBX Name
    The name of the PBX where the user will be registered. In a multi-location system, you will have more than one PBX and users are served by the individual PBXs

  • Devices
    A list of phone devices used by the user

  • Call diversions
    A list of call diversions set for the user

  • Forks
    A list of additional numbers to be called too when the user is alerted (e.g. the user's mobile phone number)

As you can see in the user details, the Install has not configured an extension for the first user. Also, it was too lazy to set First Name and Last Name. So let us fix this as an exercise.

To video2.png modify your own user entry,
  • click on the line with Username ckl (so far, it is the only line in the list) so that the user details open
  • click the screenshot.png pencil to the right
  • set Christoph as First name
  • set Künkel as Last name
  • set 10 as Extension for the user
  • When you're done, click on the screenshot.png check mark on the right to save your changes

Assigning a Phone to the User

In this step, we will add a phone for the user (this is why we assigned an extension to the user in the previous step).

There are 2 options to associate a phone to a user
  • the user can do it himself
  • the administrator can do it for him
We will look at the first option first.


Initiated by the User

In the user's settings/profile, there is a list of phones the user can use, labeled as My phones.

So video2.png let's see what is in there for yourself.

The List of registered phones to ckl has a single entry with Hardware Id set to ckl and there is the possibility to add
  • Phones (i.e. hard phone devices)
  • Softphones
  • Hotdesking and
  • Third-Party Phones (i.e. non-innovaphone hard- or software- phones)
As we have a bunch of phones in the training set, let us use the probably nicest one, the IP232 for ourselves. Here we go:
  • click on the + next to Phone, a screenshot.png list of supported manufacturers for the new phone will appear. In fact, there is only one manufacturer in the list (innovaphone). For extended manufacturer support, extra Apps need to be installed
  • when you click Next, a screenshot.png list of possible categories for the new phone will appear
  • in our case, hq IP Phone seems to be appropriate (you may recall that hq is the name of the PBX location you have used in the Install)
  • when you click Next, you'll see a screenshot.png provisioning code. This code can be used on a phone to associate it with the user who had created the code
At this time, we need to have the phone we intend to use in our hands. It needs to be attached to the network. As we want to associate the phone with a new user, we should clear all existing data on it. This is known as doing a factory reset. You may recall having done this in a previous lesson.

If the phone is not already in factory defaults state, it will probably not be registered and therefore screenshot.png complain about not being registered. Here is video2.png a little video on how to do a factory reset on the IP232 to refresh your memory.

However, here in the course, the phone is probably still in factory defaults state, so you see the screenshot.png provisioning code dialogue displayed on the phone. If not, you need to factory reset your IP232 now. If you do so, moodle will load a start configuration on your phone. So if you have to reset your IP232, please have a coffee so that moodle can do its magic wink

  • now carefully screenshot.png enter the code you see in myApps in to the phone (don't worry, you can redo it if you have a typo) and hit OK
  • the phone will now do some magic to talk to your PBX and provide the code. The PBX in turn will know that it is the right phone by comparing the code
  • myApps will then ask you for a nice name for the phone so you can distinguish it if you have more than one phone (for example a DECT device or your mobile phone in addition to your fixed phone). myApps already screenshot.png suggests a nice default which you may change if you like
  • when you finish the dialogue, you will see the screenshot.png result of the provisioning: the serial number of your phone has been added to the list of your phones
As a result of all this, the phone now shows your name and extension, so it is registered to the PBX. That is exactly what we wanted to accomplish!



(Further Hints) Keep your faith, this may take a few seconds!
     

Initiated by the User - FXS Phone

Of course, not all users may have IP phones, some may also use FXS (a.k.a. analogue) phones. So how can we assign an analogue port to a specific user for use with a phone?

Currently, your analogue phone is connected to TEL1 of your IP411RIGHT which is not part of your PBX system. When you go off-hook on the phone, you will hear a normal dial tone.

When you now move the phone to the IP411LEFT's TEL1 interface and listen to the dial tone again, you will hear that it differs. What you hear is the special provisioning tone. It indicates that the interface where the phone is connected to is not yet configured and therefore ready to be provisioned.

To associate the phone (or more precisely, the FXS port) to yourself (more precisely, to your user account ckl), proceed as you have already done for the IP phone (if your are not sure how that was done, go back to the previous chapter Initiated by the User). The following things differ

  • the provisioning category you need to select: for the FXS phone it is hq analogue Phone
  • you "type in" the provisioning code by dialing it like a telephone number

You should end up with a screenshot.png new entry in the list of phones in your profile. When you now lift the analog phone's receiver, you will hear a normal dial-tone again (like you did when the phone was connected to the IP411RIGHT before).

Initiated by the Administrator

Phone rollout is an easy thing to do for the administrator using the method shown in the previous chapter - as he does not have to do anything at all, the user does it himself.

Unfortunately, it requires your users to understand how this works and therefore, in real life, the administrator will often have to do it himself.

We will look at how to do this in a moment. However, we first need to create some more users we can assign phones to. So let's see how to do this.

Creating Users

So far we have assigned a phone to a single user and this user was created by the Install process. If we want to assign phones to more users, we first need to create new users.

There are multiple options to do this
  • you can type in the individual user data in the UsersAdmin app
  • you can import user data from a file
  • you can replicate users from the active directory
  • you can have users register themselves
In this course, we will cover the first 2 options.

A deeper look at UsersAdmin

As we are going to create users in the UsersAdmin App it's now time to have a a little more detailed look at it.

When you start UsersAdmin, you will see the following screenshot.png major areas:
  • Users
    allows you to view, create, modify, and delete PBX users
  • Unverified users
    is used to manage user sign-up requests if you allow users to self-register with the PBX. This mode of operation will not be used in this course though
  • Register Phones
    this tab allows administrators to associate phones to a number of phones simultaneously
We already had a look at the Users area when we updated our own user record. Before it comes to adding individual users, we should have a look at the settings for the App. These can be reached by clicking on the screenshot.png burger menu on the upper right.

Here we find settings for these categories:
  • General
    These are some properties used to communicate with the PBX database (which you had created on your IP411-LEFT during the Install). In normal operation, you don't modify any of those as if you do so, you would need to change the corresponding settings on the PBX.

    However, one item of interest for you is the message next to the Password: prompt. It should say screenshot.png match with a bullet in a friendly colour in front of it. However, if it says mismatch with a red bullet, then you have an issue because the shared credentials between UsersAdmin and your PBX set by the Install are somehow out of sync.

    Also, the Replication state: should be something like Session initialized/Up. Otherwise, UsersAdmin can not reach your PBX to synchronize user data.

  • Password Policy
    These screenshot.png settings apply to passwords set or changed by individual users. You as an administrator can always assign any desired password. The only non-obvious property is

    • Minimum number of categories
      It defines the number of different character types that new passwords must consist of, namely upper case letters, lower case letters, digits and special characters. So if you set this to 4, each password must have characters from all of those classes. Note that this applies only to passwords set by ned users. Administrators can always set any password (with UsersAdmin or the advanced PBX UI)

  • SMTP
    Remember the E-Mail server data you needed to type in to the Install in order for the two-factor authentication to work? screenshot.png This is it.
    Note that the same configuration is also stored in the PBX's advanced UI (PBX/Config/Authentication). So if you need to change it, you must change it on both places.

  • Default Settings - new Users
    There are screenshot.png some fields in this section which control how the self registering process in public service PBXs works (Node, PBX Name, Home screen apps, Template, Logo URL). This is a mode of operation which is not discussed further in this course.
    The only field which is of importance to you is:

    • Default password (import)
      When you import users from a file (we will look in to this a bit later), this is the password that is set for new users

  • Privacy
    These are screenshot.png system-wide settings which control the amount of information displayed for users:
    • Display e-mail addresses
    • Display phone numbers

  • Registration Emails, Password reset Emails
    You can change the text of the email a user receives when their email address is verified or when they reset their password. This text can be changed per language.

     
  • Permissions
    You have screenshot.png two options here:
    • Allow users to edit and provision phones: If you disable this option, users will no longer be able to edit and provision their phones themselves.
    • Allow to edit the name and the display name on the app profile: If you disable this option, users will no longer be able to change their own name and display name in their own profile app.


Creating individual Users

UsersAdmin's mission is to administrate users, so you can of course also add new users.

For this, you click on the screenshot.png + sign in the list of all users. You will see an Add User dialogue you need to fill in for the new user. You need to fill in all the fields to create the user. Some of them have uniqueness constraints: Username, E-mail, ID and Extension need to be unique in your PBX.

For the Extension, there is a nice tool. You can specify just any extension and UsersAdmin will - if this one is not available any more - video2.png suggest the next available extension.

Let us look at the Template values which are screenshot.png available for the new user: Config User and Config Admin. You might have observed that in your own user record, the template is Config Admin. Both templates were created by the Install and the difference between Config Admin and Config User is that the first one gives access to all the administration Apps. Templates are used to define a number of configuration items for a user and the phone that is used by the user. We will discuss templates in more detail later. For now, it is good enough to know that Config Admin is for administrators and Config User for normal users.


Go ahead and create a new user with the following properties:

Executive / Secretary
 not checked
Hide from LDAP
 not checked
Username
 lsv
Password
 your choice
First name
 Lisa
Last Name
 Svensson
E-mail
 lisa.svensson.dvl-ckl2@class.local
ID
 Lisa Svensson
Extension
 11
Node
 root
PBX Name
 hq
Template
 Config User



Cloning Users

A slight variation of adding a user is cloning a user. This is done by selecting a reference user in the list of all users and then clicking the screenshot.png duplication symbol in the list of all users.

The difference is that there are other video2.png default values suggested in the Add user dialogue:

  • Extension: the next available extension starting from the cloned user's extension
  • Node, PBX Name and Template: copied from the cloned user
This basically is a "create a new user similar to this one" function.

As we would like to have more users (one for each IP phone we have), we can try this feature right away and clone Lisa's record to create the following user

Executive / Secretary
 Hide from LDAP
 Username
 First name
 Last Name
 E-Mail ID
not checked
 not checked jdu
 Jean
 Dupont
 jean.dupont.dvl-ckl2@class.local Jean Dupont

Your user list should now look something like this:



While we are at that: you can also upload a profile picture for the new user, using the little screenshot.png icon on the lower end of the function icon list to the right.

Importing Users from a File

Creating a huge number of users (for example, during the initial installation) is painful of course. This is why you can also import users from a file.

For this, you have the screenshot.png XML and CSV icons on the right side of UserAdmin's user list. They allow you to im- and export users both in XML and CSV format.

We'll use the CSV import function to create another user. For this, moodle has a little https://class.innovaphone.com/moodle2/pix/f/excel.gif CSV file with a fourth user prepared. Please download this file to your PC. Then screenshot.png click on the CSV symbol on the right and on Import to upload the file. Your user list should look screenshot.png something like this now.

The CSV File Format



(Further Hints) You won't need the remainder of this page during the course. It might be interesting though once you use the import in real-life.

The CSV import file expects a semicolon ; as field separator. The column/field association can be controlled by a special header line that starts with an ampersand &. In such a line, each column contains a designator which defines the field that the subsequent column values are assigned to.


&n &h323 &e164 &config &node &pbx pseudo/&type &dn &em &fn &ln
Mario Rossi mro 13 Config User root hq

mario.rossi.dvl-ckl2@class.local Mario Rossi


Here is the list of designators:
Designator Field Example Remark
&n ID Mario Rossi must be unique
&h323 Username mro Use as key, must be unique
&e164 Extension 13 must be unique within the node
&config Template Config User
&node Node root
&pbx PBX Name hq
pseudo/&type Executive/Secretary

&dn Display Name Dottore Mario Rossi
&em E-Mail mario.rossi.dvl-ckl2@class.local must be unique
&fn First name Mario
&ln Last name Rossi
grp/&name
pickup_grp
grp/&mode
active Either "active" or "" (empty)
grp/&dyn
out Either "in" (user is currently in the group), "out" (user is currently off the group) or "" (empty, user is statically in the group)
grp/&active
true Either "true" (active member), "false" (not active member) or "" (empty, same as "false")
device/&hw Hardware Id 0090333e407e
device/&text Name Phone IP112
device/&app App phone
device/&admin PBX Pwd true Either "true" (checked), "false" (not checked) or "" (empty, same as false)
device/&nofilter No IP Filter false Either "true" (checked), "false" (not checked) or "" (empty, same as false)
device/&tls TLS Only
Either "true" (checked), "false" (not checked) or "" (empty, same as false)
device/&nomob No Mobility
Either "true" (checked), "false" (not checked) or "" (empty, same as false)
device/&trusted Reverse Proxy
Either "true" (checked), "false" (not checked) or "" (empty, same as false)

When importing users, the &h323 field (which is what is called Username in UsersAdmin) is used as the key. In other words, if you import a line with a Username that already exists, then the user data is replaced by the imported data.

The grp/ and device/ columns are a bit special as a single user may receive mutliple values for them. If this is required, you need to repeat the row for the user with identical column values except for the grp/ and device/ columns. These columns add up.

For example:
&n &h323 &e164 &em &fn &ln &node &pbx &config grp/&name grp/&mode grp/&dyn device/&hw device/&text device/&trusted
Donald Duck ddu 99 donald.duck@class.local Donald Duck root hq Config User g1 active in hw1 Hardware Phone 1 true
Donald Duck ddu 99 donald.duck@class.local Donald Duck root hq Config User g2
out hw2 Hardware Phone 2 false

would create ddu with 2 groups and 2 devices.

(Further Hints) You might have noted that there is no column for the user password. The default password for imported users is defined in the UsersApp settings (we have looked at screenshot.png those a minute before).

Assigning Phones to Users initiated by the Administrator

Now that we have some more users, we can see how to do an administrator-initiated rollout of phones.

Just like the user himself can associate a phone to his own user record, the administrator can associate phones to a number of users. The users will still need to type in the provisioning code in to the phone UI. However, they do not need to start myApps and initiate the process. They simply have to plug in the phone to the network, look up their own provisioning code in a document provided by the administrator and type it in to their phone. Of course, the administrator can do the whole process himself.

To initiate such a process, the administrator uses the screenshot.png Register phones tab in the UsersAdmin App. After clicking on the + New phone registrations title, the phone manufacturer (there is innovaphone only, as you already know) must be selected.

Then the type of the devices to be rolled out (Category) must be selected. As we now want to roll-out our remaining 3 IP phones, screenshot.png hq IP Phone is the right category. Also, phone is the App to use (in most installations, there is no other choice but phone for at the App field, this may happen though if you have installed third party phone Apps).

After clicking on Next, the users we want to rollout the phones to must be selected. As we already have provisioned our own phone, screenshot.png lsv, jdu and mro are left. Note that it is possible to filter the selection of users by PBX, Node and Template name.

UsersAdmin will then generate a screenshot.png list of provisioning codes, one for each user. You can take note or download it as a CSV file and print it out or E-Mail it to users. Users would then factory reset their phones and type in their respective codes.

The administrator can now terminate the dialogue (by clicking on Finish) as the remainder of the process may take quite a while (hours or even days). To see the progress, the screenshot.png list of Unfinished phone registrations is available. As soon as a user has successfully used his provisioning code, the screenshot.png list will be updated.

Register your remaining phones as follows:
  • lsv: IP111
  • jdu: IP112
  • mro: IP222
Your phones should now all screenshot.png be registered.

Hot Desking

There is yet another method for assigning a device to a user, but it is a little special. This method is known as Hot-Desking.

With hot-desking, a single phone is used by several users sequentially. That is, like with a PC, when the user comes to the desk where the phone device is located, a login procedure is done and the device is assigned to the user until the user logs off again. Also, hot-desking allows a physical phone to be assigned to multiple users at the same time.

For this to work, you need to create a logical device for each user who intends to use hot-desking eventually. If this has been done, the user can log-in to any phone device using the same credentials that are used for the myApps login.

The user can video2.png create this logical device himself and it will appear in the list of Devices for the user. Once this is done, a Hotdesk function key video2.png can be created and the user can video2.png login to other phones using his myApps credentials. The same key that is used for login can be used to video2.png logout.


But what about DECT?

If you need to provide DECT to your end users the sad message is that it is not supported by any PBX Manager plugin or App. Therefore you will need to work with the advanced UI (which we will mention just a bit later in the course). More details about that are part of the Advanced training.

The good news though is that there is a step-by-step turorial fish-help.png Step-by-Step Simple DECT Installation which you may want to look at after the course.

We have quite a few such articles in our wiki (you can see an overview on the fish-help.png Step-by-Step category page).
Retrieved from "https://wiki.innovaphone.com/index.php?title=Course13:IT_Connect_-_04_Managing_Users&oldid=68910"