A Short Guide to Cisco Unified Communications Manager Self-Provisioning

If you want to ensure your employees stay in touch and productive, empowering them to make minor changes to their unified communications (UC) accounts without involving the IT or UC teams is a great way to start.

But how much access is too much? When do you risk the security of your overall enterprise communications?

In this article, we’ll give you an overview of self-provisioning in Cisco Unified Communications Manager (CUCM). This will allow you to make informed decisions on how best to empower your employees with needed controls over their UC application accounts, so your organization can reap the benefits.

In this article we’ll cover:

• What is self-service UC provisioning
• Self-service provisioning in CUCM
• Who is normally responsible for UC user provisioning
• Why do enterprises restrict end-user permissions: the risks of self-service
• The importance of automation and secure role-based access
• The benefits of secure self-service provisioning

What is Self-Service UC Provisioning?

Self-service user provisioning refers to a process in which users within an organization are empowered to create, modify, or delete their own accounts and access to various systems, applications, and resources.

Instead of relying on IT or UC administrators to handle these tasks manually, self-service user provisioning allows individuals to make those changes on their own in the applications themselves or, more preferably, within a user-friendly interface or portal.

What is CUCM Self-Provisioning?

CUCM self-provisioning is the ability for end users to configure their own Cisco applications. Provisioning actions in Cisco can be categorized into these main buckets – moves, adds, changes and deletes (MACDs).

With self-service provisioning in Cisco, end users are usually limited to the “change” bucket of actions.

The Cisco collaboration suite contains several different UC applications, including Voice-over-IP (VOIP) communication (i.e. a Cisco IP phone), Jabber instant messaging, Unity Connection voicemail, Webex Meetings, Webex Teams and various call center products.

Within those applications, different users will have varying levels of access to make changes to the information within those accounts. Usually, self-provisioning in CUCM lets any user make changes to these functions:

• Call forwarding – This feature lets users forward calls from their CUCM-provided number to other phone numbers, such as a mobile or home line.
• PIN Resets – CUCM users may need to reset their PINs. Self-service lets them do it quickly and on their own without having to ask IT to help.
• Cisco Single Number Reach (SNR) – SNR is also known as the Cisco Unified Mobility application or “Mobile Connect.” This allows CUCM users to be reached at a single phone number that rings through to both the IP desk phone and a mobile device at the same time.
• Visual Phone Editing – provides the ability to visually edit a phone or device profile. It generally supports the following functions:
  • Change phone button template for device
  • Associating existing lines to the device
  • Edit Line on Device settings for lines on the device
  • Rearrange lines using drag and drop
  • Rearrange speed dials using drag-and-drop

Who Is Normally Responsible for Provisioning Users on UC Platforms?

Traditionally, IT teams or a specialized team of UC engineers is responsible for Cisco provisioning tasks beyond what end users are allowed to do above.

Those teams are generally tasked with ensuring new users are onboarded swiftly, granting them appropriate access to the CUCM tools, configuring their profiles, and ensuring integration with the company’s broader UC ecosystem.

In many cases, enterprises restrict all access to provisioning functions to admin-level IT or UC engineers. This leaves end-users with little control over their accounts. While this may sound unnecessary, there are reasons why enterprises choose to restrict that access at the expense of efficiency and productivity.

Why Do Enterprises Restrict End-User Permissions in CUCM?

Some enterprises restrict provisioning access to IT or UC admins, no matter how simple the task, for security reasons. Without the proper solutions and protocols in place, there are security risks associated with self-service UC provisioning.

Risk #1: Unauthorized or Over-Privileged Access

Without proper access control, self-service provisioning might enable users to create accounts and gain access to resources they shouldn’t have access to. This could lead to unauthorized access to sensitive data, applications, or systems.

Additionally, users might inadvertently (or intentionally) grant themselves excessive permissions when provisioning accounts. This can lead to data leaks, breaches, or accidental system changes with potentially serious consequences.

Risk #2: Data Privacy Concerns

User provisioning involves personal data. If too many users have access to that sensitive data (whether accidental or malicious), it can lead to privacy violations and compliance issues.

Risk #3: Insider Threats

With enough permissions, it’s possible for disgruntled employees to make malicious changes to UC platforms. They can even install malware and leak sensitive information.

At the same time, “insider threats” don’t always have to be malicious. Even good employees can unintentionally expose your UC platform to security risks by making changes on personal devices or on insecure networks.

Risk #4: Lack of Accountability & Traceability

Without a well-followed procedure, self-service UC provisioning can lead to a lack of accountability and traceability when users make changes. This can make it challenging to trace back actions to specific individuals, hindering the organization’s ability to investigate security incidents.

Risk #5: Inconsistent Access Controls and Setup

If self-service UC provisioning is not integrated with centralized access control systems, it can result in inconsistent permissions and access policies. Not only does this make it harder to manage security effectively, but it also makes user account setup and CUCM management inconsistent.

This can lead to errors and confusion when transferring users or setting up new call forwards, leading to dropped communications and potential UC system outages.

With these risks in mind, let’s explore an automated solution that can enable CUCM self-service provisioning capabilities without the security risks involved.

The Importance of an Automated Solution for Self-Service UC Provisioning

One thing you may have noticed is that many risks associated with self-service UC provisioning involve direct access to the UC applications.

That’s where an end-user portal and role-based access features in an automated provisioning solution can come into play.

Configuration portals allow end users to log into a separate application where they can securely change the information they need without accessing the UC application information directly.

Role-based access features limit the access users have to your automated provisioning software through role designations.

An automated solution for provisioning can help you grant better role-based access to critical systems within these applications by taking the ability to change and manipulate user data out of the hands of regular employees.

The Benefits of Secure Self-Service Automated Provisioning

With the right automated provisioning solution, you can empower your users to regain full control over their UC accounts without the risks of malicious intent or accidental outages. This will unlock several benefits for your organization.

Benefit #1: Simplification

Many organizations also run more than just Cisco for UC. As remote and hybrid work takes over, many organizations are turning to Microsoft Teams and Zoom. This leads to complex, hybrid UC environments that become even more of a challenge to provision and manage end-users.

The right automated UC provisioning solution allows you to integrate your entire UC provisioning onto one platform, whether through native integrations, API or even API triggers. This allows for simple self-service provisioning in those applications too.

Beyond UC applications, the right solution will be able to integrate with various other corporate systems. These can include:

• Active Directory (Microsoft AD)
• IT Service Management (ITSM)
• Identity and Access Management (IAM solution)
• Human Resources (HR Systems)

Once connected, an automated UC provisioning solution can act as a hub connecting user information across much of your corporate tech stack. User information can flow without any manual work from the UC team or a service desk.

When a user makes a change, it’s captured in all the applications it needs to be, without anyone having to lift a finger.

Benefit #2: Consistency

In terms of consistency, automation ensures that user provision jobs will be done the same every time. Removing manual intervention in UC account provisioning eliminates variability in how different provisioners might configure accounts.

Automated UC provisioning makes routine MACDs consistent no matter who is doing them. With configurable job templates, you can create fool-proof ways to ensure consistency across every user profile, limiting costly mistakes and making management simple.

The way this works is through pre-defined jobs that are made up of one or more templates for each step in the process. The right solution will offer flexibility in the configuration of these jobs to meet your organization’s needs.

Benefit #3: ROI

Automation makes work faster and more efficient, but in the case of automated UC provisioning, we’re talking about projects that would have taken skilled UC engineers hours or days and now take regular end-users minutes.

Automation and secure self-service allow you to take rote, repetitive work away from your UC engineers. They can focus on more strategic and fulfilling work, so they can make a greater impact on your organization – a true win-win.

Retaining that talent, saving time and preventing outages all lead to significant returns on your investment.

Automation Makes Self-Service CUCM Provisioning Possible

An automated UC provisioning solution provides a secure buffer between your end users and the data in your UC applications while still giving them the freedom they need to make changes to their accounts.

With this new peace of mind, you can feel confident that your UC systems are secure, and your users are able to work smarter and faster, while staying connected no matter where they are.

Interested in unlocking self-service CUCM provisioning? Akkadian Provisioning Manager can empower your end users to make the changes they need without fear of outages.