Password Settings and Roles

This topic describes the settings for the PINs and passwords and the predefined roles in Cisco Unity Connection.

There are password settings for voice-mail (PIN) and web application (password):

  • System Authentication Rules are used in user templates.
  • Password settings:
    1. Locked by administrator
    2. User cannot change or must change at next login
    3. Does not expire
  • Change the password and PIN: Require changes to the password and PIN at next login.
  • Roles: By default, no role is assigned to the user template.

Passwords for TUI and GUI access observe the system authentication rules. For example, an authentication rule might define a minimum credential length of three digits or characters and might allow trivial passwords for a lab environment. With this authentication rule, the password for all new users can be set to 123. You also can specify that users must change the password at the next login. Adjust these settings to comply with the company policies.

For security reasons, disable the use of trivial passwords and specify a minimum length of eight digits for the PIN in the authentication rule. PINs are used for TUI access to receive voice messages. The web-application password is used to access the Cisco Unity Connection Personal Options pages (Cisco Personal Communications Assistant). However, if you use LDAPauthentication, the user domain password is used and the domain security settings are applied.

When the Cisco Unity Connection system pilot number is called, Cisco Unity Connection might ask the caller for a password—which is actually the PIN. For security reasons, do not enable the Does Not Expire check box. Passwords will then need to be changed regularly. However, a PIN must be administered in Cisco Unity Connection Administration; the PIN cannot be defined in the LDAP server.

A user can be assigned to an administrator group by using roles; for example, the predefined User Administrator role. With such access rights assigned, the user can create new user accounts. By default, no administrator role is assigned to the users.

User Transfer Rules

Transfer rules allow users to transfer a call to another extension.

Transfer rules are used to reach users:

  • The standard rule is always enabled and cannot be modified.
  • The transferred call can be released to switch or supervised.
  • Supervised transferred calls also can be controlled through call holding and screening.

The following three transfer rules are predefined:

  • The standard transfer rule is enabled without an end date (always active) and cannot be modified.
  • The alternate transfer rule may replace the standard transfer rule. For example, the alternate transfer rule can customize the time for which the transfer rules should be enabled. An alternative transfer rule could be used during a vacation instead of the standard transfer rule.
  • If the schedule of the user is set to weekdays only, then the closed transfer rule is used during the weekends and after business hours.

Call transfer settings determine how Cisco Unity Connection handles the transferred calls:

  • Release to Switch: Unity Connection puts the caller on hold, dials the extension, and releases the call to the phone system. When the line is busy or is not answered, the phone system—not Unity Connection—forwards the call to the user or handler greeting. This transfer type allows Unity Connection to process incoming calls more quickly.
  • Supervise Transfer: Unity Connection acts as a receptionist and manages the transfer. If the line is busy or the call is not answered, Unity Connection—not the phone system—forwards the call to the user or handler greeting.

When Unity Connection is set to supervise transfers, it can provide additional call control with call holding and call screening. Call screening offers these options:

  • Tell Me When the Call Is Connected
  • Tell Me Who the Call Is For
  • Ask Me If I Want to Take the Call
  • Ask for Caller’s Name


This topic describes the different greeting options that a user can set up.

Greetings can individualize the user mailbox:

  • Error greeting plays if the caller enters invalid digits.
  • An alternate greeting overrides all other greetings.
  • Video greetings were introduced with Cisco Unity Connection 10.x.

Only the standard and error greetings are set up and enabled by default. The figure shows how the different greetings take precedence over the others.

Greetings enable users to individualize their greetings in different ways:

  • Cisco Unity Connection automatically generates the standard greeting from the display name. This greeting plays at all times, unless it is overridden by another greeting.
  • An alternate greeting can be used for various special situations such as vacations or a leave of absence; for example, “I will be out of the office until …”. An alternate greeting overrides all other greetings.
  • A closed greeting can be played on weekends if the schedule is set to weekdays.
  • A holiday greeting allows users to have a personalized greeting on holidays.
  • Three rarely used system greetings also exist: busy, error, and internal.

These greetings can be configured by the end user via the Cisco Personal Communications Assistant.

Other parameters that can be defined in the greeting configuration include what callers hear before, during, and after the greeting, or the language of the prompts.

With Cisco Unity Connection 10.x, users can record a video greeting that can be shown to internal and external callers. The Cisco Unity Connection 10.5 does not support leaving video messages. Cisco Media Sense is required for video integration.

TUI Experience

This topic describes how the TUI experience can be modified for a caller and for a Cisco Unity Connection user.

TUI experience can be modified to meet user expectations:

  • Phone menu:
    1. Conversation volume and speed
    2. Time format
    3. Timers for caller responses
  • Playback settings:
    1. Message volume and speed
    2. Counter for new and saved messages
    3. Play order for new and saved messages
    4. Add caller information, extension, etc.

The following parameters can be changed in the Phone menu:

  • Conversation volume, from low to high, with a default of medium
  • Conversation speed, slow to fastest, with a default of normal
  • Time format, with a default of 12 hours
  • Timers for entering digits (for example, how long to wait for the next digit when a name is being entered)

The following parameters can be modified for message playback:

  • Set volume and speed for message playback
  • Enable counter announcements for new voice, fax, or email messages
  • Set the order for playing new or saved messages (urgent first, followed by order of incoming time)
  • Enable playback of information from the sender: extension, message number, time of sending the message, and so on
  • Confirm deletions of new and saved messages

Alternate Extensions

This topic provides scenarios in which alternate extensions are required in the user configuration.

Scenarios are available for alternate extension usage:

  • WAN is busy or unavailable.
  • AAR and Cisco Unified SRST reroute the calls over the PSTN and send the +E.164 number as the calling number.

During a WAN outage, a rerouting over the PSTN is required for calls to Cisco Unity Connection. A Cisco Unified SRST router sends the call with its complete E.164 number as the calling number (for example, 408 555-2001) to Cisco Unity Connection. Most installations use the four-digit number as the Cisco Unity Connection extension. The number 408 555-2001 can be configured as an alternate extension for the user that has extension 2001 in Cisco Unity Connection. More new installations are using full +E.164 numbers including the plus sign (+); for example, +1 408 555 2001.

There are other options. Instead of using alternate numbers, you can configure a number transformation on the hunt pilot or SIP trunk, or voice translation rules can be configured to modify the calling numbers for incoming calls.

If the WAN is busy, AAR also reroutes the call over the PSTN. Depending on the number-modification configuration, the calling or forwarded number can be sent as the complete E.164 number.

You can also add mobile numbers or home office numbers as alternate extensions so that users who call in from any alternate extension are identified and need to enter only the PIN to access the voicemail services.

Voice Mailbox

This topic describes the initial setup of a user voice mailbox.

A new voice mailbox must be initialized:

  • Can be initialized by the administrator
  • Can be configured by the end user during first login to the voice mailbox via the telephone user interface

During the user account creation process, a Cisco Unity Connection administrator can enable or disable the self-enrollment feature for the voice mailbox of the new user. Users can decide to list their extension in the Cisco Unity Connection directory. If a caller chooses to search by name, the directory handler searches the directory list for directory list-enabled users.

The voice name can be rerecorded; for example, instead of the greeting “2001 is not available,” Cisco Unity Connection announces “John Doe is not available.” By default, Cisco Unity Connection generates the spoken name from the display name.

Optionally, the greeting can be changed from a standard greeting to an alternate personalized greeting.

Mailbox Stores and Membership

This topic describes the mailbox store and how mailbox access is managed in a Cisco Unity Connection cluster.

Voice mailboxes belong to a user:

  • A voice mailbox needs a storage device.
  • The database is shared between both Cisco Unity Connection servers.

The figure shows the use of mailbox stores and user membership in a mailbox store. A voice mailbox belongs to a user. Before the incoming voice messages can be stored, a message store on a Cisco Unity Connection server must be chosen. The database is shared and synchronized between both servers. If a caller leaves a message, the message is synchronized to the second server. If one of the servers fails in a Cisco Unity Connection cluster, the user can still retrieve the messages via the other server.

Message Aging Policy and Mailbox Quotas

This topic describes how messages are stored and the options that are available to optimize storage space.

Main parameters of a voice mailbox:

  • Message aging options:
    1. Move saved messages
    2. Remove deleted messages
    3. Message recording expiration
  • Mailbox quotas:
    1. Warning quota
    2. Send quota
    3. Send/receive quota
  • Alert text:
    1. Send mail when quotas are reached
    2. Send mail when messages are moved or deleted

Optimizing message storage is important when a high number of users are enabled for Unified Messaging. Because all messages also would be copied to the Exchange server, the required message storage space on external systems increases.

The message aging policy and mailbox quotas can be defined on a system level, in user templates, or on a user account level. Alert texts can be defined to be sent as a message when quotas are reached or messages are moved or deleted by the system.

To ensure that the hard disk where voice messages are stored does not fill up, aging rules can be configured in Cisco Unity Connection. These rules automate the message deletion process. Read messages can be moved to the Deleted Items folder after a specified number of days (disabled by default). Messages in the Deleted Items folder can be permanently deleted after a number of days (15 by default).

The mailbox quotas warn users that the mailbox is reaching the maximum allowed size (at 11 MB by default), prevent the user from sending voice messages to other users (at 12 MB by default), or prevent the user from sending or receiving voice messages (at 14 MB by default).

For reference, 12 MB translates to about 200 minutes of recording with the G.729 codec and to about 25 minutes of recording with the G.711 codec.

Private Distribution Lists

This topic explains the use of private distribution lists, which can be created on a user or system level.

Besides the system distribution list, the user can create private distribution lists. In this example, a sales manager has three teams (for example voice, security, and network) and wants to manage them together or individually.

All users in Cisco Unity Connection can use system distribution lists. Administrators can create system distribution lists for general usage. Users also can manage and use their own private distribution lists.

For example, a sales manager is responsible for three teams: voice, security, and network. To be able to leave them individual news and information, the sales manager creates three private distribution lists. To be able to manage all three groups at the same time, the sales manager can create an additional private distribution list (called All Lists) that includes the three private distribution lists. The sales manager can distribute a message to all three groups via the private distribution list All Lists. Any user that is included in any of the three teams receives such a message.

Notification Devices

This topic describes how users can be notified about new voice messages.

Users can be notified when new messages are left:

  • MWI is used by default but can be disabled per user.
  • Restriction tables define the calling rights for outgoing calls.
  • Notification calls ask for a PIN to enhance security.

The MWI on an IP phone is the default standard notification on Cisco Unity Connection for all users.

Additional notification devices can be set up for mobile users. Notification devices are phones, pagers, or email addresses. Up to three phone devices can be defined per Cisco Unity Connection user. As soon as a voice message is left for a user, Cisco Unity Connection can, for example, call the mobile number of the user for whom the caller left the message. When the user answers the phone, Cisco Unity Connection informs the user of the new voice message and asks the user to enter a PIN.

An email with the voice message can be sent to any email address using SMTP or HTML, but if the user listens to a message that is sent via email, MWI cannot be synchronized with the IP phone. However, if MWI is integrated or Unified Messaging is used, then MWI is synchronized after the user listens to the message.

User templates allow enabling of the notification devices, in general. However, users or administrators need to configure the notification device addresses. These devices addresses are, for example, the mobile phone numbers or external email addresses of the users. To disallow calling, for example, to international numbers, set up the restriction table to block cost-intensive calls.

Cisco Unity Connection Class of Service

This topic describes the concept of using CoS to assign additional features to users.

To modify the default CoS, choose Class of Service > Class of Service.

  • There are two default classes of service, a system CoS and a voice-mail user CoS.
  • Modify the voicemail user CoS to your needs for the majority of end users.

In Cisco Unity Connection, CoS determines the features that each user can use. There are two default classes of service: the system CoS and the voice-mail user CoS. The system CoS cannot be deleted and only some of the parameters can be changed. The voicemail user CoS supports the following features:

  • Timers define the allowed recording length and are available for names (the maximum length is 30 seconds), greetings (the maximum length for a greeting is 90 seconds), and messages (the maximum message length is 300 seconds).
  • Users are listed in the directory so that, for example, a directory handler can search for and find all users. You may allow users to delist themselves.
  • Allow users to access email messages over the phone using the TTS feature.
  • The Cisco SpeechView feature converts voice messages to text and delivers the text version of the voice message to your email inbox, allowing you to read your voice messages and to take immediate action.
  • Video is disabled by default for greeting recordings and outside callers.
  • Only the administrator can set alternate extension behavior by default; you may allow users to view and manage their alternate extensions.
  • The number of private distribution lists (25) and members per private distribution list (99) is limited by default.
  • Call transfer for outgoing or transferred calls can be restricted.

Additional features that may need to be licensed are disabled by default; for example, access to voice mail using an IMAP client or single inbox. Other features such as Cisco Jabber access to voice messages are also disabled by default. These restricted features are primarily the features that could generate additional costs, for instance, transfer rules for the company or the ability to disregard security policies.

User Access to Features

User access to certain features can be allowed with CoS:

  • Record the name of the user
  • Choose to be listed in the directory
  • Enable video greetings
  • View or manage alternate extensions
  • Change call-screening or holding options
  • Set advanced features:
    1. Allow Cisco Jabber to access voice messages
    2. Enable Unified Messaging
  • Provide transcriptions of voice messages (Cisco SpeechView).

You can use CoS to give users access to certain features. The figure lists the most commonly used features that can be enabled or modified in the voicemail user CoS.

Cisco Unity Connection User Templates

This topic describes the user templates in Cisco Unity Connection and how they can be used in different scenarios.

User templates are the main component in a user creation process:

  • Templates must be created before the users are added.
  • There are two predefined templates for administrators and users.

Templates must be created before any user is created because templates are applied only once when a user is added or imported to Cisco Unity Connection. Changes in the CoS are also applied to existing users.

The most important settings in the user template are as follows:

  • Add a name for the template that describes, for example, the user function, such as employee or manager.
  • The dial plan is set under the phone section and defines which partition the user belongs to and in which search space the user can search when sending messages. After the Cisco Unity Connection installation, there is one default partition and one search space, which are named after the Cisco Unity Connection system hostname. These partition and search space elements form the dial plan and are associated with the default voicemail user template. The default voicemail user CoS is assigned with the default user template.

    The schedule is set by default to Weekdays. The schedule should be changed to All Hours so that the individual greeting of the end user is always played. You can disable the listing of users in the directory depending on the company policies.

  • The language is set in the location section. This setting is important in a multinational deployment and in a single-site deployment in which different groups might expect callers from only certain countries.
  • The time zone is used for generating time stamps for voice messages. The setting of a proper time stamp helps users to get correct information about when a message was received by using the time zone of the user location.

User Template Example

User templates are configuration helpers:

  • Decrease the configuration effort through preconfigured general settings
  • Applied only to newly created user accounts
  • Two predefined templates: Voicemail User and Administrator
  • Add new templates based on hierarchy, location, or both combined in large voice messaging networks

User templates allow you to work more efficiently on recurring tasks. You can predefine general parameters that are the same for all users or groups of users. Then all new users that are added in Cisco Unity Connection will have the same preselected settings; for example, the same language or time zone settings. If the user template is changed at any time, the new settings will affect only users that are created after the template change. To change parameters for a group of existing users, use the BAT in Cisco Unity Connection.

The two default user templates are a Administrator Template and a Voicemail User Template. These templates cannot be deleted and cannot be modified. The administrator template has only limited options compared to the user templates. An administrator can, for example, build a user template model in which settings are preconfigured for managers, employees, or trainees. Managers may have mailboxes with more space for voice messages, or they can be notified via mobile phone when a new message arrives. Employees may have preconfigured message actions. Trainees may be limited to listening to their voice messages. User templates can also be based on locations and can specify which language to use. User templates can have time zones that are defined for a location so that messages are recorded with the correct time stamp.

When you create a new user, choose the appropriate user template to ensure that user template entries are applied to the newly created user accounts.


User templates are applied only to newly created user accounts. Any changes to a user template have no effect on existing user accounts.

User-Creation Options

This topic provides an overview of how users are created in Cisco Unity Connection.

Cisco Unity Connection user accounts can be added in various ways.

User templates facilitate manual configuration of new users. You can create multiple users in bulk by importing data from a .csv file. Or you can import users from Microsoft Active Directory or a Cisco Unified Communications Manager server, which is the most efficient way.

When the Cisco Prime Collaboration Provisioning is used, the users are imported from the LDAP server to Cisco Prime Collaboration Provisioning. You can then provision end users in Cisco Unified Communications Manager and Cisco Unity Connection based on the imported user database.

Users can also be migrated from Cisco Unity when migrating to Cisco Unity Connection. Administrators can use the COBRAS to migrate users, with or without their messages, from a Cisco Unity system to a Cisco Unity Connection system.

COBRAS is a set of tools that administrators can use to back up all subscriber, call-handler, public distribution list, schedule, and routing-rule information in Cisco Unity. Administrators can use COBRAS to restore some or all of that information to Cisco Unity Connection. For information about supported versions of COBRAS, go to

Cisco Unity Connection User

This topic describes the main Cisco Unity Connection user parameters and how a user account can be individualized.

Creating a new user account requires some main parameters where most are predefined by default:

  • Choose the correct user template and set the user alias.
  • Enter an extension, which can be +E.164.

If CoS and user templates are predefined, then only a few individual selections and settings are required. When you create a user account, choose a user template; for example, a customized employee user template. The individual user parameters are a unique alias (ID), first and last name, and the extension (directory number on Cisco Unified Communications Manager). The two minimum parameters are the alias and the extension. You cannot create a new user account without specifying these two parameters. The first and last name is optional for Cisco Unity Connection, but entering a first and a last name automatically generates the display name. If you do not create a display name, users of voice recognition will not be able to address messages to this user or call this user by name. You also can configure alternate extensions and names for a user.

The alternate extension is not required but increases productivity and improves the user experience. For example, mobile and home phone numbers can be set as alternate extensions. With this approach, a user can use alternate devices to dial the Cisco Unity Connection pilot number and get the personal login, which requires only PIN entry. If an undefined extension calls into Cisco Unity Connection, the standard opening greeting is played by default.


In this section, we explain Cisco Unity Connection CoS and the features that Cisco Unity Connection users can access when they are enabled in CoS. User templates help you to efficiently create users who are based on standardized templates. Creating new users manually using predefined CoS and templates helps you to quickly establish new users and to deploy a defined feature set.