User administration

Users can log on to the classic Windows application (or to the aurenz Web Suite, via browser) to administrate and install the aurenz software. The user-authorisations are based on a role concept were a user is assigned to a role and authorisations are assigned to the role. The user SUPERUSER is created by default and cannot be deleted or renamed. The SUPERUSER has no authorisation restrictions, and is the only user who does not belong to any role. 

User

Menu bar: Setup / User
Here users can be created and managed. The creation and maintenance of these users can be done manually or automatically via LDAP or NetPhone/Swyx authentication. The settings for authentication via an external system can be found in User Authentication.

 
Fig. 6 - User management

The fields in the basic data area:

• Name: The name is used to represent the user currently logged in. This facilitates the handling in the case of cryptic "user names".
• Username: The user name is used to log in to the aurenz software.
• Password: The password can be defined or changed. To comply with the four - eyes principle, a second password can be created for each user. This makes it possible, to carry out data protection-critical reports in a process-compliant manner.
• Email: The email address is used for email notifications and assignments in the organisation chart.
• Role: Provides the user with the authorisation level defined in the role.

Tab Choose Organisation Chart area

Three different contexts can be used to define which areas in the organisation chart the user has access to:

• My company (can be optionally configured): Selecting an OU (organisation unit) authorises the user to access this and all subordinate elements.
• My Team (results from the e-mail address assignment in the organisation chart): If the e-mail address of the user is entered in an organisation unit, the user is authorised to access the subordinate objects.
• My data (results from the e-mail address assignment in the organisation chart):  If the e-mail address of the user is entered for a subscriber/extension, the user is authorised to this object.

Tab Service Technician

If one-off costs for IT support services, are to be booked to a subscribers for example, the user can be authorised here on an organisational chart level.

Roles

Menu bar: Set up / Roles

Fig. 7 - Roles

After installation, the roles "administrators" and "standard" are available. A new user is always assigned the role "standard", further roles can be created.
A wide variety of settings can be defined for each role:

• Role name
• Security: minimum length, complexity and modification time interval of passwords
• Granular authorisations for different program areas such as:
• Reports and statistics
• Menu items
• Organisation chart
• Data collection and telephone services
• Web Suite
• Call types
• Data protection and tariffing
• Time limits for logging in

WARNING: The role concept was introduced in version 11.2.4. Previously, these settings were maintained on a user level. When updating an older version, a role with the same name is created for each user to ensure consistent data transfer.
 

Define call types to be stored

Menu bar: File / Program setup / Basic settings / Call types / Storage / Communication / Call types

The aurenz software can distinguish between different call types.

• Business calls (default - cannot be deactivated)
• Private calls
• PIN calls
• Project calls
• Destination number calls
• Calls from provider invoice import (Business)
• Carrier from provider invoice import (Private)

Deaktivate the call types you don't want to use in the reports.

Organisation Chart

In order to be able to carry out reports based on individual organisational units, e.g. department levels, you can map the company structure in the organisation chart in the form of a hierarchical tree structure in your aurenz software. Likewise, users of the aurenz software can be granted authorisation to individual or multiple levels in order to implement an authorisation concept.

Es können in bis zu sieben Hierarchieebenen erstellt werden.
Diese Ebenen können beliebige Strukturen des Unternehmens darstellen (die Einzelfirmen, Kostenstellen, Abteilungen, ...).
Im Auslieferungs-Zustand wird unter dem Knoten "Sonstiges" jeder dieser Klassifizierer dargestellt. Damit ist sichergestellt, dass alle Gespräche ausgewertet werden können. By default, each of these classifiers is shown under the "others" node. This ensures that no call data gets lost, even if the data record couldn't be assigned to an subscriber within the organisation chart.

The classifiers in "others" can be moved into the hierarchical structure by drag and drop – and a subscriber object is created from the classifier. This can be filled with further information (such as name, an e-mail address, customer, personnel number, etc.). Various classifiers can be assigned to each subscriber. Based on these classifiers, individual calls are allocated to the subscriber. A classifier could be an extension or a mobile phone number. 

In this context, the "valid from" date of a subscriber node is particularly important - only calls of the classifiers from this date are assigned to the subscriber object. The older call data is displayed in a classifier object under "others" - unless there is another subscriber object with the same classifier but an earlier "valid from" date which the call data can be assigned to.

The company structure can be entered into the organisation chart like this:

• Manual - create levels and subscribers by right-clicking or moving existing classifier objects with the drag & drop function.
• Manual/automatic organisation chart import based on a text file
• Synchronisation against an LDAP server or XIE match against HiPath Manager (only possible with certain Unify systems).

Name definitions of the organisation chart levels

Menu bar: File / Program setup / Basic settings / Organisation chart / Designations

Here you can define how the individual hierarchy levels are designated, e.g. the second hierarchy level in the delivery is called "cost centre", if you want to represent different locations of your company on this level, rename it to e.g. location. This name is used both in the organisation chart and in the reports for this level.

Import / Export of the organisation chart

Export of the organisation chart

Menu bar: File / Program setup / Manual organisation chart export...

Here the organisational structure is mapped in a comma-separated text file.

Import of the organisation chart

Manual import of the organisation chart

Menu bar: File / Program setup / Import organisation chart / Manually...

Here you can select a *.txt file in which the desired organisation chart structure is displayed.

Support during import

The export of an exemplary organisation chart structure suitable for your organisation can be used as a basis for the import. In order to customise the import, the file "..\system\OrgaImportDef.ini" in the installation directory can be adapted individually if required.

You will also find xls files in the "Organigramm" directory in the installation source of the aurenz software. These can be used to prepare and create an organisation chart import file. Example of a line of the txt file for the creation of a subscriber "Smith" with the extension "112" who is in the first hierarchy level "Level2" and to whom call data of the extension 112 are assigned from 01.01.2000 and onwards:

"112","Smith","Level2",,"smith@Mail.de",,,,,,"01.01.2020"

Example of a line of the txt file for creating the first hierarchy level:

,,"Level2",,,,,,,,

Please note the valid from date of the extensions when importing the organisation chart. The call data are only assigned to the organisation chart-object subscriber from this date.

Automatic import of the organisation chart

Menu bar: File / Program setup / Organisation chart import / Automatic...

Here, an automatic import of the organisation chart definition created before in the basic settings can be carried out directly.

Note: This must be created in advance, manually.

Create an automatic import of the organisation chart

Menu bar: File / Program setup / Basic settings / Organisation chart / Automatic update

Select here between the options for automatic organisation chart update based on the source of the information.

• Updating via LDAP
• Updating via file import
• Updating via XIE / HiPath

After selecting an update source, define the access and interval of the source.

Afterwards, the LDAP or XIE fields that provide the corresponding information can be assigned to the database fields shown on the left hand side - in the case of file import, the position of the information in each data row of the import file is determined in this step.

 
Depending on the type selected, further options are provided for inserting spaces, re-editing the call number, etc.

DynamicTeams

Preparations for the configuration of DynamicTeams for SwyxWare / NetPhone

SwyxIT! must be installed in the aurenz server: To receive the status changes from the Swyx server (UC server), a separate Swyx/NetPhone user is required. The UC-Analytics server logs in to the telephone client installed on the server with this user.

• A designated user of the UC server (Swyx/NetPhone server) is required. Please create and include an internal call number.
• The SwyxIt! must be installed in the system with the aurenz software. The SwyxIt! has to be reserved for the UC-Analytics, so do not log in to the SwyxIt! - just install it.
• Ensure that the designated Swyx user is used exclusively for DynamicTeams in the aurenz system.

Release the DynamicTeams Web Extension:
In the program directory of the aurenz software under the folder "Connection to telephone systems/Swyx" there is a skin (interface design) in which the operation of DynamicTeams is integrated as a web extension. If the aurenz system is not running on the Swyx/NetPhone server, the URL in the web extension must be adapted. Replace for the event “skin loading” in the URL "http://%ActiveServerName%:8081/swyxit#username=%OwnName%" the variable %ActiveServerName%  with the server name or IP address of the server, on which the Swyx Analytics is installed.

Publish the skin via the administration of the UC server (menu Properties/Files/Edit). The skin must be assigned to the users who are to handle DynamicTeams via SwyxIt!.
Configuration for authentication via the web extension
DynamicTeams are operated via the aurenz Web Suite or the web extension in the telephone client described above. Authentication is required for access.

Menu bar: File > Setup program > Basic settings > Web server > User authentication > Swyx authentication

Configure the Swyx authentication in aurenz software. If the user name corresponds to a Swyx user in the UC server, the web users are automatically created in the aurenz software with this login procedure. With the option "retrieve password from Swyx" the login data (user name and password) of the UC server users can be used. With the option "manage password locally", the user must replace his initial password, received by mail, at the first login to the DynamicTeams web site. The mail address is adopted from the corresponding Swyx user.

After the first login, the user is automatically created within the UC-Analytics. You can find the list of users for control here:
Menu bar: Setup > User

Preparations for the configuration of DynamicTeams for Cisco

Since the hunt groups in the CUCM can be used/configured very flexibly, we will assume the following preconditions:

• A HuntList is always uniquely assigned to exactly one HuntPilot.
• If a HuntList is assigned to several HuntPilots, then these hunt groups are not available as DynamicTeams (are not displayed in the program interface). Background: When logging in/out, the users from the first LineGroup of the HuntList are logged in or out. If the HuntList is assigned to several HuntPilots, the user would be logged in or out of several hunt groups. This is not what the user would expect.
• A LineGroup may NOT be used as the 1st LineGroup in several HuntList. Background: When logging in/out, the users from the first LineGroup of the HuntList are logged in/out. If the LineGroup is assigned in several HuntList (and thus in several hunt groups), the user would be logged in or out of all these hunt groups.
• We only look at the 1st LineGroup within a HuntList for logging in and out. If several LineGroups are assigned to a HuntList, these are not taken into account in the DynamicTeam functionality.

Please configure the hunt groups you want to use as DynamicTeams according to these specifications. The Cisco IM&Presence Manager (CUPS) is required to display the presence status of the users. The UC-Analytics server determines the presence status of the users via the CUPS interfaces.

The aurenz software provides various user authentications. Please use the Cisco authentication in the basic settings under the page "web server/user authentication". With this authentication type, the corresponding accounts (web users) are automatically created in the aurenz software, provided that the user name corresponds to an user in the CUCM. With the option "retrieve password from CUCM", the Cisco user login data can be used (user name and password). Authentication takes place via the CUCM. In this case, a request for authentication is sent from the aurenz software to the CUCM via UDS. This makes it possible for the user to be imported into the CUCM via an AD and for authentication to take place via the CUCM on the AD. With the option "manage password locally", the user must replace his initial password, which he receives by mail, when logging in for the first time. The mail address is transferred to the corresponding user.

Set up Cisco Jabber

The DynamicTeams can be integrated directly into Jabber. To do this, use the URL <IP address aurenz>:8081/groups.

Preparations for the configuration of DynamicTeams for innovaphone

The necessary settings in innovaphone and in the UC-Analytics components are described in a separate document:  Dynamic Teams für Innovaphone

Particularities to consider when setting up DynamicTeams for Swyx

When the aurenz system is started for the first time, the DynamicTeams configuration wizard is started automatically.
All the settings described here can be accessed here after the initial setup: Menu bar: hunt group manager/manage agent authorisation

Configure the DCOM component to communicate with the UC server:

The aurenz software should run as a service of its own under a Windows user account. You have to define which windows user account shall be used to start the DCOM component "CLMgr" of the SwyxIt! client on the UC-Analytics server. If this is not done, the login and logout of agents or the display of the agent status will not be reliably.

When clicking on "Check SwyxIt! installation" the corresponding DCOM settings will be made and checked automatically. The result will be displayed afterwards.
If you want to make the DCOM settings manually, proceed as follows: Start the windows administration console component services with administrative rights by starting a command prompt with administrator rights and invoking the command call dcomcnfg. Navigate to "Console root > Component services > Computer > My computer > DCOM configuration > CLMgr". For "CLMgr" go to "Properties" and under "Identity" enter "The user who launches the application".

Configuration of DynamicTeams

Here you define the group authorisation, that means which user is allowed to log in to which groups.

Menu item: Hunt group manager / Manage agent authorisations...

Selection of the TC system for which the DynamicTeams are to be implemented: The DynamicTeams can only be set up for one UC server. If several servers for statistics and call data collection are connected, please select the suitable data source here, for which the DynamicTeams are to be used.

For Swyx/NetPhone:

Please enter the dedicated Swyx/NetPhone user name that the system should use to log on to the telephone client (see preparations for the configuration of DynamicTeams for SwyxWare/Netphone). Changing the login information may take up to one minute.

For Cisco:

With DynamicTeams for Cisco, the configuration-parameters can be accessed via the button configure Cisco access data.

• Access data to the communication manager (CUCM): The IP address and port of the CUCM are specified here. In addition, an application user must be defined (will be configured in CUCM), who may access the configuration via AXL and also make changes.
• Access data to the presence server (CUPS): The IP address and port of the CUPS are specified here (the default port of the "Presence Web Service" is 8083 - we only support the HTTPS variant). In addition, an ApplicationUser must be specified (which will be configured in the CUCM) and is required to log on to the CUPS via "Presence web service". The ApplicationUser must have the permissions "Third party application users" and "Admin-3rd party API". In addition to an ApplicationUser, an EndUser is required. The EndUser is required in order to be notified about status changes (basically, one registers and specifies a contact list in order to be notified about status changes of these contacts). The EndUser domain is necessary if the EndUsers are maintained in the CUCM without a "domain".  Since we (also the CUPS) manage the EndUsers with the domain, they must, in this case, be specified here.
• Data of the AlwinPro server. The IP address of the aurenz system and a port must be entered here. With this data, an HTTP server is started in order to be informed about status changes of the CUPS. I.e. CUPS must be able to reach the web service under the IP address + port.

Setup the group authorisations:

The table in this window shows all groups created in the UC server. When you open the dialogue or click on "Update", the groups and their assigned users are read from the UC server and displayed. If you expand the group itmes, you can see which users are currently assigned to which groups. The users are marked accordingly:

• Status "logged in" (green): These users are currently assigned to the group in the UC server.
• Status "assigned but logged out" (red): These users are generally allowed to log in, but are not currently assigned to this group on the UC server.

Via the context menu "Add group member", you can select users and grant them the authorisation to log in to the group. You can undo the authorisation via the context menu "Remove group member".

Basically, the users defined here can log in or out of their groups independently, using the Dynamic Team function in their softphone client or via the WebSuite. With the "Team leader" right, you can designate users of a group who can also carry out the login/logout for other group members. The right "Team leader" is set via the context menu of the respective user. Please note that adding and removing permission for a group of individual users to/from a group will be effective immediately even though the display in the clients will be delayed up to one minute.

Automatically log in free agents as needed:

If necessary (when there are no more free users available in the group), the system can automatically log in users who have been logged out but are free. This feature can be switched on or off for each group. To do this, use the context menu "Automatically book in free agents on demand".

Operating the DynamicTeams

In the following section, the operation is shown using the Swyx softphone client (SwyxIt!); the NetPhone client and the Cisco Jabber works in the same way. Depending on the selected authentication method, please log in with the user name and password of the user from the UC server or with the user name of the user from the UC server and a separate password.

Group allocation:

The DynamicTeams can be conveniently operated via the SwyxIt!/NetPhone Client or Jabber. On the "My Teams" tab on the "Dyn.teams" page all groups, to which the registered user is generally allowed to log in to, are listed. The light-bulb on the right hand side of the group name indicates which groups the user is currently logged into. Blue means logged in, grey means logged out. If there is only one free user left in the group, this is signaled by a yellow warning triangle. If there is no free user in the group, this is indicated by a red warning triangle.

The authorised users of the selected group are displayed below each group if you expand the group node. The status symbol next to the user indicates the presence of the user in the UC server (available, absent, do not disturb, logged off). This shows how many users are free at the moment, to accept calls. Users who are not logged into the group are marked in grey and the light-bulb on the right hand side of the user name is also grey. Registered users are marked in white and their light-bulb are blue. Via the context menu of the respective user, this user can be logged in or out of the group. Team leaders, cognizable by the yellow crowns, can log in /out other users than themselves. Non-team leaders can only log themselves in/out.

Call list

In the tab "Call list", lost and answered calls are displayed and only those that came through the group ("Hunt group" column). To prevent several agents from calling back to the same lost call, a call-back status (unanswered, in progress, completed) is available for each call. If a caller is called back directly from the call-list, the status is set to in progress. This prevents several agents from returning a call. The status completed  must then be set manually by the corresponding agent.

Please note that the hunt groups must be announced in the program before the call data is read in. Otherwise it is not possible to allocate the call data to the groups. Please configure the groups here:

Menu bar: File > Program setup > Hunt groups > Hunt group setup

Booking journal:

In the booking journal, all log in/log outs are recorded. In the column "Booked by" it can be traced by whom. The entry "System (sync from ...)" is set if the status of the group allocation was taken over by the TC system. For example, a user was directly assigned to a group in the administration interface of the PBX. This is then taken over from the PBX when you click on the "Update" button in the "Set up DynamicTeams" dialogue in the administration tool (UCA.exe).

Import network carrier tariff

Menu bar: File > Program setup > Network carrier

General information can be found in Network carrier (Netzanbieter).

If you want to import an existing <network carrier>.ini or you have received an individual <network carrier>.ini file from aurenz GmbH - please place this in the installation directory in the subfolder "Other network carriers" ("Weitere Netzanbieter)". Open the file > Setup program > Network carrier" via the menu bar. Create a new network carrier or select an existing one. Select "Replace / import network carrier" and select the desired <network carrier>.ini. Select the appropriate option to overwrite or add and acknowledge the "Notes on using".

Data protection 

Data deletion - accounting data / statistical data 

In the AlwinPro product, only accounting data (call data) is stored. In the Analyticsproduct variants, there is an additional statistical database. Both databases can be deleted separately. 

It is recommended to carry out deletion requests on a regular basis in order to: 

• comply with data protection regulations 
• not unnecessarily increase the number of licences in use (fluctuation, test users, ...) 
• reduce the data stock to a minimum (performance, storage space, ...) 

Accounting - Data deletion: 

• Deletion area: One or more extensions as well as organisation chart levels can be selected. 
• Time period: "Complete", "Older than", "Younger than" and many more.  
• There are further filter options for different call types, call directions, etc. 

Statistics - Data deletion 

• Deletion area: It is not possible to limit the deletion to extensions or organisational chart areas. 
• Time period: "Complete", "Older than", "Younger than".  
• The statistics data deletion also includes the data of the optional Queues (Swyx Visual Groups / STARFACE iQueue / Cisco UCCX)

Each data deletion is created and scheduled as a special "Report":

Select the appropriate data deletion here, and follow the configuration wizard.

Create and assign data protection packages

Menu bar: File > Program setup> Data privacy

Call data must not only be protected from unauthorised viewing, but also from misuse. Therefore, data protection packages that flexibly fulfil the desired level of data protection can be defined. By delivery, two special data protection packages and one standard data protection package are available. The standard data protection package applies to all subscribers who have not been assigned another data protection package. Here, for example, the last 5 digits of the destination numbers of the private and pin calls are masked.

• Data protection packages can only be assigned to subscribers in the organisational chart direct, not to an organisational chart level (cost centre/department/...).
• Maskierte Informationen können von Anwendern mit der Berechtigung „Ändern" auf „Datenschutz / Wiederherstellung maskierter Daten" wieder sichtbar gemacht werden.
• Masked information can be made visible again by users with the permission "change" to the option "data protection / Restore masked data".

Menu bar: Setup > Role> Data privacy / Rates

GDPR - General process description

GDPR - deletion periods and the right to be forgotten

Es werden in der aurenz Software folgende Datenarten gespeichert:

The following types of data are stored in the aurenz software:

• Call data
• Statistical data (based on the call data)
• Network carrier data

The aurenz software provides the following variants for the targeted data deletion:

Personal deletion of call data

Menu bar: File > Program setup > Personal deletion of call data (GDPR)

This item allows you to delete call data of individual or multiple extensions or destination numbers. Here you can define a time range as well as the internal extension or the external target number for which the deletion is to be carried out.

Data deletion in general for time periods:

These data deletion jobs are used to delete all data stocks of the corresponding type in a selectable period of time (older than, younger than, all).

• Data deletion (statistical data)
• Call data deletion
• Network carrier data deletion

This can be found in the "data deletion" report group in the Web Suite Report overview. Please note that the network carrier data deletion is only available in the Windows application and not in the aurenz WebSuite.

GDPR - Duty to inform

The "GDPR Report" can be used to show which subscribers have data stored for a certain time period.

Fig. 7 - DSGVO/GDPR Report

GDPR - Data portability

An access to the UC-Analytics/AlwinPro for each user can be set up via the WebSuite, to ensure that the user can have access to it's own data.

Changing the WebSuite default http/https ports

Menu bar: File > Program setup > Basic settings > Web server > WebSuite settings > HTTP server

After installation, aurenz WebSuite can be accessed via the following ports:

Port for http access: TCP 8081

Port for HTTPS access: TCP 8443

These ports can be adjusted. Please note that after changing the ports, the Windows service "UC-Analytics WebSuite" must be restarted. This service communicates with the billing module via TCP port 4711 and the data collection via TCP port 4712. In order to access the resources (e.g. network shares) of the UC Analytics server from the WebSuite, the service for the accounting module must be started under a user account with the appropriate rights.

Setting up additional Workstations (Administration Application)

In addition to the aurenz WebSuite, the Windows application UC-Analytics / AlwinPro UC-Edition is also basically capable of multi-user operation. If the Windows application is to be used on several Windows servers or clients, you need it in the “Client/Server” variant.

Restrictions and requirements:

• UC-Analytics or AlwinPro is licensed in the "Client/Server" variant
• All systems that are to be supplied from the Windows application must be in the same network (LAN) and in the same domain as the server with the main installation.
• The system time of the main installation and the subsidiary workstations must be synchronous.

1. Share the installation directory of the main installation with the necessary users having full access.
2. Run the installation routine on one of the other workstations in the folder you have just shared. Observe the same steps as during the main installation!
3.  Select "Installation on another workstation" under "installation type".
4. In the network path of the main installation dialogue box, enter the path of the main installation. This is constructed from the computer name of the main installation server and the share name of the installation directory.
5. Select no when asked if you want to install another data collector module.
6. The installation is now carried out.