OK, so, I must be having a blonde moment, in the add new extension , in particular quick add extension, when submitting email, it notifies new user, but strangely only for UCP details, I’m thinking to myself WTF good is that, no, its 2020, I must have missed something as to why it does not send the new users SIP details as well, but only UCP, but nope, can’t find it, this is FPBX 14 latest up to date, what have I missed?
Whats the point emailing them their UCP details if we have to verbally give their SIP login to them…
Secondly, kind of related, UCP well dont get me started on the blank UCP dashboard, that Andrew and Tony keep telling people to code it up themselves, but I also dont see where the users can change their SIP password, only their UCP password, kind of makes the entire UCP pointless.
But again, it is 2020 this project is over 15yrs old, so I’m sure I just need someone to tell me where the enabling settings are that I seem to not be able to find.
There is nothing built in that would automatically send sip credentials to the user.
Most people use auto provisioning via Endpoint manager which uploads credentials and settings to the phone automatically (if you are using desk phones).
It’s 2020 and someone is whining about exposing SIP credentials in the UCP portal. Is VoIP security still a thing in 2020?
If you don’t want users to get the UCP credentials email you can disable it in User Management.
Additionally, UCP has a built-in WebRTC phone which users can place and receive calls just fine using that limited softphone.
If you want easier deployment, then look into Endpoint Manager provisioning. And if you wanna go softphones, look into Zulu or Bria Teams.
Lastly, it’s 2020, Tony and Andrew who you seem to hate for giving you a free software, are now with a different company and probably also agree that automatically sending SIP credentials is a bad idea…
you cant cry sip security in freepbx when the ext login has the active sip password and voicemail password in clear text format there for anyone to see,
Then keep doing it the hardway. Exposing sip credentials to end users is just bad security. What happens when they setup those creds on 20 other devices. Just an example. Maybe it wont happen in youe organization. How do you make mass changes to phone options. You dont.
I’d agree with this, in particular now with COVID-19 working from home, I’ve seen a 200 fold increase in use of softphones. I’ve personally had to dish out configs for hundreds of these with users using microsip and zoiper. Access to SIP password is neither here nor there for me, I can see where it has its uses, anyone providing public access ( there is a fair few out there) but if they are going to put UCP auth details in an email I see no less of security for sending SIP login details.
I certainly they are both a great idea, but they need to be admin-configurable,and disabled by default, as there are some cases where as some have mentioned, this is not ideal.
I disagree, its no more insecure than any other risk, and I’ve been doing this for a very very long time, it might not suite all installations, but don’t assume all installations and use purposes are equal, because they are not
If its the users account, its their account.
A few CEO’s of some not so small companies I’ve done work for have got their exts setup on everything, their desk, their mobile, their tablet, their pc, their laptop, their home pc, their home deskphone. this is a fortune 500, try telling them not to have 20 different devices LOL
