Controlling communication costs and ensuring secure, accountable call management are key responsibilities for IT administrators in enterprise environments. The Forced Authorization Code (FAC) feature in Cisco Unified Communications Manager (CUCM, formerly Cisco CallManager) allows organizations to regulate which users can place specific types of calls, such as long-distance or international, and ensures accurate call accounting.
This guide explains how FAC works, how to configure it, best practices, and answers frequently asked questions to help administrators implement this feature effectively.
Table of Contents
- Part 1: What is a Forced Authorization Code (FAC)?
- Part 2: How FAC Controls Calls
- Part 3: Configuration Overview
- Part 4: Best Practices and Deployment Tips
- Part 5: Frequently Asked Questions (FAQ)

Part 1: What is a Forced Authorization Code (FAC)?
A Forced Authorization Code (FAC) is a numeric code assigned to a user or group that must be entered on an IP phone before placing restricted calls. FAC enables organizations to:
- Control access to high-cost or sensitive calls (e.g., international, premium-rate)
- Track which user placed a specific call for accounting and auditing
- Integrate with Cisco CallManager route patterns to enforce dialing restrictions
FAC often works alongside Client Matter Codes (CMC), which focus on tracking calls for billing or client-specific accounting purposes. While both manage call access, FAC controls the authorization level, ensuring users have permission for restricted call types.
How FAC Works
FAC operates through Authorization Levels, ranging from 0 to 255:
- User Code Level: Each user is assigned an authorization code with a numeric level.
- Route Pattern Level: Administrators set a minimum authorization level for each route pattern (e.g., international calls may require level 30).
- Validation: Calls proceed only if the user’s code level meets or exceeds the required level. Otherwise, a reorder tone is played.
Part 2: How FAC Controls Calls
FAC is integrated directly into the dial plan via route patterns:
- Trigger: User dials a number matching a FAC-enabled route pattern.
- Prompt: CallManager plays a tone prompting the user to enter their FAC.
- Code Entry: User enters the code, optionally pressing # to route immediately.
- Verification & Accounting: If the code meets the route’s authorization level, the call is allowed. The Authorization Code Name is recorded in Call Detail Records (CDRs) for accounting and reporting via CDR Analysis and Reporting (CAR).
This mechanism ensures both access control and proper billing for restricted calls.
Part 3: Configuration Overview
To implement FAC, administrators define the codes and enable the restriction on the route pattern.
Step 1: Add Forced Authorization Codes
- Authorization Code Name: Unique identifier visible in CDRs
- Authorization Code: Numeric code entered by the user
- Authorization Level: Number between 0–255 defining the user’s access
For large deployments, the Cisco Bulk Administration Tool (BAT) can streamline creation and updates.
Step 2: Enable FAC for Route Patterns
- Locate the relevant route pattern (e.g., international calls)
- Enable Require Forced Authorization Code
- Set the minimum Authorization Level required
Tip: Updating your dial plan documentation ensures all route patterns reflect FAC-enabled settings accurately.
Part 4: Best Practices and Deployment Tips
- Scalable Level Design: Increment levels logically (e.g., 10 for interstate, 20 intrastate, 30 international) to allow easy future expansion.
- User Communication: Inform users about their codes, the dialing procedure, and that pressing # routes the call immediately.
- Continuous Auditing: Use CAR to verify CDRs and track call activity for compliance and cost control.
- Understand Limitations:
- Call forwarding to FAC-enabled patterns may fail.
- H.323 analog gateways do not support FAC tones.
- Speed-dial cannot be used with FAC; users must enter codes manually.
Pro Tip: Confirm device and server compatibility early to prevent communication interruptions. Enterprises often consult Cisco official site MCS data sheets or vendor guides when deploying UC hardware. For cost-efficient deployments, verified third-party servers may be used, but careful planning is essential to avoid downtime.
Part 5: Frequently Asked Questions (FAQ)
Q1.What is the difference between a Client Matter Code (CMC) and a Forced Authorization Code (FAC)?
FAC controls call access based on a user’s Authorization Level, required before placing certain calls, whereas CMC tracks calls for accounting or client billing and requires a client-specific code entry.
Q2.What happens if both CMC and FAC are configured for the same route pattern?
Users must enter both codes sequentially: FAC first, then CMC. Prompt tones are identical, but CallManager recognizes the sequence.
Q3.What is an Authorization Level?
A numeric value (0–255) assigned to a user’s code, defining which restricted calls the user can place. The user’s level must meet or exceed the route pattern’s minimum to complete the call.
Q4.What is a forced authorization?
It is the process of requiring a unique code (FAC) to confirm user identity and permissions before connecting a restricted call.
Enterprises using Cisco Unified Communications platforms benefit from early verification of FAC settings to ensure security, cost management, and smooth integration. For hardware or software procurement, using reputable partners like Router-Switch or checking device compatibility through IT-Price can prevent costly deployment issues.

Expertise Builds Trust
20+ Years • 200+ Countries • 21500+ Customers/Projects
CCIE · JNCIE · NSE7 · ACDX · HPE Master ASE · Dell Server/AI Expert



































































































































