Difference between revisions of "Draft: PEC-Hybrid/Current/Admin/About"
From Genesys Documentation
| Line 33: | Line 33: | ||
# As necessary, for each on-premises service, create OAuth Client Credentials grants: | # As necessary, for each on-premises service, create OAuth Client Credentials grants: | ||
| − | |||
#* Using the UI, follow [https://help.mypurecloud.com/articles/create-an-oauth-client/ these steps], | #* Using the UI, follow [https://help.mypurecloud.com/articles/create-an-oauth-client/ these steps], | ||
#* Or using the API, reference [https://developer.mypurecloud.com/api/rest/v2/oauth/ these endpoints]. | #* Or using the API, reference [https://developer.mypurecloud.com/api/rest/v2/oauth/ these endpoints]. | ||
| − | |||
For more information about the different kinds of Client Grants, see the [https://developer.mypurecloud.com/api/rest/authorization/ Authorization] reference.<br /> | For more information about the different kinds of Client Grants, see the [https://developer.mypurecloud.com/api/rest/authorization/ Authorization] reference.<br /> | ||
For more information about Permissions for Altocloud, see the [https://help.mypurecloud.com/articles/altocloud-permissions-overview/ Altocloud permissions overview]. | For more information about Permissions for Altocloud, see the [https://help.mypurecloud.com/articles/altocloud-permissions-overview/ Altocloud permissions overview]. | ||
| − | |||
# Create a PureEngage Identity Provider (IDP). You can use the Identity Provider API via the PureCloud Developer Tools, SDKs, or Platform API.<br /> | # Create a PureEngage Identity Provider (IDP). You can use the Identity Provider API via the PureCloud Developer Tools, SDKs, or Platform API.<br /> | ||
Sample Request:<br /> | Sample Request:<br /> | ||
| Line 56: | Line 53: | ||
#* [https://developer.mypurecloud.com/developer-tools/#/api-explorer Developer Tools]<br /> | #* [https://developer.mypurecloud.com/developer-tools/#/api-explorer Developer Tools]<br /> | ||
[[File:Hybrid_Identity_Provider_Tools_PureEngage.png|500px]] | [[File:Hybrid_Identity_Provider_Tools_PureEngage.png|500px]] | ||
| − | |||
#* [https://developer.mypurecloud.com/api/rest/client-libraries/ SDKs]<br /> | #* [https://developer.mypurecloud.com/api/rest/client-libraries/ SDKs]<br /> | ||
[[File:Hybrid_Identity_Provider_SDK_PureEngage.png|500px]] | [[File:Hybrid_Identity_Provider_SDK_PureEngage.png|500px]] | ||
| − | |||
#** [https://developer.mypurecloud.com/api/rest/client-libraries/java/IdentityProviderApi.html Java] | #** [https://developer.mypurecloud.com/api/rest/client-libraries/java/IdentityProviderApi.html Java] | ||
#** [https://developer.mypurecloud.com/api/rest/client-libraries/dotnet/IdentityProviderApi.html .NET] | #** [https://developer.mypurecloud.com/api/rest/client-libraries/dotnet/IdentityProviderApi.html .NET] | ||
#** [https://developer.mypurecloud.com/api/rest/client-libraries/python/IdentityProviderApi.html Python] | #** [https://developer.mypurecloud.com/api/rest/client-libraries/python/IdentityProviderApi.html Python] | ||
| − | |||
| − | |||
#* [https://developer.mypurecloud.com/api/rest/v2/identityprovider/ Platform APIs]<br /> | #* [https://developer.mypurecloud.com/api/rest/v2/identityprovider/ Platform APIs]<br /> | ||
[[File:Hybrid_Identity_Provider_API_PureEngage.png|500px]] | [[File:Hybrid_Identity_Provider_API_PureEngage.png|500px]] | ||
| − | |||
Authorization: | Authorization: | ||
| − | |||
#* Type: OAuth 2.0 | #* Type: OAuth 2.0 | ||
#* Access Token: request new token | #* Access Token: request new token | ||
| Line 76: | Line 67: | ||
Troubleshooting: | Troubleshooting: | ||
| − | |||
#* Ensure that the IDP is set with "autoProvisionUsers" = "true" | #* Ensure that the IDP is set with "autoProvisionUsers" = "true" | ||
#* Ensure that the issuer URI in your SAML assertion is the same as the issuer URI for the IDP. | #* Ensure that the issuer URI in your SAML assertion is the same as the issuer URI for the IDP. | ||
#* Ensure that you don't have multiple issuers with the same URI. | #* Ensure that you don't have multiple issuers with the same URI. | ||
| − | |||
| − | |||
# By default, Altocloud permissions are included in the Admin and AI Agent roles. You may grant [https://help.mypurecloud.com/articles/altocloud-permissions-overview/ Altocloud permissions] to additional roles as needed. | # By default, Altocloud permissions are included in the Admin and AI Agent roles. You may grant [https://help.mypurecloud.com/articles/altocloud-permissions-overview/ Altocloud permissions] to additional roles as needed. | ||
| Line 109: | Line 97: | ||
#* '''password''': The password to decrypt the private key. | #* '''password''': The password to decrypt the private key. | ||
#* '''expire_time''': The expiration time (in hours) for the access token. The default is 24 hours. This might be overridden on the server side. | #* '''expire_time''': The expiration time (in hours) for the access token. The default is 24 hours. This might be overridden on the server side. | ||
| − | # | + | #: Certificate is base64 string created from PEM file by using this command:<br> |
| − | + | <source lang="text"> | |
| − | + | openssl base64 -in cert.pem -out result _file_name | |
| − | + | </source> | |
| − | # | + | #: Pkey is also based64 string but requires additional command to create encrypted private key:<br> |
| − | + | <source lang="text"> | |
| − | + | openssl pkcs8 -topk8 -inform PEM -outform PEM -in saml.pem -out <span>key.pem</span> -nocrypt | |
| − | + | ||
| − | + | openssl rsa -in key.pem -out key_protected.pem -aes256openssl base64 -in key_protected.pem -out result _file_name | |
| + | </source> | ||
# To allow for better control and monitoring of the components using PureCloud Services, for each PureEngage Service that uses a common service you must create multiple sections, one for each OAuth client, in Configuration Server to allow for better control and monitoring of the components using the PureCloud Services and for different rate limiting per client. This does not mean that if you have ''n'' number of components on premises that are associated with one another, they cannot share a given client id.<br /> | # To allow for better control and monitoring of the components using PureCloud Services, for each PureEngage Service that uses a common service you must create multiple sections, one for each OAuth client, in Configuration Server to allow for better control and monitoring of the components using the PureCloud Services and for different rate limiting per client. This does not mean that if you have ''n'' number of components on premises that are associated with one another, they cannot share a given client id.<br /> | ||
#: Genesys recommends that you consult architecture before performing this step. | #: Genesys recommends that you consult architecture before performing this step. | ||
Revision as of 15:35, May 28, 2019
This is a draft page; the published version of this page can be found at PEC-Hybrid/Current/Admin/About.
Contents
This article describes the essential provisioning steps to enable a hybrid integration between PureEngage On-Prem deployments and Genesys PureCloud services.