Difference between revisions of "Draft: PEC-Hybrid/Current/Admin/About"

From Genesys Documentation
Jump to: navigation, search
Line 39: Line 39:
 
For more information about the different kinds of Client Grants, see the [https://developer.mypurecloud.com/api/rest/authorization/ Authorization] reference.<br>
 
For more information about the different kinds of Client Grants, see the [https://developer.mypurecloud.com/api/rest/authorization/ Authorization] reference.<br>
 
For more information about Permissions for Altocloud, see the [https://help.mypurecloud.com/articles/altocloud-permissions-overview/ Altocloud permissions overview].
 
For more information about Permissions for Altocloud, see the [https://help.mypurecloud.com/articles/altocloud-permissions-overview/ Altocloud permissions overview].
 +
</li>
 +
<li>Create your SAML Cert and key. Certificate is base64 string created from PEM file by using this command:<br>
 +
<source lang="text">
 +
openssl base64 -in cert.pem -out result _file_name
 +
</source>
 +
Pkey is also based64 string but requires additional command to create encrypted private key:<br>
 +
<source lang="text">
 +
openssl pkcs8 -topk8 -inform PEM -outform PEM -in saml.pem -out <span>key.pem</span> -nocrypt
 +
 +
openssl rsa -in key.pem -out key_protected.pem -aes256openssl base64 -in key_protected.pem -out result _file_name
 +
</source>
 +
Once you have created the two PEM files perform the following steps:
 +
<ul>
 +
<li>Encode saml.pem into a base64 string (=>’saml.pem.b64’) using this command:
 +
<source lang="text">
 +
openssl base64 -in saml.pem -out saml.pem.b64
 +
</source>
 +
</li>
 +
<li>Encrypt the saml.pkcs using a password (=>’saml.pkcs.enc.password’) and then encode the resulting content into a base64 string (=>’saml.pkcs.enc.b64’) using this command:
 +
<source lang="text">
 +
openssl rsa -in saml.pkcs8 -out saml.pkcs8.enc -aes256
 +
</source>
 +
(specify the value of saml.pkcs.enc.password when prompted)
 +
<source lang="text">
 +
openssl base64 -in saml.pkcs8.enc -out saml.pkcs8.enc.b64
 +
</source>
 +
</li>
 +
</ul>
 +
The resulting material can be set in the saml section of the transaction object:
 +
<ul>
 +
<li>certificate=<saml.pem.b64></li>
 +
<li>pkey=<saml.pkcs.enc.b64></li>
 +
<li>password=<saml.pkcs.enc.password></li>
 +
</ul>
 +
</li>
 +
</ul>
 
</li>
 
</li>
 
<li>Create a PureEngage Identity Provider (IDP). You can use the Identity Provider API via the PureCloud Developer Tools, SDKs, or Platform API.<br>
 
<li>Create a PureEngage Identity Provider (IDP). You can use the Identity Provider API via the PureCloud Developer Tools, SDKs, or Platform API.<br>
Line 106: Line 142:
 
<li>'''organization_sname''': The PureCloud organization short name for this tenant.</li>
 
<li>'''organization_sname''': The PureCloud organization short name for this tenant.</li>
 
<li>'''organization_id''': The PureCloud organization id for this tenant.</li>
 
<li>'''organization_id''': The PureCloud organization id for this tenant.</li>
<li>'''default_agent_role_name''': The default PureCloud agent role name.</li>
+
<li>'''default_agent_role_name''': The default PureCloud agent role name for an AI agent. This will always be '''employee'''. If you want to provision agents with a different role, you must do so in the SAML assertion that provisions the user (see IDP...). </li>
<li>'''default_supervisor_role_name''': The default PureCloud supervisor role name.</li>
+
<li>'''default_admin_role_name''': The default PureCloud admin role name. This is '''admin'''.</li>
<li>'''default_admin_role_name''': The default PureCloud admin role name.</li>
 
 
<li>'''base_auth_url''': The base auth URL that can be used for any PureCloud service; for example: '''base_auth_url''' should be <nowiki>https://[region_host]/oauth/token</nowiki>. <nowiki>[region_host]</nowiki> is the authentication-based FQDN for the region; the regions are listed on [https://developer.mypurecloud.com/api/rest/ this page].</li>
 
<li>'''base_auth_url''': The base auth URL that can be used for any PureCloud service; for example: '''base_auth_url''' should be <nowiki>https://[region_host]/oauth/token</nowiki>. <nowiki>[region_host]</nowiki> is the authentication-based FQDN for the region; the regions are listed on [https://developer.mypurecloud.com/api/rest/ this page].</li>
 
<li>'''base_service_url''': The base URL that can be used for any PureCloud service; for example: '''base_service_url''' should be <nowiki>https://[region_host]/api/</nowiki>. <nowiki>[region_host]</nowiki> should be the API-based FQDN for the region; the regions are listed on [https://developer.mypurecloud.com/api/rest/ this page]. The rest of the URL is PureCloud service and version specific; for example: '''...v2/conversations'''. The '''base_service_url''' and the service specific portion is combined in your component code.</li>
 
<li>'''base_service_url''': The base URL that can be used for any PureCloud service; for example: '''base_service_url''' should be <nowiki>https://[region_host]/api/</nowiki>. <nowiki>[region_host]</nowiki> should be the API-based FQDN for the region; the regions are listed on [https://developer.mypurecloud.com/api/rest/ this page]. The rest of the URL is PureCloud service and version specific; for example: '''...v2/conversations'''. The '''base_service_url''' and the service specific portion is combined in your component code.</li>
Line 119: Line 154:
 
<li>'''pkey''': The encrypted SAML related certificate private key (a saml.pkcs8 private key encrypted in aes256 with a password (see password option below) and encoded in base64).</li>
 
<li>'''pkey''': The encrypted SAML related certificate private key (a saml.pkcs8 private key encrypted in aes256 with a password (see password option below) and encoded in base64).</li>
 
<li>'''password''': The password to decrypt the private key.</li>
 
<li>'''password''': The password to decrypt the private key.</li>
<li>'''expire_time''': The expiration time (in hours) for the access token. The default is 24 hours. This might be overridden on the server side.<br>
+
<li>'''expire_time''': The expiration time (in hours) for the access token. The default is 24 hours. This might be overridden on the server side.</li>
Certificate is base64 string created from PEM file by using this command:<br>
 
<source lang="text">
 
openssl base64 -in cert.pem -out result _file_name
 
</source>
 
Pkey is also based64 string but requires additional command to create encrypted private key:<br>
 
<source lang="text">
 
openssl pkcs8 -topk8 -inform PEM -outform PEM -in saml.pem -out <span>key.pem</span> -nocrypt
 
 
 
openssl rsa -in key.pem -out key_protected.pem -aes256openssl base64 -in key_protected.pem -out result _file_name
 
</source>
 
Once you have created the two PEM files perform the following steps:
 
<ul>
 
<li>Encode saml.pem into a base64 string (=>’saml.pem.b64’) using this command:
 
<source lang="text">
 
openssl base64 -in saml.pem -out saml.pem.b64
 
</source>
 
</li>
 
<li>Encrypt the saml.pkcs using a password (=>’saml.pkcs.enc.password’) and then encode the resulting content into a base64 string (=>’saml.pkcs.enc.b64’) using this command:
 
<source lang="text">
 
openssl rsa -in saml.pkcs8 -out saml.pkcs8.enc -aes256
 
</source>
 
(specify the value of saml.pkcs.enc.password when prompted)
 
<source lang="text">
 
openssl base64 -in saml.pkcs8.enc -out saml.pkcs8.enc.b64
 
</source>
 
</li>
 
</ul>
 
The resulting material can be set in the saml section of the transaction object:
 
<ul>
 
<li>certificate=<saml.pem.b64></li>
 
<li>pkey=<saml.pkcs.enc.b64></li>
 
<li>password=<saml.pkcs.enc.password></li>
 
</ul>
 
</li>
 
</ul>
 
</li>
 
 
<li>To allow for better control and monitoring of the components using PureCloud Services, for each PureEngage Service that uses a common service you must create multiple sections, one for each OAuth client, in Configuration Server to allow for better control and monitoring of the components using the PureCloud Services and for different rate limiting per client. This does not mean that if you have ''n'' number of components on premises that are associated with one another, they cannot share a given client id.<br />
 
<li>To allow for better control and monitoring of the components using PureCloud Services, for each PureEngage Service that uses a common service you must create multiple sections, one for each OAuth client, in Configuration Server to allow for better control and monitoring of the components using the PureCloud Services and for different rate limiting per client. This does not mean that if you have ''n'' number of components on premises that are associated with one another, they cannot share a given client id.<br />
 
Genesys recommends that you consult architecture before performing this step.
 
Genesys recommends that you consult architecture before performing this step.

Revision as of 14:20, May 30, 2019

This is a draft page; the published version of this page can be found at PEC-Hybrid/Current/Admin/About.

This article describes the essential provisioning steps to enable a hybrid integration between PureEngage On-Prem deployments and Genesys PureCloud services.

Supported Services

About Provisioning

PureCloud Provisioning Steps

PureEngage On Premises: Transaction object for hybrid integrations

Opening Your Network

Retrieved from "https://all.docs.genesys.com/Draft:PEC-Hybrid/Current/Admin/About (2025-06-20 13:37:10)"