Difference between revisions of "Draft: PEC-Hybrid/Current/Admin/About"
From Genesys Documentation
| Line 15: | Line 15: | ||
** {{Link-AnywhereElse|product=ATC|version=Current|manual=PacingServiceDeployment|topic=About|display text=Agent Pacing Service}} | ** {{Link-AnywhereElse|product=ATC|version=Current|manual=PacingServiceDeployment|topic=About|display text=Agent Pacing Service}} | ||
|Status=No | |Status=No | ||
| − | }}{{Section | + | }} |
| + | {{Section | ||
|sectionHeading=About Provisioning | |sectionHeading=About Provisioning | ||
|Type=Unstructured | |Type=Unstructured | ||
| Line 45: | Line 46: | ||
# Also, retrieve the '''OAuth Client ID''' and '''Secret'''. In the '''PureCloud Admin''' UI, open '''Integrations''', select '''OAuth''', and then click '''PureEngage Client Credentials''' as you will need these later also. | # Also, retrieve the '''OAuth Client ID''' and '''Secret'''. In the '''PureCloud Admin''' UI, open '''Integrations''', select '''OAuth''', and then click '''PureEngage Client Credentials''' as you will need these later also. | ||
|Status=No | |Status=No | ||
| − | }}{{Section | + | }} |
| + | {{Section | ||
|sectionHeading=PureCloud Provisioning Steps | |sectionHeading=PureCloud Provisioning Steps | ||
|Type=Unstructured | |Type=Unstructured | ||
Revision as of 16:51, June 4, 2019
This is a draft page; the published version of this page can be found at PEC-Hybrid/Current/Admin/About.
{{Article |Standalone=Yes |DisplayName=Provisioning PureEngage Hybrid Integrations |Platform=PureEngage |TocName=Provisioning |ComingSoon=No |Context=This article describes the essential provisioning steps to enable a hybrid integration between PureEngage On-Prem deployments and Genesys PureCloud services. |Section=
Contents
Supported Services
About Provisioning
{{Section |sectionHeading=PureCloud Provisioning Steps |Type=Unstructured |freetext=Perform the following steps using the PureCloud Admin UI or the PureCloud API.
- To allow for better control and monitoring of the components using PureCloud Services, for each PureEngage Service that uses a common service you must create an OAuth client to allow for better control and monitoring of the components using the PureCloud Services and for different rate limiting per client. This does not mean that if you have n number of components on premises that are associated with one another, they cannot share a given client id.
Genesys recommends that you consult architecture before performing this step.
- Create a SAML2 Bearer OAuth Client for the client, such as PureEngage Workspace Desktop Edition, that needs to send a SAMLResponse to exchange for a PureCloud Access Token:
- In PureCloud Admin, select Integrations>OAuth, then click Add Client.
- Name the Client and select SAML2 Bearer as the Grant Type.
- Enter the Authorized redirect URI, for example: https://apps.mypurecloud.com
- As necessary, for each on-premises service, like the "Agent Pacing Service" (ewt), create OAuth Client Credentials grants:
- Using the UI, follow these steps,
- Or using the API, reference these endpoints.
For more information about Permissions for Altocloud, see the Altocloud permissions overview.
- Create a SAML2 Bearer OAuth Client for the client, such as PureEngage Workspace Desktop Edition, that needs to send a SAMLResponse to exchange for a PureCloud Access Token:
- Create your SAML Cert and key. Certificate is base64 string created from PEM file by using this command:
openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
Pkey is also based64 string but requires additional command to create encrypted private key:
openssl pkcs8 -topk8 -inform PEM -outform PEM -in saml.pem -out key.pem -nocrypt
Once you have created the two PEM files perform the following steps:
- Encode saml.pem into a base64 string (=>’saml.pem.b64’) using this command:
openssl base64 -in saml.pem -out saml.pem.b64
- Encrypt the key.pem using a password that you specify
openssl rsa -in key.pem -out key.pem.enc -aes256
- Encode the resulting content into a base64 string (=>’key.pem.enc.b64’) using this command:
openssl base64 -in key.pem.enc -out key.pem.enc.b64
- Encode saml.pem into a base64 string (=>’saml.pem.b64’) using this command:
- Create a PureEngage Identity Provider (IDP). You can use the Identity Provider API via the PureCloud Developer Tools, SDKs, or Platform API.
Sample Request:
PUT https://api.{{environment}}/api/v2/identityproviders/pureengage { "name": "PureEngage", "autoProvisionUsers": true, "certificate": "Content of the saml.pem file", "issuerURI": "http://www.genesys.com/pureengage", "ssoTargetURI": "http://example.com/target", "disabled": false }Troubleshooting:
- Ensure that the IDP is set with "autoProvisionUsers" = "true"
- Ensure that the issuer URI in your SAML assertion is the same as the issuer URI for the IDP.
- Ensure that you don't have multiple issuers with the same URI.
- By default, Altocloud permissions are included in the Admin and AI Agent roles. As auto-provisioned users are created with the employee role, which does not include Altocloud permissions. You must grant the [Altocloud permissions to the employee role. You may grant Altocloud permissions to additional roles as needed.
- (Optional as needed) Create additional Admin accounts by adding people to your organization and assigning them to the Admin role.
|Status=No }}
PureEngage On Premises: Transaction object for hybrid integrations
Opening Your Network
}}