Difference between revisions of "Draft: PEC-Hybrid/Current/Admin/About"
From Genesys Documentation
| Line 5: | Line 5: | ||
|TocName=Provisioning | |TocName=Provisioning | ||
|ComingSoon=No | |ComingSoon=No | ||
| − | |Context=This article describes the essential provisioning steps to enable a hybrid integration between PureEngage On- | + | |Context=This article describes the essential provisioning steps to enable a hybrid integration between Genesys PureEngage On-Premises deployments and Genesys PureCloud services. This enables you to access many of the great Genesys PureCloud Services in your On-Premises deployments. |
|Section={{Section | |Section={{Section | ||
|sectionHeading=Supported Services | |sectionHeading=Supported Services | ||
|Type=Unstructured | |Type=Unstructured | ||
|anchor=SupportedServices | |anchor=SupportedServices | ||
| − | |freetext=The following PureCloud services are supported and have supplementary documentation: | + | |freetext=The following [https://help.mypurecloud.com PureCloud services] are supported and have supplementary documentation: |
* {{Link-AnywhereElse|product=ATC|display text=Genesys Altocloud}} | * {{Link-AnywhereElse|product=ATC|display text=Genesys Altocloud}} | ||
** {{Link-AnywhereElse|product=ATC|version=Current|manual=WDEPlugin|topic=About|display text=Altocloud for Workspace Desktop Edition}} | ** {{Link-AnywhereElse|product=ATC|version=Current|manual=WDEPlugin|topic=About|display text=Altocloud for Workspace Desktop Edition}} | ||
| Line 22: | Line 22: | ||
|freetext=Before proceeding with the information in this article you should consult with the Genesys Professional Services team that you are working with to obtain the information needed to complete the provisioning. | |freetext=Before proceeding with the information in this article you should consult with the Genesys Professional Services team that you are working with to obtain the information needed to complete the provisioning. | ||
| − | To support the different authentication mechanisms in PureCloud Integration, you must create a transaction object in Genesys Configuration Server under the environment and associated script folder with the following data. PureEngage On-Premises Services, Components, and UIs will use this information to authenticate with the PureCloud Common Services and UIs. | + | To support the different authentication mechanisms in PureCloud Integration, you must create a transaction object in Genesys PureEngage Configuration Server under the environment and associated script folder with the following data. PureEngage On-Premises Services, Components, and UIs will use this information to authenticate with the PureCloud Common Services and UIs. |
Use Genesys Administrator Extension to manually create all of the PureCloud Common Service–related configuration information in Configuration Server at the Tenant level. | Use Genesys Administrator Extension to manually create all of the PureCloud Common Service–related configuration information in Configuration Server at the Tenant level. | ||
| − | After you purchase a common cloud service, you will receive a welcome email to activate your admin accounts with PureCloud. | + | After you purchase a common cloud service, a PureCloud Organization is created for you and you will receive a welcome email to activate your admin accounts with PureCloud. |
A '''PureCloud organization''' has been created for you to support your hybrid integration. This organization has been provisioned with the following: | A '''PureCloud organization''' has been created for you to support your hybrid integration. This organization has been provisioned with the following: | ||
| Line 33: | Line 33: | ||
* A user with the '''PureCloud Admin''' role, which includes default admin permissions as well as Single Sign-On and any integration-specific permissions. | * A user with the '''PureCloud Admin''' role, which includes default admin permissions as well as Single Sign-On and any integration-specific permissions. | ||
* A default '''AI Agent''' role that provides agent access to the AI services (if required by your integration). | * A default '''AI Agent''' role that provides agent access to the AI services (if required by your integration). | ||
| − | |||
As an administrator, you may access your PureCloud organization by logging in at https://login.mypurecloud.com (or a [https://developer.mypurecloud.com/api/rest/index.html region specific login] URL; The PureCloud welcome email directs you to the appropriate application URL for your region) with the credentials you set when you activate your PureCloud account from the welcome email you received. | As an administrator, you may access your PureCloud organization by logging in at https://login.mypurecloud.com (or a [https://developer.mypurecloud.com/api/rest/index.html region specific login] URL; The PureCloud welcome email directs you to the appropriate application URL for your region) with the credentials you set when you activate your PureCloud account from the welcome email you received. | ||
| Line 44: | Line 43: | ||
# In the '''Organization Details''' tab, open '''Advanced'''. | # In the '''Organization Details''' tab, open '''Advanced'''. | ||
# Copy the Company Name, Short Name, and Organization ID — you will need these values to complete your account configuration. For example:<br>[[File:Hybrid_Organization_Name_And_ID.png|500px]] | # Copy the Company Name, Short Name, and Organization ID — you will need these values to complete your account configuration. For example:<br>[[File:Hybrid_Organization_Name_And_ID.png|500px]] | ||
| − | |||
|Status=No | |Status=No | ||
}} | }} | ||
| Line 50: | Line 48: | ||
|sectionHeading=PureCloud Provisioning Steps | |sectionHeading=PureCloud Provisioning Steps | ||
|Type=Unstructured | |Type=Unstructured | ||
| − | |freetext= | + | |freetext=For ''each'' PureCloud Organization that is created for each of your tenants (for environments with multiple PureEngage tenants), perform the following steps using the PureCloud Admin UI or the PureCloud API. |
<ol> | <ol> | ||
| − | <li> | + | <li>For each PureEngage Service that uses a common service you must create an OAuth client to allow for better control and monitoring of the components using the PureCloud Services and for different rate limiting per client. (This does not mean that if you have ''n'' number of components on premises that are associated with one another, they cannot share a given client id.) |
Genesys recommends that you consult architecture before performing this step. | Genesys recommends that you consult architecture before performing this step. | ||
<ol type="a"> | <ol type="a"> | ||
| + | <li>Create a Client Credential OAuth Client. It is required to create the PureCloud PureEngage Identity Provider (IDP). Login to your [https://developer.mypurecloud.com/api/rest/index.html PureCloud Region], then create a Client Credential Grant. Open '''Integrations''', select '''OAuth''', and enter '''PureEnagage Client Credentials''' as the App name in the '''Client Details''' tab. Select the '''Client Credentials''' grant type.<br> | ||
| + | [[File:Hybrid_Client_Credential_OAuth_Grant.png|500px]]<br> | ||
| + | In the '''Roles''' tab, assign the '''Admin''' role and set the division as '''Home'''.<br> | ||
| + | [[File:Hybrid_Client_Credentials_Role_Assignment.png|500px]] | ||
| + | </li> | ||
<li>Create a SAML2 Bearer OAuth Client for the client, such as PureEngage Workspace Desktop Edition, that needs to send a SAMLResponse to exchange for a PureCloud Access Token: | <li>Create a SAML2 Bearer OAuth Client for the client, such as PureEngage Workspace Desktop Edition, that needs to send a SAMLResponse to exchange for a PureCloud Access Token: | ||
<ol type="i"> | <ol type="i"> | ||
| Line 67: | Line 70: | ||
<li>As necessary, for each on-premises service, like the "Agent Pacing Service" ('''ewt'''), create OAuth Client Credentials grants: | <li>As necessary, for each on-premises service, like the "Agent Pacing Service" ('''ewt'''), create OAuth Client Credentials grants: | ||
<ul> | <ul> | ||
| − | <li>Using the UI, follow [https://help.mypurecloud.com/articles/create-an-oauth-client/ these steps],</li> | + | <li>Using the UI, follow [https://help.mypurecloud.com/articles/create-an-oauth-client/ these steps],<br> |
| + | [[File:Hybrid_Client_Credential_OAuth_Grant.png|500px]] | ||
| + | </li> | ||
<li>Or using the API, reference [https://developer.mypurecloud.com/api/rest/v2/oauth/ these endpoints].</li> | <li>Or using the API, reference [https://developer.mypurecloud.com/api/rest/v2/oauth/ these endpoints].</li> | ||
</ul> | </ul> | ||
| Line 74: | Line 79: | ||
</ol> | </ol> | ||
</li> | </li> | ||
| − | <li>Create your SAML Certificate (public key) and private key:<br> | + | <li>Create your SAML Certificate (public key) and private key. You can perform this task with open source tools or with the tools preferred by your IT department for security purposes. Whichever tools you use, you must produce both private and public keys in the form of a PEM file. For example:<br> |
<source lang="text"> | <source lang="text"> | ||
openssl req -new -x509 -days 3652 -nodes -out cert.pem -keyout key.pem | openssl req -new -x509 -days 3652 -nodes -out cert.pem -keyout key.pem | ||
</source> | </source> | ||
| − | + | Save the cert.pem (private key) and key.pem for use in the creation of the Transaction object described in the next section. | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
</li> | </li> | ||
</ul> | </ul> | ||
| Line 166: | Line 156: | ||
<li>'''base_service_url''': The base URL that can be used for any PureCloud service; for example: '''base_service_url''' should be <nowiki>https://[region_host]/api/</nowiki>. <nowiki>[region_host]</nowiki> should be the API-based FQDN for the region; the regions are listed on [https://developer.mypurecloud.com/api/rest/ this page]. The rest of the URL is PureCloud service and version specific; for example: '''...v2/conversations'''. The '''base_service_url''' and the service specific portion is combined in your component code.</li> | <li>'''base_service_url''': The base URL that can be used for any PureCloud service; for example: '''base_service_url''' should be <nowiki>https://[region_host]/api/</nowiki>. <nowiki>[region_host]</nowiki> should be the API-based FQDN for the region; the regions are listed on [https://developer.mypurecloud.com/api/rest/ this page]. The rest of the URL is PureCloud service and version specific; for example: '''...v2/conversations'''. The '''base_service_url''' and the service specific portion is combined in your component code.</li> | ||
</ul> | </ul> | ||
| + | </li> | ||
| + | <li>Use the two PEM files that you created in the PureCloud Provisioning section to perform the following steps: | ||
| + | <ul> | ||
| + | <li>Encode cert.pem into a base64 string (cert.pem.b64) using this command: | ||
| + | <source lang="text"> | ||
| + | openssl base64 -in cert.pem -out cert.pem.b64 | ||
| + | </source> | ||
| + | </li> | ||
| + | <li>Encrypt the key.pem using a password that you specify | ||
| + | <source lang="text"> | ||
| + | openssl rsa -in key.pem -out key.pem.enc -aes256 | ||
| + | </source> | ||
| + | </li> | ||
| + | <li>Encode the resulting content into a base64 string (=>’key.pem.enc.b64’) using this command: | ||
| + | <source lang="text"> | ||
| + | openssl base64 -in key.pem.enc -out key.pem.enc.b64 | ||
| + | </source> | ||
</li> | </li> | ||
<li>Create the following Object options in the '''saml''' section: | <li>Create the following Object options in the '''saml''' section: | ||
Revision as of 17:42, June 5, 2019
This is a draft page; the published version of this page can be found at PEC-Hybrid/Current/Admin/About.
Contents
This article describes the essential provisioning steps to enable a hybrid integration between Genesys PureEngage On-Premises deployments and Genesys PureCloud services. This enables you to access many of the great Genesys PureCloud Services in your On-Premises deployments.