Difference between revisions of "Draft: PEC-Hybrid/Current/Admin/About"

From Genesys Documentation
Jump to: navigation, search
Line 74: Line 74:
 
</ol>
 
</ol>
 
</li>
 
</li>
<li>Create your SAML Cert and key. Certificate is base64 string created from PEM file by using this command:<br>
+
<li>Create your SAML Certificate (public key) and private key:<br>
 
<source lang="text">
 
<source lang="text">
openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem
+
openssl req -new -x509 -days 3652 -nodes -out cert.pem -keyout key.pem
</source>
 
Pkey is also based64 string but requires additional command to create encrypted private key:<br>
 
<source lang="text">
 
openssl pkcs8 -topk8 -inform PEM -outform PEM -in saml.pem -out key.pem -nocrypt
 
 
</source>
 
</source>
 
Once you have created the two PEM files perform the following steps:
 
Once you have created the two PEM files perform the following steps:
 
<ul>
 
<ul>
<li>Encode saml.pem into a base64 string (=>’saml.pem.b64’) using this command:
+
<li>Encode cert.pem into a base64 string (cert.pem.b64) using this command:
 
<source lang="text">
 
<source lang="text">
openssl base64 -in saml.pem -out saml.pem.b64
+
openssl base64 -in cert.pem -out cert.pem.b64
 
</source>
 
</source>
 
</li>
 
</li>
Line 109: Line 105:
 
   "name": "PureEngage",
 
   "name": "PureEngage",
 
   "autoProvisionUsers": true,
 
   "autoProvisionUsers": true,
   "certificate": "Content of the saml.pem file",
+
   "certificate": "Content of the cert.pem file without the ---BEGIN CERTIFICATE— and ---END CERTIFICATE--- text blocks",
 
   "issuerURI": "http://www.genesys.com/pureengage",
 
   "issuerURI": "http://www.genesys.com/pureengage",
 
   "ssoTargetURI": "http://example.com/target",
 
   "ssoTargetURI": "http://example.com/target",
Line 174: Line 170:
 
<ul>
 
<ul>
 
<li>'''issuer''': The SAML IDP URI that you created in the PureCloud Provisioning steps above (for example: <nowiki>https://www.genesys.com/pureengage</nowiki>).</li>
 
<li>'''issuer''': The SAML IDP URI that you created in the PureCloud Provisioning steps above (for example: <nowiki>https://www.genesys.com/pureengage</nowiki>).</li>
<li>'''certificate''': The public key of the SAML related certificate (a base64 saml.pem PEM encoded key; for example: saml.pem.b64 created in step xx).</li>
+
<li>'''certificate''': The public key of the SAML related certificate encoded in base64; for example: cert.pem.b64 created in step 2).</li>
<li>'''pkey''': The encrypted SAML related certificate private key (a saml.pkcs8 private key encrypted in aes256 with a password (see password option below) and encoded in base64; for example: key.pem.enc.b64 created in step xx). You must encrypt the private key with a password that you create before you store the key in Config Server.</li>
+
<li>'''pkey''': The encrypted private key of the SAML related certificate encoded in base64; for example: key.pem.enc.b64 created in step 2).</li>
<li>'''password''': The password to decrypt the private key that you specified in step xx.</li>
+
<li>'''password''': The password to decrypt the private key that you specified in step 2.</li>
 
<li>'''expire_time''': The expiration time (in hours) for the access token. The default is 24 hours. This might be overridden on the server side.</li>
 
<li>'''expire_time''': The expiration time (in hours) for the access token. The default is 24 hours. This might be overridden on the server side.</li>
 
</ul>
 
</ul>

Revision as of 17:48, June 4, 2019

This is a draft page; the published version of this page can be found at PEC-Hybrid/Current/Admin/About.

{{Article |Standalone=Yes |DisplayName=Provisioning PureEngage Hybrid Integrations |Platform=PureEngage |TocName=Provisioning |ComingSoon=No |Context=This article describes the essential provisioning steps to enable a hybrid integration between PureEngage On-Prem deployments and Genesys PureCloud services. |Section=

Supported Services

About Provisioning

{{Section |sectionHeading=PureCloud Provisioning Steps |Type=Unstructured |freetext=Perform the following steps using the PureCloud Admin UI or the PureCloud API.

  1. To allow for better control and monitoring of the components using PureCloud Services, for each PureEngage Service that uses a common service you must create an OAuth client to allow for better control and monitoring of the components using the PureCloud Services and for different rate limiting per client. This does not mean that if you have n number of components on premises that are associated with one another, they cannot share a given client id. Genesys recommends that you consult architecture before performing this step.
    1. Create a SAML2 Bearer OAuth Client for the client, such as PureEngage Workspace Desktop Edition, that needs to send a SAMLResponse to exchange for a PureCloud Access Token:
      1. In PureCloud Admin, select Integrations>OAuth, then click Add Client.
      2. Name the Client and select SAML2 Bearer as the Grant Type.
      3. Enter the Authorized redirect URI, for example: https://apps.mypurecloud.com
        Hybrid SAML2Bearer Creation.png
    2. As necessary, for each on-premises service, like the "Agent Pacing Service" (ewt), create OAuth Client Credentials grants:

      For more information about Permissions for Altocloud, see the Altocloud permissions overview.

  2. Create your SAML Certificate (public key) and private key:
    openssl req -new -x509 -days 3652 -nodes -out cert.pem -keyout key.pem

    Once you have created the two PEM files perform the following steps:

    • Encode cert.pem into a base64 string (cert.pem.b64) using this command: 
      openssl base64 -in cert.pem -out cert.pem.b64
    • Encrypt the key.pem using a password that you specify 
      openssl rsa -in key.pem -out key.pem.enc -aes256
    • Encode the resulting content into a base64 string (=>’key.pem.enc.b64’) using this command: 
      openssl base64 -in key.pem.enc -out key.pem.enc.b64
  3. Create a PureEngage Identity Provider (IDP). You can use the Identity Provider API via the PureCloud Developer Tools, SDKs, or Platform API.
    Sample Request:
    PUT https://api.{{environment}}/api/v2/identityproviders/pureengage
 
{
   "name": "PureEngage",
   "autoProvisionUsers": true,
   "certificate": "Content of the cert.pem file without the ---BEGIN CERTIFICATE— and ---END CERTIFICATE--- text blocks",
   "issuerURI": "http://www.genesys.com/pureengage",
   "ssoTargetURI": "http://example.com/target",
   "disabled": false
}

    Troubleshooting:

    • Ensure that the IDP is set with "autoProvisionUsers" = "true"
    • Ensure that the issuer URI in your SAML assertion is the same as the issuer URI for the IDP.
    • Ensure that you don't have multiple issuers with the same URI.
  4. By default, Altocloud permissions are included in the Admin and AI Agent roles. As auto-provisioned users are created with the employee role, which does not include Altocloud permissions. You must grant the [Altocloud permissions to the employee role. You may grant Altocloud permissions to additional roles as needed.
  5. (Optional as needed) Create additional Admin accounts by adding people to your organization and assigning them to the Admin role.

|Status=No }}

PureEngage On Premises: Transaction object for hybrid integrations

Opening Your Network

}}

Retrieved from "https://all.docs.genesys.com/Draft:PEC-Hybrid/Current/Admin/About (2025-06-20 17:29:10)"