Provision Genesys Authentication
From Genesys Documentation
This topic is part of the manual Genesys Authentication Private Edition Guide for version Current of Genesys Authentication.
Contents
Learn how to provision Genesys Authentication.
Related documentation:
RSS:
Warning
Provisioning for Genesys Authentication is tied closely with other Genesys services. You must install these services before continuing with the steps on this page:
Prerequisites
- You have installed the Genesys Authentication services and the following URLs are accessible:
- <auth-url>/auth/v3/oauth/token
- <auth-url>/environment/v3/environments
- You have the ops credentials (services.secret.admin_username and services.secret.admin_password) from the values.yaml file.
- The Tenant Service is accessible.
- You have Configuration Server details such as hostname or IP, port, username, password, and cloud application name.
Create a new API Client
Make a POST request to create a new API client for Genesys Authentication:
JM: What is the "external_api_client" used for and why do we have redirect URIs for WWE, GWS, and provisioning, in addition to auth? In GWS, we have instructions to use the API to create separate clients for for GWS and provisioning, so would they use those respective redirect URIs? I'm confused about where the separate is here between what we need for auth and what we need for GWS
curl --location --request POST '<gauth-url>/auth/v3/ops/clients' \
--header 'Content-Type: application/json' \
--user ops:ops \ ---------------------------- Cloud ops credentials (<username:password>) from values.yaml. The default value is ops:ops
--data-raw '{"data": {
"name": "external_api_client", ----------------- <Client Name>
"clientType": "CONFIDENTIAL",
"internalClient": true,
"refreshTokenExpirationTimeout": 43200,
"client_id": "external_api_client", ----------------- <Client ID>
"client_secret": "", --------------------------<Client Password>
"authorities": ["ROLE_INTERNAL_CLIENT"],
"scope": ["*"],
"authorizedGrantTypes": ["client_credentials", "authorization_code", "refresh_token", "password"],
"redirectURIs": ["https://gauth.<yourcluster.com>","https://wwe.<yourcluster.com>","https://gws.<yourcluster.com>","https://prov.<yourcluster.com>"], -----> should add gws/prov external URLS here
"accessTokenExpirationTimeout": 43200
}
}'The result includes the client_id you need to Create an authentication token:
"status": {
"code": 0
},
"data": {
"clientType": "CONFIDENTIAL",
"scope": [
"*"
],
"internalClient": true,
"authorizedGrantTypes": [
"refresh_token",
"client_credentials",
"password",
"authorization_code",
"urn:ietf:params:oauth:grant-type:token-exchange",
"urn:ietf:params:oauth:grant-type:jwt-bearer"
],
"authorities": [
"ROLE_INTERNAL_CLIENT"
],
"redirectURIs": [
"https://gauth.<yourcluster.com>",
"https://gws.<yourcluster.com>",
"https://prov.<yourcluster.com>",
],
"accessTokenExpirationTimeout": 43200,
"refreshTokenExpirationTimeout": 43200,
"createdAt": 1619796576236,
"name": "external_api_client",
"client_id": "external_api_client",
"client_secret": "secret",
"encrypted_client_secret": "A34BOmXDedZwbTKrwmd4eA=="
}
}Create an authentication token
Make the following POST request to create an authentication token:
curl --location --user external_api_client:secret --request POST '<gauth-url>/auth/v3/oauth/token' \ ----- user is the API client created in the previous step
--data-urlencode 'username=ops' \
--data-urlencode 'client_id=external_api_client' \ ------------------ client ID created in the previous step
--data-urlencode 'grant_type=password' \
--data-urlencode 'password=ops'The result includes the access_token you need to Add a Genesys tenant/environment:
{
"access_token": "5f1ecb33-5c63-4606-8e30-824e494194c6",
"token_type": "bearer",
"refresh_token": "f0c7eed6-cc55-426f-9594-7ae14903e749",
"expires_in": 43199,
"scope": "*"
}Add a Genesys tenant/environment
Warning
Complete this step after installing the Tenant service.Make the following POST request to create the Environment tenant:
curl --location --request POST '<gauth-url>/environment/v3/environments' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer f3aa2109-8889-4182-b2b7-d86917c53e4e' \ ----- access token generated in previous step
--data-raw '{
"data": {
"id" : <CC-id>, which is used while deploying the Tenant service
"username": "default", ---------------------------- Configuration Server username
"password": "password", ------------------------- Configuration Server password
"connectionProtocol": "addp",
"remoteTimeout": 7,
"appName": "Cloud", -------------------------- Cloud app
"traceMode": "CFGTMBoth",
"tlsEnabled": false,
"configServers": [{
"primaryPort": 2020, ---------------------- Configuration Server port
"readOnly": false,
"primaryAddress": "172.24.132.84", ------ Configuration Server IP
"locations": "/USW1"
}],
"localTimeout": 5,
"tenant": "Environment"
}
}'The result includes the environment ID you need to Add a contact center:
{
"status": {
"code": 0
},
"path": "/environments/d0fb6386-236c-4739-aec0-b9c1bd6173df" - Environment ID
}Add a contact center
Warning
Complete this step after installing the Tenant service.Make the following POST request to add a contact center to the environment:
curl --location --request POST '<gauth-url>/environment/v3/contact-centers' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer 9901f8d6-0351-47f8-b718-7db992f53a02' \
--data-raw '{
"data": {
"domains": <customer-domain>,
"environmentId": "343dd264-7c26-4f9e-82c5-26baedbcb797", ------- > Environment ID created in the previous step
"auth": "configServer",
"id" : <CC-id> which is used while deploying the Tenant service
}
}'The result includes the contact center ID (also known as CCID) you will need to provision other Genesys services:
{
"status": {
"code": 0
},
"path": "/contact-centers/ed4c03f3-6275-4419-8b2b-11d14af10655" - Contact center ID
}Add a data center
Make the following POST request to add a data center:
curl --location --request POST '<gauth-url>/environment/v3/data-centers' \
--user ops:ops \
--header 'Content-Type: application/json' \
--data '{
"data": {
"location": "/usw1", <----- region as per Genesys Multicloud CX name convention
"entryPoint": <gauth-url>, <----- for location above
"readOnly": false/true <----- should be true for a primary or writeable region only, false for all other regions
}
}'The result should look like this:
"status": {
"code": 0
}Update CORS settings (optional)
Make the following request only when services need CORS clearance from Web Services and Applications. Updates to the value field, which contains the list of URLs that require CORS permission, override any existing records. To preserve the existing records, make a GET request to collect the URLs and then append the new values as a comma separate list in your POST.
curl --location --request POST '<gauth-url>/environment/v3/contact-centers/<contactcenter-id>/settings' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer 3f26790a-6e5b-4dc7-a139-ae78dab2a331' \ -- Bearer token
--data-raw '
{
"data":{
"location":"/",
"name":"cors-origins",
"shared":"true",
"value":"<URL_1>,<URL_2>,<URL_3>""- URLs that require CORS permission"
}
}'Comments or questions about this documentation? Contact us for support!