User Management using IAM

Administrative Interface Access

CX IAM (Keycloak) administrative features are accessible through the web console accessible via https://[server-fqdn]/auth. Administrative privileges within the CX environment are managed via either admin or agent permissions via either admin or agent permissions, which provides granular control over user permissions and system access.

Following are few key concepts of user management used in CX environment:

Users

Users represent individual identities within the CX system. Each user has a unique username, email address, and profile information. Users are authenticated through credentials and can be assigned roles, teams and group memberships to control their access to CX resources. You can refer to Keycloak Configuration guide and follow from step#14 to step#20 to configure user for CX.

Groups

Groups provide a way to organize users based on organizational structure or functional requirements. Users can belong to multiple groups, and groups can have hierarchical relationships. Group membership automatically grants users the roles and permissions associated with that group. In CX system, we use groups to separate users based on functionality they can access by assigning group based access control policies against given groups.

Primary Groups Classification:

• agents_permission (normal agents with limited set of functionality)

• senior_agents_permission (senior agents can perform all functionality of normal agents + additional permissions like accessing conversation history, editing customer profile from customers list)

You can see permissions list here: permission document

Roles

Roles define sets of permissions that can be assigned to users or groups. CX IAM supports two types of roles:

• Realm Roles: Global roles that apply across the entire realm

• Client Roles: Specific roles that apply only to particular clients/applications

We are using Realm Roles for CX Apps, these are few of the roles available that we have created in IAM Solution:

Primary Role Classifications:

• Admin: Full system configuration and management capabilities. The business admin who does business administration such as adding and modifying channels, locale settings, bot configurations, etc. 

• Supervisor: CX Teams oversight, reporting access, and operational monitoring of assigned agents.

• Agent: Customer interaction management, conversation management and user profile management. (Further fine grained permissions assignment based on given group i.e senior or normal agent)

• Routing Manager: Manages routing policies, MRDs, Queues, steps within Queues, etc.

• Quality Manager: Evaluation, scheduling and assignment of conversations for performance evaluation of Agents.

• Evaluator: Evaluation of conversations for performance inspection of Agents.

You can refer to CX Roles document to see further details: User Roles

Authorization Server

The authorization server component handles resource protection and access control decisions. It manages resources, scopes, permissions, and policies to determine whether users can access specific CX functionalities based on their roles and group memberships.

Permission Management Framework

The system implements a multi-tier permission structure accommodating both broad operational roles and specific functional requirements:

Granular Access Control: Group-based permissions enable fine-tuned access control for specific features, departmental resources, or business unit requirements. This approach supports complex organizational structures while maintaining security policy consistency.

Reference materials:

• CX Administrative permission for Unified Admin: permission document.

• CX Administrative permissions for Agent Management (Unified Agent): permission document.

• Client and Resource management document: Keycloak Client Resource Management Setup

• Update admin password in CX components: How to update admin passwords in CX components

• Bulk user upload guide: How to update admin passwords in CX components