Skip to main content
Skip table of contents

Security and User Permissions

Overview

This document throws the light on how Keycloak is integrated with Unified Admin and Agent Desk regarding user authorization. For user authorization, we need to setup resources within the EF realm and assign scopes to the resources. In Keycloak, there are two ways to manage the user authorization, i.e. Role-based access, Scope-based permissions. We use Role-based access to authorize user roles and permissions to access a resource. 


See Keycloak Client Resource Management Setup to understand more on how to create roles, users, scopes and resources on Keycloak.

See Keycloak Configuration to see how to configure Keycloak once the Expertflow software is installed.

User Authorization with Agent Desk

All necessary resources and scopes of Agent Desk are automatically added within Keycloak when you import the expertflow realm. 

The following resources and scopes mapping are predefined within Keycloak when you import the expertflow realm. See Keycloak Configuration to learn more about it.

Resource - Scope Mapping

ResourceDescription View ScopeManage Scope
state-changeThis includes changing the agent's global as well as MRD state.Change global (Ready, Not ready) as well as MRD states N/A 
customer-listManage the customer list and all operations available on the List view. This includes creating customers, editing profiles, linking customers to conversations. list, view create/edit customer, link/relink customer, list, 
customer-conversation- view See customer conversation and all operations related to managing a conversation Current conversation activities (messages exchanged between the customer and the bot before arriving on the agent end), send message, switch between active chats, all chat controls except those which are protected as a separate, independent resource (Leave chat, e.g.)View past history ( by clicking on "Load more")
leave-chat This gives the ability to leave a chat room by clicking the close icon in the conversationleave chat N/A
customer-labels (reserve for future)Manage customer labels list, assign (pre-generated labels only)Create, edit, delete, list, assign labels
customer-schemaManage customer schema list, viewCreate, edit, delete, list
subscribed-listThis includes all operations related to Subscribed Chats lists (join, end, view chats list) List, Subscribe/Unsubscribe, Join chatEnd chat (close chat from the Pull-based list)
team-announcements (reserve for future)All operations related to managing team announcements list, viewCreate, edit, delete, list
supervisor-dashboardViewing dashboards View (all operations)N/A
Customer labels All operations related to managing customer labels list, view, assign label (includes dynamic creation of labels)Create, Edit, Delete Labels from Labels list 

Role-Scope Mapping:

RoleDescriptionAssigned Scope
AgentThis is a contact center agent who is supposed to take customer chat requests and answer them.View (State Change, Customer Labels, Subscribed Lists, Leave Chat, Customer List, Conversation View, Customer Labels), Manage (Customer List, Conversation View)
SupervisorThis is a contact center supervisor who is managing agents and also take chat requests.View (State Change, Subscribed Lists, Leave Chat, Customer Schema, Customer List, Conversation view), Manage (Customer List, Customer Schema, Supervisor Dashboards, Subscribed Lists, Conversation View, Customer Labels)
AdminThis is a super user, a contact center admin whose main purpose of logging into the Agent Desk is to define the Customer Schema.View, Manage (all resources) except for the State Change

User Authorization with Unified Admin

All necessary resources and scopes of Unified Admin are automatically added within Keycloak when you import the expertflow realm. 

The following resources and scopes mapping are predefined within Keycloak when you import the expertflow realm. See Keycloak Configuration to learn more about it.

Resource - Scope Mapping

Resource Resource Description View ScopeManage Scope
routing-engineThis includes everything that comes under this group i.e. agents, queues, MRDs and attributes.View

Create, Edit ,Delete

channel-managerThis includes everything that comes under this group i.e. channel types, channel provider, channel connector, channel settings.ViewCreate, Edit ,Delete
bot-settingsThis includes bot settings.ViewCreate, Edit ,Delete
general-settingsThis includes license and locale info.View 

Create, Edit 

web-widgetThis includes everything that comes under this group.ViewCreate, Edit ,Delete
formsThis includes everything that comes under this group i.e. forms list and form settings.ViewCreate, Edit ,Delete
pull-mode-listThis includes everything that comes under this group i.e. list view and list settings.ViewCreate, Edit ,Delete
reason-codeThis includes everything that comes under this group.ViewCreate, Edit ,Delete

Role-Scope Mapping:

RoleRole DescriptionScope
admin This is the contact center administrator who is supposed to manage system-wide settings.View, Manage (all*)

*All means all resources mentioned in the table (Resource-Scope Mapping) above.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.