Cisco Teams Synchronizer
Cisco Teams Synchronizer is a background service that maps and synchronizes a Cisco Team object to a KeyCloak group.
This services runs on a preconfigured schedule and does one-way synchronization of Cisco Teams from Cisco to Keycloak. Existing KeyCloak Group object is updated and new Cisco Teams are added as KeyCloak Groups. It also associates preconfigured permissions and policies to the newly created KeyCloak Groups.
Here are some important points regarding the Cisco Teams that are synced on Keycloak:
Job duration can be customized to any specific time duration.
Each Cisco Team will be created on Keycloak as a Group.
Each Keycloak Group created against Cisco Team contains an attribute named
ciscoTeamId
mapped against the actual Cisco Team ID to uniquely identify it from other Keycloak Groups/Teams.If a Keycloak Group already exists against a Synced Cisco Team then the Cisco Team will override it, Keycloak agents/supervisors already assigned to the group will remain intact.
When the Cisco Team is synced in Keycloak, we will also create its Permissions/Policies in Keycloak. Also, a new resource named teams will be created on the first iteration of the job. It will contain all the scopes and Permissions related to Cisco Teams.
Supervisors and Agents won't be assigned to Cisco Team when syncing to Keycloak, they will be assigned to the team on their first login to finesse/agentdesk.
Note: You can not run Sync Job until the Keycloak instance and Realm is already setup. Also, make sure the Cisco Teams are synced before logging in to Cisco Agent/Supervisor on AgentDesk/Finesse.
If a Cisco team or user is deleted after sync to Keycloak, they may still persist in Keycloak as enabled entities. It is necessary to manually delete such teams or users from Keycloak.
The following environment variable should be provided before running the sync job to successfully configure it: Configuration of Cisco Teams Synchronizer
All the environment variable in above attached file must be configured as provided. It contains info regarding finesse instance and its admin credentials, along with Keycloak instance info and its admin credentials.
Once a job completes the initial Syncing Process of Cisco Teams, we can go to Keycloak Admin Console to Check the Synced Teams:
Go to the Keycloak Admin Console of your targeted Keycloak instance (The one you ran Sync Job on):
Now go to the targeted Keycloak realm you mentioned in your Sync Job Config, in our case its expertflow. Once you are routed to the realm, click on the Groups tab:
You can see all the synced Cisco Teams as Keycloak Groups:
To see additional data of a specific Synced Team, click on 3 dots on the right of the Team name, then click on Edit, you will be taken to the Team Settings page:
Go to the Attributes tab. You can see ciscoTeamId and supervisor attributes. supervisor attribute map against all the supervisors of this Team. ciscoTeamId contains the id of Cisco Team as referred by its name:
Note: Supervisor attribute will only appear once a supervisor is assigned to team through login on finesse.Now, go to the clients tab and then click on your targeted client, in our case its cim.
Now, go to the Authorization tab and click on resource, then search for teams resource.
Open the teams resource details, we can see all the Cisco Teams Permissions and Scopes linked to this resource, this can later be used to secure teams through Permissions/Policies. For now, we are just creating them and not using them.