Overview
Expertflow CX IAM (Identity and Access Management) backed by KeyCloak, enables users to access all Expertflow CX resources securely, you can control Authentication (who can sign into CX) and Authorization (who is permitted to use a CX resource).
User Management
User management in Keycloak can be done through the Keycloak Admin Console, which is a web-based interface that allows administrators to manage users, roles, and permissions.
You can access your Keycloak Admin Console by https://[server-fqdn]/auth
See how user management can be done on the Keycloak interface here
Standalone
Expertflow CX can be deployed on-prem or on the cloud as a standalone web application, after the successful deployment, you will need to set up your client (resource server) in the Keycloak instance to make authentication work, please refer Keycloak Client Resource Management Setup guide to setup your client.
Cisco
Apart from Standalone deployment, you can set up your Expertflow CX solution within the Cisco Finesse environment (i.e UCCX or UCCE). We have the following two methods available and are part of Expertflow CX IAM:
Login with Finesse (SSO)
Login with Finesse (Without SSO)
Using either one of the above authentication methods you can set up your Finnse environment with Expertflow CX.
Authorization
Expertflow CX has permission and access management (using Keycloak IAM) to access different application resources. We have role-based permissions on a top access level (i.e admin, agent, supervisor) and for more granular access levels we have a group-based implementation available too. See Security and User Permissions for more information.
Two-factor Authentication
As an added layer of security and for secure user access to the CX application, we have implemented two-factor authentication in our user apps (i.e AgentDesk and Unified Admin). Each deployment can be configured to enable two-factor authentication using the Google Authenticator App or SMS. See the deployment guide to enable two-factor authentication in CX.
Here the detailed user guide for How to use Two-factor authentication while logging in the CX user apps (i.e AgentDesk and Unified Admin)
Integration with external IDPs
Keycloak supports a wide range of external identity providers (IDPs), which you can use to authenticate and authorize your existing users with Expertflow CX. Below is the list of external IDPs supported by Keycloak:
LDAP: Keycloak can integrate with LDAP directories, such as Microsoft Active Directory and OpenLDAP, to authenticate and authorize users.
SAML: Keycloak supports the SAML 2.0 standard, which allows integration with a variety of SAML identity providers, including Okta, Azure AD, and PingFederate.
OAuth 2.0/OpenID Connect: Keycloak can act as an OAuth 2.0/OpenID Connect identity provider or client, which allows integration with a variety of external OAuth 2.0 and OpenID Connect providers, including Google, Facebook, and Microsoft.
Kerberos: Keycloak can integrate with Kerberos authentication systems, which allows users to authenticate with their Kerberos credentials.
Others: Keycloak also supports other identity providers, such as X.509 certificates, JWT tokens, and social identity providers like Twitter, GitHub, and LinkedIn.