Skip to main content
Skip table of contents

Security and User Permissions

Overview

This document highlights how Keycloak is integrated with Unified Admin and AgentDesk regarding user authorization. For user authorization, one needs to set up resources within the EF realm and assign scopes to the resources. In Keycloak, there are two ways to manage user authorization, i.e. Role-based access, Scope-based permissions. We use Role-based access to authorize user roles and permissions to access a resource. 


See KeyCloak Client Resource Management Setup to understand how to create roles, users, scopes, and resources on Keycloak.

See KeyCloak Configuration to see how to configure Keycloak once the Expertflow software is installed.

User Authorization with AgentDesk

All necessary resources and scopes of AgentDesk are automatically added within Keycloak on importing the expertflow realm. 

The following resources and scopes mapping are predefined within Keycloak when you import the expertflow realm. See KeyCloak Configuration to learn more about it.

Resource - Scope Mapping

ResourceDescription View ScopeManage Scope
state-changeThis includes changing the agent's global as well as MRD state.Change global (Ready, Not ready) as well as MRD states N/A 
customer-listManage the customer list and all operations available on the List view. This includes creating customers, editing profiles, and linking customers to conversations. list, view create/edit customer, link/relink customer, list, 
customer-conversation- view See customer conversation and all operations related to managing a conversation Current conversation activities (messages exchanged between the customer and the bot before arriving on the agent end), send messages, switch between active chats, all chat controls except those which are protected as a separate, independent resource (Leave chat, e.g.)View history ( by clicking on "Load more")
leave-chat This gives the ability to leave a chat room by clicking the close icon in the conversationleave chat N/A
customer-labels (reserve for future)Manage customer labels list, assign (pre-generated labels only)Create, edit, delete, list, assign labels
customer-schemaManage customer schema list, viewCreate, edit, delete, list
subscribed-listThis includes all operations related to Subscribed Chats lists (join, end, view chats list) List, Subscribe/Unsubscribe, and Join chatEnd chat (close chat from the Pull-based list)
team-announcements (reserve for future)All operations related to managing team announcements list, viewCreate, edit, delete, list
supervisor-dashboardViewing dashboards View (all operations)N/A
Customer labels All operations related to managing customer labels list, view, and assign labels (includes dynamic creation of labels)Create, Edit, and Delete Labels from the Label's list 

Role-Scope Mapping:

RoleDescriptionAssigned Scope
AgentThis contact center agent is supposed to take customer chat requests and answer them.View (State Change, Customer Labels, Subscribed Lists, Leave Chat, Customer List, Conversation View, Customer Labels), Manage (Customer List, Conversation View)
SupervisorThis is a contact center supervisor who manages agents and also takes chat requests.View (State Change, Subscribed Lists, Leave Chat, Customer Schema, Customer List, Conversation view), Manage (Customer List, Customer Schema, Supervisor Dashboards, Subscribed Lists, Conversation View, Customer Labels)
AdminThis is a super user, a contact center admin whose main purpose of logging into the Agent Desk is to define the Customer Schema.View and manage (all resources) except for the State Change

User Authorization with Unified Admin

All necessary resources and scopes of Unified Admin are automatically added within Keycloak when you import the expertflow realm. 

The following resources and scopes mapping are predefined within Keycloak on importing the expertflow realm. See KeyCloak Configuration to learn more about it.

Resource - Scope Mapping

Resource Resource Description View ScopeManage Scope
routing-engineThis includes everything that comes under this group i.e. agents, queues, MRDs, and attributes.View

Create, Edit, Delete

channel-managerThis includes everything that comes under this group i.e. channel types, channel providers, channel connectors, and channel settings.ViewCreate, Edit, Delete
bot-settingsThis includes bot settings.ViewCreate, Edit, Delete
general-settingsThis includes license and locale info.View 

Create, Edit 

web-widgetThis includes everything that comes under this group.ViewCreate, Edit, Delete
formsThis includes everything that comes under this group i.e. forms list and form settings.ViewCreate, Edit, Delete
pull-mode-listThis includes everything that comes under this group i.e. list view and list settings.ViewCreate, Edit, Delete
reason-codeThis includes everything that comes under this group.ViewCreate, Edit, Delete

Role-Scope Mapping:

RoleRole DescriptionScope
admin This is the contact center administrator who is supposed to manage system-wide settings.View, Manage (all*)

*All means all resources mentioned in the table (Resource-Scope Mapping) above.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.