Genesys Cloud - Main

 View Only
Discussion Thread View
  • 1.  IP Address Restrictions

    Posted 03-06-2019 03:05
    Our client in Japan follows a strict Personal Information Privacy and Data Protection laws which include Call Centers being in Secure rooms, Staff not being allowed to bring anything into the call center beyond drink etc. and, technology measures.

    These measures mean their PureCloud for Salesforce deployment is within a closed Call Center only Network, VDI on AWS running Workspaces to Access Salesforce and PureCloud.

    Further they Restrict access to systems to that closed Call Center only Network. They are able to do this with IT Infra and Salesforce but have been told by Genesys locally that not only is IP Restriction not possible in PureCloud, it is not roadmap because they do not want to build that capability.

    Why is that? 

    At some point this may lead them to look for other solutions so I am interested to why this is apparently such a firm decision?
    #ArchitectureandDesign
    #Roadmap/NewFeatures
    #Security

    ------------------------------
    Jason Ball
    Pactera (for Fast Retailing)
    Japan
    ------------------------------


  • 2.  RE: IP Address Restrictions

    Posted 03-15-2019 07:55
    We have the exact same challenge and would prefer to do IP retrictions for security matters too.

    ------------------------------
    Jonas Kristensen
    HI3G Denmark ApS
    ------------------------------



  • 3.  RE: IP Address Restrictions

    GENESYS
    Posted 03-16-2019 07:46
    Many customers want to simplify their authentication and ensure consistent and more secure connections across all their applications so have implemented common SSO providers. SSO providers enable MFA, IP address restrictions, etc.

    With PureCloud you can provide secure user access however for more advanced capabilities, e.g. MFA or IP address whitelisting, our recommendation is that customers should use a SSO provider in conjunction with PureCloud to provide these capabilities. The list of IdPs we support is at https://help.mypurecloud.com/articles/purecloud-single-sign-identity-provider-solution/ Basically if the IdP does IP address whitelisting and you can't login successfully then you can't get in to PureCloud as you will not have authenticated credentials. You can also setup PureCloud to only allow login via SSO, disabling direct login.

    There is a lot of additional overhead/dev effort that would be required if we invested in adding IP whiitelisting or other capabilities, .e.g MFA, to PureCloud which would mean less time spent on delivering CX focused features for customers and employees which are the core goals of PureCloud.

    Lastly many customers already have SSO in place so do not need a net new investment to accomplish this functionality.

    Thanks,
    Don

    ------------------------------
    Don Huovinen
    Genesys - Employees
    ------------------------------



  • 4.  RE: IP Address Restrictions

    Posted 03-20-2019 01:54
    Hi Don,

    I need to confirm what you are suggesting about SSO is currently implemented and available. Where can I find more information on that?

    At the moment our client, who is deploying PureCloud for Salesforce globally, has trialed two SSO options, each with issues based on their deployment and configuration:

    1) SSO with ADFS

       - All user can access from VDI or main company PC

       - Must consider ongoing maintenance work by support teams

    2) SSO with Salesforce 

       - All users can access only within a closed network and VDI environment, which is the same as how Salesforce is accessible in Production

       - it requires 1:1 connection between SFDC and PureCloud, but our PureCloud Org deploys and manages multiple countries and there is a limitation of only one in PureCloud.

    What do you suggest for us to research and recommend a solution to our client for IP or other Security motivated access restriction?

    Thanks.



    ------------------------------
    Jason Ball
    Pactera (for Fast Retailing)
    Japan
    ------------------------------



  • 5.  RE: IP Address Restrictions

    GENESYS
    Posted 03-21-2019 07:29
    Hi Jason,
    Re: 
    1) SSO with ADFS
       - Must consider ongoing maintenance work by support teams
    > Can you expand upon what ongoing maintenance is required once AFDS is in place?

    2) SSO with Salesforce
       - it requires 1:1 connection between SFDC and PureCloud, but our PureCloud Org deploys and manages multiple countries and there is a limitation of only one in PureCloud.
    > I'm a bit unclear on this. From what I have seen users are often on a VPN and the corporate source IP is used for whitelisting. For your users which are accessing SFDC are there different per country instances of SFDC and that each SFDC instance only allows access from a set of IP addresses specific to that country?

    Thanks,
    Don

    ------------------------------
    Don Huovinen
    Genesys - Employees
    ------------------------------



  • 6.  RE: IP Address Restrictions

    Posted 03-24-2019 21:01
    Have replied but not showing up - this is a test reply by using the 'Reply' button next to Don's last message.

    ------------------------------
    Jason Ball
    Pactera (for Fast Retailing)
    Japan
    ------------------------------



  • 7.  RE: IP Address Restrictions

    Posted 03-24-2019 21:02
    This is a Repost as Email initiated response not showing up.
    - - - - - - - - - - - - - - - -

    Hi Don,

    You asked about what our client means by maintenance and there are two areas of concern for Customer Service IT who would be responsible for implementing SSO.

    1) which I think they mean by maintenance work is the work required to ensure the migration from using SSO through Salesforce to PureCloud, to using ADFS directly in PureCloud, did not impact existing users
    2) I need to confirm this one, and I can ask you too - they may have a concern with ensuring that SSO continues to work seamlessly over time, given the IT department responsible for PureCloud is not the same IT team responsible for ADFS SSO - what ongoing 'maintenance' might be required to ensure no disruption over time? For example Certificate updates, matching SAML version changes etc? I'm also trying to understand the concern here still but this may be one of them.

    Currently they have deployed larger sites in 2 locations and smaller sites in 3 more, with a further 3 others still being deployed and more planned. Some sites already use Salesforce SSO through to PureCloud, and will need to be migrated, some do not and users have manually logged in and saved credentials to browser (requiring re-entry only if Browser or settings change).

    I appreciate your help here. Thanks very much.

    ------------------------------
    Jason Ball
    Pactera (for Fast Retailing)
    Japan
    ------------------------------



Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources