A place to ask questions, connect with others, and stay in the know
Hi,I'm looking for a simple ("Idiot's guide!!") to migrating from Authenticated Chat to Authenticated Messaging. I understand the process for Chat, but it looks like the one for Messenger is way more complicated!I appreciate Messenger has more features, but what if I want to do a 1:1 replacement of Chat with Messenger?TIA for any resources!
Here is the Genesys take on it: https://help.mypurecloud.com/articles/web-chat-to-web-messaging-migration-and-impact/In my opinion, it is just a lot of side-by-side comparison in the flows (with they had export/import between chat and messaging), building the configuration/deployments, and swapping out code on the website.
Thanks, Robert.I think you underestimate my ability to be an idiot! 😂In particular, I'm looking to understand the data flow between the client, the web server and Genesys (both the API and also the chat session). With Webchat, the web server could get "secure" data signed by the API (basically, converted into a JWT) so that when the data was submitted to the chat session, the session could verify that the data had not been tampered with. Does (can) web messaging work the same way? There is lots of discussion about 3rd party authentication services and integrations littering the documentation (which I accept may provide additional functionality) but at it's most basic, can / does it work the same way?
Not at all. Many times, I am just going through 20 or 30 posts and just answering. So, you won't get authenticated (end-to-end) unless you use Authenticated Messaging through and OpenID server. All the API is based on https, so that comes close. I think what you are going to have to look at is that Authenticated or you use some 3rd-party messaging platform to initiate the conversation and call the Messaging API with some sort of signing check. The only real diagrams I know of are here: Authenticated web messaging (genesys.cloud)
Thanks again, Robert.I guess I was looking for a method that worked the same way as Authenticated Chat, with no external Authentication Server integration being required. (Depending on which diagram you look it, it implies that this is possible!)It's another case of supposed "improvements" actually making things more complicated, or removing functionality, I suppose... 😥
Yes, the dependence on OpenID services is a real pain. I wish they would offer some type of step-up authentication which has been talked about.
Hey Robert, thanks again for the response.
What do you mean by "Step-Up Authentication"? If you mean what I fear you do, then it may well provide the answer to my next question (which will not be what my customer wants!!!)
Ok, so here is the scenario. Visitor comes to the website and authenticates using the customer's own back-end system. At this point, the customer's website "knows" with enough certainty who the visitor is. The visitor opens a Web Messaging session and passes some information, like a name etc., in the message, for display to the Agent. We need to be sure that information has not been tampered with by a bad actor, but we want it to be invisible to the visitor.
With Authenticated Chat, the website (when it creates the Web page following the login) could use the GC API to sign the required data and pass the signed copy to the browser. The browser then sends this signed version to Genesys Cloud when opening the Chat and Genesys Cloud could check the signature.
The concern is that with Authenticated Web Messaging, the visitor will be asked to re-authenticate within the Web Message session, even though they have already authenticated to the website.
I hope I'm explaining the concern clearly! Can you (or anyone else) confirm whether it is possible to configure the system to not force a re-authentication?
We see step-up as a way to go from non-authenticated to authenticated so the agent can ensure they are speaking with the person they say they are. That might be with authentication through a bot that then marks the session as authenticated so no matter where it flows in Genesys Cloud, it will show that status - much like the SRTP functionality for voice. The Authenticated session from Web to Messaging should be no problem with the Open ID integration. I think the main thing that is needed is to give an indication of the authenticity no matter how it was originally authenticated.
I'm my own type of idiot Paul but yes based on what I've seen so far the same JWT/token type stuff is there. You can get basically just 3 pieces of information currently - name, email address, unique identifier (from the OpenID provider). Anything more than that you need to send through as custom attributes which unfortunately can be tampered with to an extent. So you have to make careful and thought out decisions on what your ID and trust process is.
Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources
Every year, Genesys® orchestrates more than 70 billion remarkable customer experiences for organizations in more than 100 countries. Through the power of our cloud, digital and AI technologies, organizations can realize Experience as a Service℠, our vision for empathetic customer experiences at scale. With Genesys, organizations have the power to deliver proactive, predictive, and hyper personalized experiences to deepen their customer connection across every marketing, sales, and service moment on any channel, while also improving employee productivity and engagement. By transforming back-office technology to a modern revenue velocity engine Genesys enables true intimacy at scale to foster customer trust and loyalty.