We see step-up as a way to go from non-authenticated to authenticated so the agent can ensure they are speaking with the person they say they are. That might be with authentication through a bot that then marks the session as authenticated so no matter where it flows in Genesys Cloud, it will show that status - much like the SRTP functionality for voice. The Authenticated session from Web to Messaging should be no problem with the Open ID integration. I think the main thing that is needed is to give an indication of the authenticity no matter how it was originally authenticated.
Sr. Director - Innovation Architects
Original Message:
Sent: 06-01-2023 09:20
From: Paul Simpson
Subject: Authenticated Web Messaging Migration
Hey Robert, thanks again for the response.
What do you mean by "Step-Up Authentication"? If you mean what I fear you do, then it may well provide the answer to my next question (which will not be what my customer wants!!!)
Ok, so here is the scenario. Visitor comes to the website and authenticates using the customer's own back-end system. At this point, the customer's website "knows" with enough certainty who the visitor is. The visitor opens a Web Messaging session and passes some information, like a name etc., in the message, for display to the Agent. We need to be sure that information has not been tampered with by a bad actor, but we want it to be invisible to the visitor.
With Authenticated Chat, the website (when it creates the Web page following the login) could use the GC API to sign the required data and pass the signed copy to the browser. The browser then sends this signed version to Genesys Cloud when opening the Chat and Genesys Cloud could check the signature.
The concern is that with Authenticated Web Messaging, the visitor will be asked to re-authenticate within the Web Message session, even though they have already authenticated to the website.
I hope I'm explaining the concern clearly! Can you (or anyone else) confirm whether it is possible to configure the system to not force a re-authentication?
TIA!
------------------------------
Paul Simpson
Eventus Solutions Group
Original Message:
Sent: 05-26-2023 13:51
From: Robert Wakefield-Carl
Subject: Authenticated Web Messaging Migration
Yes, the dependence on OpenID services is a real pain. I wish they would offer some type of step-up authentication which has been talked about.
------------------------------
Robert Wakefield-Carl
ttec Digital
Sr. Director - Innovation Architects
Robert.WC@ttecdigital.com
https://www.ttecDigital.com
https://RobertWC.Blogspot.com
Original Message:
Sent: 05-26-2023 10:22
From: Paul Simpson
Subject: Authenticated Web Messaging Migration
Thanks again, Robert.
I guess I was looking for a method that worked the same way as Authenticated Chat, with no external Authentication Server integration being required. (Depending on which diagram you look it, it implies that this is possible!)
It's another case of supposed "improvements" actually making things more complicated, or removing functionality, I suppose... 😥
------------------------------
Paul Simpson
Eventus Solutions Group
Original Message:
Sent: 05-22-2023 18:46
From: Robert Wakefield-Carl
Subject: Authenticated Web Messaging Migration
Not at all. Many times, I am just going through 20 or 30 posts and just answering.
So, you won't get authenticated (end-to-end) unless you use Authenticated Messaging through and OpenID server. All the API is based on https, so that comes close. I think what you are going to have to look at is that Authenticated or you use some 3rd-party messaging platform to initiate the conversation and call the Messaging API with some sort of signing check. The only real diagrams I know of are here: Authenticated web messaging (genesys.cloud)
------------------------------
Robert Wakefield-Carl
ttec Digital
Sr. Director - Innovation Architects
Robert.WC@ttecdigital.com
https://www.ttecDigital.com
https://RobertWC.Blogspot.com
Original Message:
Sent: 05-22-2023 17:51
From: Paul Simpson
Subject: Authenticated Web Messaging Migration
Thanks, Robert.
I think you underestimate my ability to be an idiot! 😂
In particular, I'm looking to understand the data flow between the client, the web server and Genesys (both the API and also the chat session). With Webchat, the web server could get "secure" data signed by the API (basically, converted into a JWT) so that when the data was submitted to the chat session, the session could verify that the data had not been tampered with. Does (can) web messaging work the same way? There is lots of discussion about 3rd party authentication services and integrations littering the documentation (which I accept may provide additional functionality) but at it's most basic, can / does it work the same way?
------------------------------
Paul Simpson
Eventus Solutions Group
Original Message:
Sent: 05-22-2023 15:58
From: Robert Wakefield-Carl
Subject: Authenticated Web Messaging Migration
Here is the Genesys take on it: https://help.mypurecloud.com/articles/web-chat-to-web-messaging-migration-and-impact/
In my opinion, it is just a lot of side-by-side comparison in the flows (with they had export/import between chat and messaging), building the configuration/deployments, and swapping out code on the website.
------------------------------
Robert Wakefield-Carl
ttec Digital
Sr. Director - Innovation Architects
Robert.WC@ttecdigital.com
https://www.ttecDigital.com
https://RobertWC.Blogspot.com
Original Message:
Sent: 05-22-2023 14:30
From: Paul Simpson
Subject: Authenticated Web Messaging Migration
Hi,
I'm looking for a simple ("Idiot's guide!!") to migrating from Authenticated Chat to Authenticated Messaging. I understand the process for Chat, but it looks like the one for Messenger is way more complicated!
I appreciate Messenger has more features, but what if I want to do a 1:1 replacement of Chat with Messenger?
TIA for any resources!
#DigitalChannels
------------------------------
Paul Simpson
Eventus Solutions Group
------------------------------