This document describes how you can integrate the custom desktop client with Single Sign-On (SSO) in Unified Contact Center Enterprise (UCCE) or Unified Contact Center Express (UCCX).
SSO is natively available with Finesse. It is one of the crucial features of the Cisco Unified Contact Center. SSO is an authentication process that allows users to sign in to one application and then securely access other authorized applications without the need to resupply user credentials. SSO permits Cisco supervisors and agents to sign in only once with a username and password to gain access to all of their browser-based Cisco applications and services within a single browser instance.
This document is not restricted to specific software and hardware versions.
The information in this document is based on these software and hardware versions:
Cisco Identity Server (IdS) 12.5
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
As a custom client, to send API requests to Finesse server your requests must be authorized. In the context of SSO, this authorization is provided using tokens so understand tokens first.
There are two types of tokens:
Access Token- It accesses protected resources. Clients are issued an access token that contains identity information for the user. The identity information is encrypted by default.
Refresh Token- It obtains a new access token before the current access token expires. The IdS generates the refresh token.
The refresh and access tokens are generated as a pair of tokens. When refreshing the access token, the pair of tokens provide an extra layer of security.
You can configure the expiry time of the refresh token and the access token in the IdS administration. When the refresh token expires, you cannot refresh the access token.
Fetch Access Token
With the new Finesse API implementations, you can use two query parameters cc_username and return_refresh_toekn in the Finesse URL to get the access-token.
(Available with 11.6.(1)ES10, 12.0(1)ES3,12.5(1)ES1 and later releases).
(In older releases we used to store the cc_username and tokens in session cookies and it’s still the same with native Finesse Desktop)