https://vcc.live/wp-content/uploads/2022/03/vcclive_main_logo.svg
CONTACT US VIEW DEMO
TutorialsSecuritySingle Sign-On with OAuth 2.0
Back to Support and Learning Center
English Hungarian

Single Sign-On with OAuth 2.0

Estimated reading time: 5 minutes | Target users: IT Admins

OAuth 2.0 is an industry-standard authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as VCC Live. The core authorizing workflow of OAuth 2.0 is to delegate user authentication to VCC Live (the service that hosts the user account) and authorize third-party applications to access the user account. OAuth 2.0 is an open protocol and is not developed by VCC Live.

OAuth 2.0 can be used with our Single Sign-On feature, which enables your users to log in to VCC Live without having to enter their login credentials before each login.

Note: Activating this feature requires an initial setup at both your and VCC Live’s end. For more details, please get in touch with your contact person at VCC Live.

In this lesson, you will learn:

  • About the Structure of OAuth 2.0
  • How to set up Single Sign-On with OAuth 2.0

1. The Structure of OAuth 2.0

OAuth operates based on four roles:

  • Resource Owner
  • Client
  • Resource Server
  • Authorization Server

The resource owner is the user, who uses OAuth to authorize VCC Live to their account. VCC Live’s access to the user’s account is limited to a predefined range – so it can be set, exactly which kind of access is granted for a certain user (eg. read or write access).

The client in this case is VCC Live, the application that wants to access the user’s account. This shall be authorized by the user, and the authorization shall be validated by the API.

The resource server hosts all of the user accounts and the authorization server identifies the users, who provide access tokens to the application. In most cases, a service’s API fulfills both the resource and authorization server roles.

2. Using Single Sign-On with OAuth 2.0

Our single sign-on authentication method uses the OAuth 2.0 open standard. In order to implement Single Sign-On for VCC Live, please follow the below steps.

  1. You must have an OAuth 2.0 server installed and hosted.
  2. Register the VCC Live application with the OAuth 2.0 system server. This will enable VCC Live to connect to an authentication system of your choice.
  3. You will receive access details from the authorization server, including your client identifier, client server name, access token, and more.
  4. Navigate to your VCC Live account and VCC Live menu > Contact Center > Global Settings > OAuth
  5. Populate the fields: Scopes, Client ID, Client secret, Access Token URL, Authorize URL, JWKS URI, JWKS, Encryption keys. In VCC-Specific Settings populate ‘Search VCC users by field’, ‘ID token’, ‘Redirect URL’, ‘End session endpoint’
    Note: You need to make sure that you also set up a Redirect URL in the format of: "https://{customer}.asp.virtual-call-center.eu/oauth", where ‘customer’ refers to your VCC account name, which you are using when logging in manually to VCC Live. Read more about redirect URLs here.
  6. Your VCC Live users will be able to login using the OAuth Login button, without having to enter their usernames and passwords. (Important: once this feature is enabled, it is not possible to use your username + password combination for logging in.) Upon opening VCC Live, a browser window will appear, where users need to enter their centralized login credentials only the first time. If you have more than one user account, you can choose which account you want to log in with.

Note: During the login process, OAuth 2.0 will return the email addresses to the VCC Live application, and the application will authenticate the users with the email address. This requires you to provide the same email address for all the users in both OAuth 2.0 and the VCC Live system.

Warning: Once this feature is enabled, you and your users will no longer be able to log in using the old method, unless you ask us to disable OAuth 2.0.

Note: Read more about how to set up OAuth 2.0 with Azure here.

3. Set up your email account using OAuth 2.0 authentication

You can use OAuth 2.0 authentication for email communication. In this example, we will show how to sync your account with Google.

  1. From the VCC Live menu, select Contact Center > Global Settings.
  2. Select the Email accounts tab.
  3. Press New account. Enter a name for the account.
  4. From the Protocol drop-down list, select SMTP XOAUTH2
  5. Enter the details in the appearing fields
    Authentication method: LOGIN
    Mail server: smtp.gmail.com
    Default port: 465
    Username: your Google username and password
    Email address: the email you wish to assign
    Display name: the name that appears to your customers when they receive an email from your agents
    In OAuth Settings enter your:
    Client ID
    Client Secret
    Authorize URL
    Access Token URL
    Scopes: In case of Google, enter “openid profile email https://mail.google.com/
  6. Press Save

4. Set up OAuth 2.0 with Google

You can read about setting up OAuth 2.0 in Google here.

Enable APIs for your project: Any application that calls Google APIs needs to enable those APIs in the API Console.
To enable an API for your project:

  1. Open the API Library in the Google API Console.
  2. If prompted, select a project, or create a new one.
  3. The API Library lists all available APIs, grouped by product family and popularity. If the API you want to enable isn’t visible in the list, use search to find it, or click View All in the product family it belongs to.
  4. Select the API you want to enable, then click the Enable button.
  5. If prompted, enable billing.
  6. If prompted, read and accept the API’s Terms of Service.

Create authorization credentials: Any application that uses OAuth 2.0 to access Google APIs must have authorization credentials that identify the application to Google’s OAuth 2.0 server. The following steps explain how to create credentials for your project. Your applications can then use the credentials to access APIs that you have enabled for that project.

  1. Go to the Credentials page.
  2. Click Create credentials > OAuth client ID.
  3. Select the Web application application type.
  4. Complete the form. Applications that use JavaScript to make authorized Google API requests must specify authorized JavaScript origins. The origins identify the domains from which your application can send requests to the OAuth 2.0 server. These origins must adhere to Google’s validation rules.

Set Authorization URL: “https://accounts.google.com/o/oauth2/auth

Set Access token URI: “https://oauth2.googleapis.com/token

Set Scope: “openid profile email https://mail.google.com/

Note: Read more about how to set up connecting with Office 365 here.

Congratulations!

You’ve just learned how to set up and configure Single Sign-On and Email accounts with OAuth 2.0 for the VCC Live application.

Ready for the next lesson? You’ll learn how to restrict access to your VCC Live account or to its individual features based on IP addresses.
Start next lesson >

Back to Support and Learning Center

Comments

Can’t find what you need? Use the comment section below to connect with others, get answers from our experts, or share your ideas with us.

There are no comments yet.

Please note that by clicking on the Submit button, you agree to a member of VCC Live team contacting you with business offers. You can find detailed information on how we can establish contact with you in our Privacy Policy