Cisco Webex Calling Presence - Imagicle tokens authorizer

Requirements

• Imagicle UCX Cloud Suite or UCX Suite rel. 2021.Summer.3 and above
• Imagicle UCX Suite has a valid license subscription
• Imagicle UCX Suite can reach the following Internet addresses:
  • https://webexapis.com
  • https://*.imagicle.com
  • https://*.api.imagicle.com
• Imagicle Attendant Console client ver. 2021.Summer.2 or above
• A Full Admin user belonging to Webex Calling customer organization 

OAuth2 tokens for UCX Suite integration with Webex Calling presence

Customer must authorize Imagicle Webex Presence Integration application called Attendant Console Presence Connector to access own Webex organization data. The following permissions are granted to the Imagicle Webex Calling Integration application:

• spark-admin:people_read
• spark-admin:organizations_read

These are the minimum permissions required to retrieve basic user information and read organizations information. Without granting such permission, we cannot provide the feature.

Procedure

Please connect to the Imagicle Onboarding Web Portal for Webex Calling MT and enter customer's data, including above mentioned Full Admin Webex user.

Once customer data has been entered, please proceed to next page and authorize the following application highlighted in red:

Please note that other tokens might be required for users' synch from Webex Control Hub and for Webex Calling Native Call Control. Please consult relevant KB articles.

Once you have authorized all required tokens, please click on "COMPLETE REQUEST" to trigger the Imagicle internal process to enable the tokens.

On-prem UCX Suite Settings 

To enable Webex presence integration, some parameters must be configured within the following setting file:

C:\Program Files (x86)\StonevoiceAS\Apps\Presence\Settings\Presence.ini

• WebexPresence.Enable=1
  This parameters allows to enable/disable Webex presence retrieval. 
  Please set it to 1. Default value is 0.

Users' Settings

Webex users are identified by their UPN, whose URI string should be included into Rich Presence Webex URI user's field, manually populated or automatically set upon a synch against an external source.

Remarks

Imagicle apps authorization requires Webex apps integrations to be enabled by default. If not, you might get the following error message:

In this case, you can selectively authorize Imagicle applications by accessing Webex Control Hub ⇒ Apps ⇒ Integrations and locate Imagicle apps by Integration ID:

• Imagicle UCX Suite Users' Synch from Control Hub:

C89a4ba3aa80c33dd80bfc17a1572c5026049234c0aa90b7793b47dac37d7fa6c

• Imagicle Attendant Console Webex Presence Retrieval:

C1468e046a54f78620ca6d1b16eda8096165d0f960078c8e38c5ac09fb7f7f120

• Imagicle Attendant Console Call Control:

C143958d8c8645673914400fbf4b06fa022da2a7caeac67b5eb48d062709cf24e

• Imagicle Call Analytics CDRs retrieval from Control Hub:

C2b09ee9cb8a3ae94ae0e6417d7dcf7e33351ae00bbb22fb9937a79796a8371b5

Please consult relevant Cisco documentation here.

Admin User Authorizer

The authorization process involves a Full Admin user from the customer which, through own Webex account, authorizes Imagicle Integration. This user should never disable presence status sharing. The above mentioned authorization may automatically expire as soon as the authorizing user changes own password. Once the authorization is removed, UC Cloud Suite won't be able to retrieve events related to that authorization. To recover the feature, a new authorization process must be executed. 

This limitation does not apply if the authorizing user logs in Webex leveraging SSO using an external identity provider.

If SSO in not enable, a user password by default expires after five years, as per the documentation (and an admin user can be created without requiring additional licenses).

This limitation is related to the authentication flow implemented by Webex, namely OAuth2 Authorization Code flow, that implies impersonating a user while accessing the Webex APIs. We are working with Cisco to remove this limitation.

The token is invalidated also in these two cases:

• Authorizing Webex user is deactivated
• Full Admin privileges are removed from the authorizing Webex user