Configuring Tenants

To configure a tenant,

  1. On the Tenants page, click C:\Users\kumari_g\AppData\Local\Microsoft\Windows\INetCache\Content.Word\mXtHN1VaZQ.PNG next to the tenant you want to configure.
    Figure 1. Configuring Tenants
  2. An additional configuration screen appears with a list of default services configured for a tenant. The services marked with a check under the Services box indicate their successful provisioning.
    Figure 2. Configured Services for a Tenant
    Note:
    The failed provisioning of any service is indicated with under the service box. In such a situation, the user must either perform the above steps carefully or raise a support ticket to troubleshoot the issue. You cannot deploy the failed services.
    Figure 3. Configuring Instance
  3. Once all the services indicate , button will be enabled in the Instance box as shown in Configuring Instance.
  4. Click the button to start the deployment of the instance. The deployment is done automatically, and it takes a few minutes to configure.
  5. After the successful deployment, the button changes to button. A BigFix AEX chat instance URL is generated below the button as shown in Configuring Instance.
    Figure 4. Configuring Instance
    Figure 5. Redirected to BigFix AEX Chat Instance
    Note:
    For additional configuration, refer to the BigFix AEX Configuration Guide and the subsequent steps.

    After successful deployment of the services and instance, it is time to configure the channels.

    BigFix AEX is an omni-channel application that can work with several communication channels.

    For example, you might want to provide a Skype virtual assistant conversation facility for your application users. To provide the Skype facility, you must configure your chat instance to work with Skype so that your application users can interact with BigFix AEX by sending chat messages from their mobile devices.

    You can also use more than one communication channel in an application, such as Microsoft Teams, Telegram, slack, and other industry-leading platforms to enhance the customers’ experience.

How to configure the communication channels?

To enable multiple channels for instance,

  1. Click Open in the Choose Channels box as shown in Configuring Instance.

    It opens the list of channels available for the configuration based on billing template customization

    Figure 6. Choose Channels
    Note:
    The web channel is the primary channel for all the tenants and is always enabled with respect to BigFix AEX. Remaining channels are the optional add-on.
  2. Use the toggle () button to enable the channels that you need.
  3. To initiate the channel configuration in the instance, click on the logo of a selected channel. It activates the button with a support link.
    Figure 7. Channel Configuration
  4. Click button. It redirects you to BigFix AEX Cognitive Console of the respective tenant.
    Note:
    For further steps in channel configuration, refer to the BigFix AEX Configuration Guide. A user with access to configure channels will be able to configure the channel through the Cognitive Console.
  5. Click SAVE to add the channel as part of the instance configuration or click CANCEL to discard changes.
    Note:
    Before you move to the subsequent step, get the API credentials from the integration instance to communicate with the tenant instance.

How to set up integrations for a Tenant?

The next step is to configure the integrations.

  1. Click Open in the Choose Integrations box as shown in Configuring Instance .

    It lists all the readily available out-of-the-box connectors that can integrate with BigFix AEX chat instances such as ITSM, HR, or Service Desk Queuing.

    Figure 8. Setup Integrations
    Graphical user interface, application Description automatically generated
  2. To configure the integration connectors with the tenant instance, go to the integration that you want to configure and click Open.

    It opens a new page and asks you to enter the API credentials provided by the instance integration to be used as a connector for the integration.

    Figure 9. API Credentials for Integration Instance
  3. Fill in the following details to communicate with the tenant instance.
    1. Username
    2. Password
    3. Client ID
    4. URL
  4. To verify the details, click button.
  5. On successful validation, button changes to button.
  6. Click the Save button to update detail.

    It re-directs you to the Integrations screen.

    Figure 10. Integrate Integration
  7. On successful integration, icon appears on the integration box.

How to configure the Tenant specific SSO?

On successful creation of the tenant and their respective instance, the tenant can either use the HCL SSO or BigFix AEX’s User Management System mechanism to login into their instance. Initially, a tenant is not able to use their own SSO login credentials. In such a scenario, it is required to configure the customer specific SSO so that the other users of the organization can automatically login using their AD (Active Directory) instead of creating a new user.

To configure the tenant specific SSO,

  1. Click OPEN in the Configure SSO box as shown in Configuring Instance .

    The Register SSO page is displayed.

    Figure 11. Configure Tenant SSO
    Graphical user interface, text, application, email Description automatically generated
    Note:
    Before you start the SSO configuration, contact the provider and get the SAML metadata file to fetch the required details for configuration. The SSO will use RSA-SHA256 as the algorithm to process the certificates. The AD of the provider environment assigns a unique email ID to each user. The AD must have the name ID format as "urn: oasis:names:tc:SAML:1.1:nameid-format:emailAddress” schema string.
  2. In the Register SSO section, specify the following information:
    Table 1. Manage Tenant SSO
    Field Description
    SSO Name The name you assign to your SAML configuration.
    Entity ID The globally unique name for an SAML identity provider.
    Sign-In URL The URL that the user is redirected to for authentication. It is hosted by your SAML identity provider.
    Primary Certificate It is used for signing and validating SAML assertions and is issued by your SAML identity provider. All providers are different, but you might be able to download the signing certificate from your identity provider. The certificate must be in. pem format.
    Secondary Certificate (Optional)

    The back-up certificate that is issued by your SAML identity provider. It is used when the signature validation fails with the primary certificate.

    If the signing key remains the same, App ID does not block authentication for expired certificates.
    Encrypt Response (Optional) This option enables additional encryption of the SAML requests from the SP end. The certificate for this can be found on the downloaded metadata.
    Disable Password Transport (Optional) This feature disables recognition authentication class on Password Transport.
    Note:
    All the information mentioned in Manage Tenant SSO is provided by the tenant to the provider to configure SSO.
  3. To configure SSO with an instance, click Submit. A Download button appears. By clicking the Download button, the Service Provider (SP) metadata can be downloaded for performing application registration on the AD side.
  4. When prompted to confirm that you want to create the new SSO configuration for the tenant and remove the default providers SSO configuration, click YES.
    Figure 12. Tenant SSO configuration page
  5. It redirects you to Configure Tenant SSO . Click at the top left corner of the screen to go back to Integrate Integration.