Account Setup - Advanced

Updated: Feb 22, 2024

Data Masking

Identifying and masking sensitive client-defined data, like credit card or phone numbers, involves replacing it with generic characters.

This irreversible process ensures permanent obscuration; for instance, masking 4-digit numbers changes "1593" to "****".

Utilizing Regex (Regular Expression) becomes imperative for tailoring the identification and concealment of specific patterns within the data.

The 2 types of data masking are:

1. Real-time masking:	2. Data-at-rest masking:
The method involves promptly identifying and masking sensitive consumer information before reaching the agent, ensuring prevention of agent access to such data.	The process of identifying and masking sensitive information from the consumer upon conversation/chat conclusion ensures post-conclusion inaccessibility, allowing the agent to review the original text.

1. Setting up Real-time masking on Conversational Cloud:

Navigate to https://supportal.lpnet.com/#/. The Supportal page appears.

Click Houston. The Mission Control page appears.

Scroll below and click Taglet Manager. The taglet manager page appears.

Screenshot 2023-11-30 at 10.01.14 PM.png

Scroll to cleanCCPatterns and click the + option. The configure page appears.

Screenshot 2023-11-30 at 10.08.49 PM.png

Click Raw mode. The Raw mode section appears.

Screenshot 2023-11-30 at 10.11.28 PM.png

Add your regex here and click Confirm. Real-time masking is now configured.

2. Setting up Data-at-rest masking on Conversational Cloud:

Navigate to https://supportal.lpnet.com/#/. The Supportal page appears.

Click Houston. The Mission Control page appears.

Screenshot 2023-12-04 at 10.38.50 PM.png

Scroll down and click Site Settings. The Site Settings page appears.

Screenshot 2023-12-04 at 10.40.48 PM.png

Scroll down to "messaging.historic.data.masking.regexp".

Screenshot 2023-12-04 at 10.50.20 PM.png

Click the edit icon. The edit field appears.

Screenshot 2023-12-04 at 10.54.44 PM.png

Add your regex here and click Confirm. Real-time masking is now configured.

Data encryption at REST

Overview

LivePerson is committed to protecting its customers data and therefore we allow our customers to store their data in LivePerson storage in an encrypted format. The encryption handles different sensitive data types. Once enabled the sensitive data is stored in an encrypted format at rest within the LivePerson storage.

There are different data types that can be encrypted, and encryption is configurable per account.

It is possible to encrypt any of the following data types:

Chat Transcripts
Messaging Transcripts
Agent Summary (for messaging)
Unauthenticated engagement attributes for messaging and chat
Authenticated engagement attributes for messaging and chat

Note: Enabling encryption has a built-in dependency → Once the feature is on, YOU MUST also enable chat transcript encryption, otherwise, encryption will not be enforced in any data type (Chat / Messaging / Engagement Attributes]

The encryption is based on a 192bit AES algorithm. Once encryption is enabled, the LiveEngage customer is assigned with a unique encryption key. Additionally, a unique random key is generated for each piece of sensitive data. The encryption mechanism uses these unique keys to encrypt the data and stores it in that format in LivePerson storage.

Encryption will work from the time it is enabled and going forward. There is no ability to run encryption retroactively. If encryption has been disabled after it was enabled, the following data will not be encrypted.

Enabling Encryption

Enabling encryption works differently for chat as it does for messaging. Up until recently, messaging related encryption required active Product Management team involvement. As of March 15, 2018, enabling encryption across all data types and platforms is available to the field and client partners.

Encryption for Chat Accounts

Chat transcripts

A. Make sure Encryption Feature 69 is On in Supportal -> Account Control -> Features

B. In Houston - turn on the Common.Global_Encryption_Enabled AC feature.

Enable the transcript encryption in Supportal -> Account Control -> Admin Console (admin direct) -> Security -> Security Center. Encryption can be enabled for both Denver and non-Denver accounts.

Chat Authenticated Engagement Attributes

Scope: PersonalInfo, CustomerInfo attributes

Make sure Encryption Feature 69 is ON in Supportal -> Account Control -> Features
Make sure that Transcripts Encryption is ON via the Admin Console
Enable (set value to TRUE) Freq Used -> Site General Property -> 98 “supportEncryptedAuthSDE”

Unauthenticated Engagement Attributes

Follow these steps:

Make sure Encryption feature 69 is ON
Make sure that Transcripts Encryption is ON via Admin Console
Go to Huston → site.settings → encryption.referrer field
Add the following value in the encryption.referrer site setting:

ctmrinfo_info_cstatus,ctmrinfo_info_ctype,ctmrinfo_info_customerId,ctmrinfo_info_companyBranch,ctmrinfo_info_socialId,ctmrinfo_info_imei,ctmrinfo_info_userName,ctmrinfo_info_accountName,ctmrinfo_info_role,ctmrinfo_info_storeZipCode,ctmrinfo_info_storeNumber,personal_personal_firstname,personal_personal_lastname,personal_personal_company,personal_personal_language,personal_personal_contacts_email,personal_personal_contacts_phone,personal_personal_contacts_address_country,personal_personal_contacts_address_region

Encryption for Messaging Accounts

A. Enable the encryption feature number 69:

B. In Houston - turn on the Common.Global_Encryption_Enabled AC feature.

Enable the transcript encryption in Admin Console (admin direct). Encryption can be enabled for Denver and non-Denver accounts.

Go to Houston → site.settings → encryption.referrer field and add the relevant value to the encryption.referrer site setting, as listed in the options below, ranging between ALL DATA or just SELECTIVE DATA ELEMENTS

The most comprehensive encryption scope includes a combination of ALL data elements within the PersonalInfo and CustomerInfo engagement attributes (both authenticated + non-authenticated), Messaging Transcripts + Messaging Summary + Messaging User Profile, regardless of their sensitivity.

To enable the inclusive / comprehensive coverage, paste the following string in the encryption.referrer field:
Scope: PersonalInfo, CustomerInfo attributes

ms.PublishEvent.body.event.message,ms.PublishEvent.body.event.message.caption,
cm.UpdateConversationField.body.conversationField.note,userprofile.SetUserProfile.body.firstName,userprofile.SetUserProfile.body.lastName,userprofile.SetUserProfile.body.pushNotificationData.token,userprofile.SetUserProfile.body.privateData.mobileNum,userprofile.SetUserProfile.body.privateData.mail,messaging.sdes.info.customerId,messaging.sdes.info.socialId,messaging.sdes.info.imei,messaging.sdes.info.userName,messaging.sdes.info.accountName,messaging.sdes.info.role,messaging.sdes.info.cstatus,messaging.sdes.info.ctype,messaging.sdes.info.storeZipCode,messaging.sdes.info.storeNumber,messaging.sdes.personal.firstname,messaging.sdes.personal.lastname,messaging.sdes.personal.contacts.email,messaging.sdes.personal.contacts.phone,messaging.sdes.personal.company,messaging.sdes.personal.language,messaging.sdes.personal.address.country,messaging.sdes.personal.address.region,ctmrinfo_info_cstatus,ctmrinfo_info_ctype,ctmrinfo_info_customerId,ctmrinfo_info_companyBranch,ctmrinfo_info_socialId,ctmrinfo_info_imei,ctmrinfo_info_userName,ctmrinfo_info_accountName,ctmrinfo_info_role,ctmrinfo_info_storeZipCode,ctmrinfo_info_storeNumber,personal_personal_firstname,personal_personal_lastname,personal_personal_company,personal_personal_language,personal_personal_contacts_email,personal_personal_contacts_phone,personal_personal_contacts_address_country,personal_personal_contacts_address_region

Messaging and Chat Account

A. Enable the encryption feature number 69:

B. In Houston - turn on the Common.Global_Encryption_Enabled AC feature.

Enable the transcript encryption in Admin Console (admin direct). Encryption can be enabled for Denver and non-Denver accounts.

Enable (set value to TRUE) Site General Property 98 “supportEncryptedAuthSDE”

Go to Houston → site.settings → encryption.referrer field and the relevant value to the encryption.referrer site setting

The most comprehensive encryption scope includes a combination of ALL data elements within the PersonalInfo and CustomerInfo engagement attributes (both authenticated + non-authenticated), Messaging Transcripts + Messaging Summary + Messaging User Profile, regardless of their sensitivity.

To enable the inclusive / comprehensive coverage, paste the following string In the encryption.referrer field:

Scope: PersonalInfo, CustomerInfo attributes

NOTE: It is possible to enable encryption on separate parts of the data, and not all if needed

Messaging Transcripts

Follow these steps:

Make sure Encryption feature 69 is ON
Make sure that Transcripts Encryption is ON via Admin Console
Go to Huston → site.settings → encryption.referrer field

Add the following value in the encryption.referrer site setting:

ms.PublishEvent.body.event.message,ms.PublishEvent.body.event.message.caption

Messaging Summary

Follow these steps:

Make sure Encryption feature 69 is ON
Make sure that Transcripts Encryption is ON via Admin Console
Go to Huston → site.settings → encryption.referrer field

Copy and add the following value in the encryption.referrer site setting:

cm.UpdateConversationField.body.conversationField.note

Messaging authenticated engagement attributes

Follow these steps:

Make sure Encryption feature 69 is ON
Make sure that Transcripts Encryption is ON via Admin Console
Go to Huston → site.settings → encryption.referrer field

Add the following value in the encryption.referrer site setting:

messaging.sdes.info.customerId,messaging.sdes.info.socialId,messaging.sdes.info.imei,messaging.sdes.info.userName,messaging.sdes.info.accountName,messaging.sdes.info.role,messaging.sdes.info.cstatus,messaging.sdes.info.ctype,messaging.sdes.info.storeZipCode,messaging.sdes.info.storeNumber,messaging.sdes.personal.firstname,messaging.sdes.personal.lastname,messaging.sdes.personal.contacts.email,messaging.sdes.personal.contacts.phone,messaging.sdes.personal.company,messaging.sdes.personal.language,messaging.sdes.personal.address.country,messaging.sdes.personal.address.region

Messaging user profile update (unauthenticated)

Follow these steps:

Make sure Encryption feature 69 is ON
Make sure that Transcripts Encryption is ON via Admin Console
Go to Huston → site.settings → encryption.referrer field
1. Add the following value in the encryption.referrer site setting:

userprofile.SetUserProfile.body.firstName,userprofile.SetUserProfile.body.lastName,userprofile.SetUserProfile.body.pushNotificationData.token,userprofile.SetUserProfile.body.privateData.mobileNum,userprofile.SetUserProfile.body.privateData.mail

Unauthenticated engagement attributes

Follow these steps:

Make sure Encryption feature 69 is ON
Make sure that Transcripts Encryption is ON via Admin Console
Go to Huston → site.settings → encryption.referrer field
1. Add the following value in the encryption.referrer site setting:

Product Implications and Conflicts

Chat Transcripts encryption:

Hot Topics feature is not available
Data Access API - this API exposes the transcripts and once the data is encrypted it is expected that the customer will provide LP with a PGP key that will allow LP to encrypt the transcripts with it. In case such key will not be provided and the transcripts are encrypted, Data Access API will mask the data in order to avoid storing it unencrypted.
The following analytics reports will not be available once encryption is enabled:
- Predefined content
- Topics toolkit
- Deflection and Escalation Risk Predictor (for more information about the report see here)

Messaging Transcripts encryption

All the following analytics reports will not be available:
- Predefined content
- Topics toolkit
- Deflection and Escalation Risk Predictor

Account to Account Transfer / Manual Rollover

Step 1: Ensure that the Rollover (Handler) Account is Set up Appropriately

Same shards

The rollover and owner accounts must be on the same UMS and agent-matching shards
You can check the account’s shard with the following pages
- UMS: https://cxsdashboard-qa-int.dev.lprnd.net/ums/deployed/versions/ums
- Agent Matching: http://qtor-jet006:7000/am/deployed/versions/agentMatching
- Enter each account ID in the search input at the top for each page and look for the corresponding “shard” entry – ensure they are the same for the owner and intended rollover accounts. If not, then you can open a SNOW ticket to sync them up.
The Agent Matching same shard requirement is planned to be removed in the not too distant future.*

Update AC Feature
- Please go to Houston > AC feature
- Make sure "Common.Messaging_Cross_Account_Contact_Center" is enabled for the rollover account.

Step 2: Ensure that the Owner Account is Set up Appropriately

Same shards (same as in Step 1 above)
AC Feature
- Common.Answering_Service must be enabled for the owner account
Site Setting is set with desired settings
- This is performed easily with the Answering Service Houston module. Log into the owner account as LPA – see steps below

Initial state – [Manual] Rollover disabled

Populate the target account ID in the Manual Rollover Account ID section + choose desired skills in the Manual Rollover Skills section

image-20230809-201734 (1).png — You may press the + if you want to add another account

Click Submit Changes when complete and look for the successful message to confirm that your selections were saved.

The success message may be seen at the top of the module as shown above, and may not be visible if you are still scrolled to the bottom.

Agent widgets (including authentication)

The Agent Workspace Widget SDK is a lightweight, client-side package for communicating with the Conversational Cloud Agent Workspace.

Overview

Agent Widgets are https web pages shown within an iFrame to the agents. This means that the content is contained within a “box” which is separate from the rest of Conversational Cloud (CC).

The iFrame can’t communicate normally with the rest of the UI. Instead, the web page must implement the Agent Widget SDK to integrate with CC. The SDK is a lightweight client-side package which allows custom widgets to use LivePerson data, allows external applications to communicate with LivePerson and allows for the population of conversations and chats with messages, directly from the widget.

For more technical information about the SDK, please see the relevant documentation in LivePerson Developers.

Troubleshooting Example

My widget doesn’t load

Possible Cause:

1. Firewall is blocking the domain of the custom widget

2. Firewall is blocking lpcdn.lpsnmedia.net where the SDK file is hosted

3. Need to login to external environment to load widget

4. Error in custom widget code

Resolution:

1. Allow the custom widget domain

2. Allow lpcdn.lpsnmedia.net

3. Login to external environment (and add the link to the login page as the fallback)

4. Check console/log for errors and follow-up accordingly

My widget doesn’t get the data

Possible Cause:

1. No call to “lpTag.agentSDK.init({});” in the widget code

2. The data doesn’t exist

3. Using “get” instead of “bind”

4. Error in custom widget code

Resolution:

1. You should add it at the beginning of the widget. The SDK won’t work without it

2. If it doesn’t appear in the visit info widget - the data doesn’t exist

3. We always recommend using “bind” as “get” might run before the data is available

4. Check console/log for errors and follow-up accordingly

All our error logs are straightforward and pretty self explanatory:

Error Messages

● Error initializing communication/Error creating instance of courier - The widget failed to communicate with CC. This can be caused by network connectivity issues.

● Error calling "get/bind/unbind/command" on the following key: - There was a technical problem when trying to call get/bind/unbind. This can be caused by network connectivity issues.

● No key/cmdName provided when calling "get/bind/unbind/command" - The custom widget code called one of the SDK functions without specifying a valid key.

File Sharing

The "File Sharing Expansion Ability for .txt and .csv" feature is a critical enhancement for our collaborative workspace, designed to facilitate the seamless exchange of text-based and tabular data files among agents and consumers.

This feature empowers users with the capability to share, collaborate, and work efficiently with .txt and .csv files within the workspace.

Feature Enablement

Prerequisite

The brand should be on UMS 4.8 or higher.

Navigation

Houston -> Taglet Manager ->lpUnifiedWindow

Flag

areExtendedFileFormatsEnabled

Flag Description

Enables additional file formats to be shared by consumer - .txt and .csv.
When this flag is in “true“ - consumer should be able to select .txt or .csv file and send it to the conversation. Currently file can not be delivered so just test an ability to choose the file.
When this flag is in “false“ - consumer shouldn’t be able to select and send .txt or .csv file, only file formats available earlier.

Since this feature also depends on a backend (UMS) update, this flag was temporarily introduced to decouple the deployment dependency, and allow earlier testing in lower environments.
This flag will eventually be removed once the backend is updated in all farms, and the feature will be ‘always on’.

Type	Default
boolean	false

Configuration Screenshot (If empty)

Configuration Screenshot (If not empty)

How to

Use the taglet manager on houston for setting these configurations - configure the lpUnifiedWindow taglet.

An example for such configuration:

html:

[
    {
        "id": "isStepUpEnabled",
        "value": "true"
    },
    {
        "id": "isSPAStepUpEnabled",
        "value": "true"
    },
    {
        "id": "throttlingSupportEnabled",
        "value": "true"
    },
    {
        "id": "throttlingTimeoutValue",
        "value": "1500"
    },
    {
        "id": "amsClientConfig",
        "value": "{\"idleBeforePing\": 30000 }"
    },
    {
        "id": "enableToRequestDefaultWinConfig",
        "value": "true"
    },
    {
        "id": "autocomplete",
        "value": "on"
    },
    {
        "id": "translationOverrides",
        "value": "{\"en-US\":{\"chatAuthError\":\"Please relogin\"}}"
    },
    {
        "id": "identitiesFlowImplementedForLiveChat",
        "value": "true"
    },
    {
        "id": "authPostVerificationLiveChat",
        "value": "true"
    },
        {
        "id": "resubscribeDialogOnReconnect",
        "value": "true"
    },
    {
        "id": "isWelcomeMessageForAgentEnabled",
        "value": "true"
    },
    {
        "id": "cdnDomainWhiteList",
        "value": "[\"brand.com\",\"brand.net\"]"
    },
	{
        "id": "areExtendedFileFormatsEnabled",
        "value": "true"
    }
]

Offsite Engagement

Offsite engagements aim to facilitate our clients in initiating chats with their customers from external platforms beyond their website. Although this document focuses on setting up Text to Chat, note that the same process can be applied to Social Media, Email, Digital Advertising, Print, TV, and IVR.

Text to chat enables our clients to send a chat link to their customers via SMS, allowing them to engage in messaging as they would through texting.