1. Installation#
You can install the app UCS Intercom Service like any other app with Univention App Center.
UCS offers two different ways for app installation:
With the web browser in the UCS management system
With the command-line
For general information about Univention App Center and how to use it for software installation, see Univention App Center in UCS 5.0 Manual [1].
1.1. Prerequisites#
Installing this app has various prerequisites:
ICS supports OIDC. Nextcloud (>=23.0) and OX App Suite (>=7.10.6) must authenticate through OIDC, as well.
For working CSRF protection all other apps need to be up to date.
ICS requires the Nordeck bot up and running for Matrix.
ICS requires its three secrets before installation, see Secrets for details.
ICS requires a configured Keycloak (>=12.0), including a valid Intercom OIDC client before installation.
1.2. Add ICS client to IdP#
To prepare the existing IdP for the installation of the app UCS Intercom Service, use the following steps:
Enter the Keycloak Admin Console.
Create a OIDC Client. Recommendation is to use the default value
intercom
for the Client ID and leave the Root URL empty and save it.During app installation, UCS Intercom Service asks for the Client ID.
Set Access Type to
confidential
.Set Service Accounts Enabled and Authorization Enabled to
On
.Set Backchannel Logout URL to your intended domain for ICS with protocol and append the
backchannel-logout
path, for example:https://ics.example-domain.example-tld/backchannel-logout
This step requires Keycloak >=12.0.0.
Set Backchannel logout session required to
On
.Set the valid redirect URL to your intended ICS domain with protocol and append the
/callback
path, for example:https://ics.example-domain.example-tld/callback
Go to the tab Credentials, copy the secret and save it to
/etc/intercom-client.secret
.Go to the tab Client Scopes and add
offline_access
to Assigned Default Client Scopes.Make sure the Access Token includes a mapper for both the username and the user unique identifier. The documentation for these claims can be found in the UCR variables
intercom-service/settings/username-claim
andintercom-service/settings/user-unique-mapper
.
1.3. Installation with the web browser#
To install ICS from the UCS management system, use the following steps:
Use a web browser and sign in to the UCS management system.
Open the App Center.
Select or search for Intercom Service and open the app with a click.
To install Intercom Service, click Install.
Leave the App settings in their defaults or adjust them to your preferences. For a reference, see Settings.
To start the installation, click Start Installation.
Note
To install apps, the user account you choose for login to the UCS management
system must have domain administration rights, for example the username
Administrator
. User accounts with domain administration rights belong to
the user group Domain Admins
.
For more information, see Delegated administration for UMC modules in UCS 5.0 Manual [1].
1.4. Installation with command-line#
To install the app UCS Intercom Service from the command-line, use the following steps:
Sign in to a terminal or remote shell with a username with administration rights, for example
root
.Choose between default and custom settings and run the appropriate installation command.
For installation with default settings, run:
$ univention-app install intercom-service
To pass customized settings to the app during installation, run the following command:
$ univention-app install --set $SETTING_KEY=$SETTING_VALUE intercom-service
Caution
Some settings don’t allow changes after installation. To overwrite their default values, set them before the installation. For a reference, see Settings.
Example: To define a different Keycloak-realm in ICS, run:
$ univention-app install intercom-service \ --set intercom-service/keycloak/realm-name=master