1. Installation#

You can install the app UCS Intercom Service like any other app with Univention App Center.

UCS offers two different ways for app installation:

  • With the web browser in the UCS management system

  • With the command-line

For general information about Univention App Center and how to use it for software installation, see Univention App Center in UCS 5.0 Manual [1].

1.1. Prerequisites#

Installing this app has various prerequisites:

  1. ICS supports OIDC. Nextcloud (>=23.0) and OX App Suite (>=7.10.6) must authenticate through OIDC, as well.

  2. For working CSRF protection all other apps need to be up to date.

  3. ICS requires the Nordeck bot up and running for Matrix.

  4. ICS requires its three secrets before installation, see Secrets for details.

  5. ICS requires a configured Keycloak (>=12.0), including a valid Intercom OIDC client before installation.

1.2. Add ICS client to IdP#

To prepare the existing IdP for the installation of the app UCS Intercom Service, use the following steps:

  1. Enter the Keycloak Admin Console.

  2. Create a OIDC Client. Recommendation is to use the default value intercom for the Client ID and leave the Root URL empty and save it.

    During app installation, UCS Intercom Service asks for the Client ID.

  3. Set Access Type to confidential.

  4. Set Service Accounts Enabled and Authorization Enabled to On.

  5. Set Backchannel Logout URL to your intended domain for ICS with protocol and append the backchannel-logout path, for example:

    https://ics.example-domain.example-tld/backchannel-logout
    

    This step requires Keycloak >=12.0.0.

  6. Set Backchannel logout session required to On.

  7. Set the valid redirect URL to your intended ICS domain with protocol and append the /callback path, for example:

    https://ics.example-domain.example-tld/callback
    
  8. Go to the tab Credentials, copy the secret and save it to /etc/intercom-client.secret.

  9. Go to the tab Client Scopes and add offline_access to Assigned Default Client Scopes.

  10. Make sure the Access Token includes a mapper for both the username and the user unique identifier. The documentation for these claims can be found in the UCR variables intercom-service/settings/username-claim and intercom-service/settings/user-unique-mapper.

1.3. Installation with the web browser#

To install ICS from the UCS management system, use the following steps:

  1. Use a web browser and sign in to the UCS management system.

  2. Open the App Center.

  3. Select or search for Intercom Service and open the app with a click.

  4. To install Intercom Service, click Install.

  5. Leave the App settings in their defaults or adjust them to your preferences. For a reference, see Settings.

  6. To start the installation, click Start Installation.

Note

To install apps, the user account you choose for login to the UCS management system must have domain administration rights, for example the username Administrator. User accounts with domain administration rights belong to the user group Domain Admins.

For more information, see Delegated administration for UMC modules in UCS 5.0 Manual [1].

1.4. Installation with command-line#

To install the app UCS Intercom Service from the command-line, use the following steps:

  1. Sign in to a terminal or remote shell with a username with administration rights, for example root.

  2. Choose between default and custom settings and run the appropriate installation command.

    For installation with default settings, run:

    $ univention-app install intercom-service
    

    To pass customized settings to the app during installation, run the following command:

    $ univention-app install --set $SETTING_KEY=$SETTING_VALUE intercom-service
    

    Caution

    Some settings don’t allow changes after installation. To overwrite their default values, set them before the installation. For a reference, see Settings.

    Example: To define a different Keycloak-realm in ICS, run:

    $ univention-app install intercom-service \
      --set intercom-service/keycloak/realm-name=master