Skip to main content

Support Doc

 Raga Challapilla (RagaChallapilla)
PEGA
Senior Principal Technical Writer, Customer Service & Sales Automation
Pegasystems Inc.
IN
RagaChallapilla Member since 2020 9 posts
PEGA
Posted: Dec 6, 2023
Last activity: 3 weeks 1 day ago
Posted: 6 Dec 2023 8:10 EST
Last activity: 5 Nov 2024 4:41 EST

Configuring AWS for Transcribe or Kinesis use for Pega Voice AI

This article guides you through the process of setting up user authentication and access control for Amazon Transcribe or Amazon Kinesis Data Streams by using an Amazon Cognito user pool and an Amazon Cognito identity pool. Performing these steps enables you to get Pega Voice AI support for languages that Voice AI does not natively support, by using your Amazon Transcribe subscriptionIt can also enable you to acquire audio for Voice AI analysis through Kinesis Streams for Amazon Connect calls.

Note: Henceforth in the article, Amazon Cognito user pool is referred simply as Cognito user pool, and Amazon Cognito identity pool as Cognito identity pool.

Amazon Cognito provides a fully managed user identity solution that makes it easy to add user sign-up, sign-in, and access control mechanisms to your web and mobile applications. It enables secure access and use of Amazon Transcribe on premises or from a different Amazon Web Services (AWS) account. 

The process of granting access to your Pega Customer Service application to Amazon Transcribe or Amazon Kinesis Streams consists of five high-level steps that you perform in your AWS account, which are described in the sections that follow:

Note: You must also perform some steps in your Pega Customer Service account, which are described in a different article that is referenced at the end of Step 5.
  1. Create a Cognito user pool.
  2. Configure the user pool app client.
  3. Create a user in the user pool.
  4. Create a Cognito identity pool.
  5. Provide Amazon Transcribe access to the authenticated user.

Kinesis Streams implementation requires an additional step - Provide Amazon Kinesis Video Streams access to the authenticated user.

Note: This article describes the steps as on the date of release of Pega Customer Service version 24.2. If AWS updates its user interface after the publication of this article, the screens that you see and steps that you need to perform might vary.

Before you begin:

  • Create an AWS account with appropriate permissions to create a Cognito user pool, Cognito identity pool, Identity and Access Management (IAM) policies, and Amazon Transcribe resources. 

  • Ensure that you have basic familiarity with AWS services and concepts.

  • Go through Accessing AWS services using an identity pool after sign-in in the Amazon Cognito Developer Guide.

Create a Cognito user pool 

  1. In the AWS Management Console, navigate to the Cognito service.
    Note: You can also go to the service directly at https://aws.amazon.com/cognito/.
  2. Click User pools, and then click Create user pool.
    Creating a user pool
  3. In Step 1 - Configure sign-in experience, select the following options:Configure signin experience
    1. In the Provider types section, select Cognito user pool.
    2. In the Cognito user pool sign-in options section, select the User name checkbox.
  4. Click Next.
  5. In Step 2 - Configure security requirements, do the following:
    1. In the Password policy section, retain the default selection, Cognito defaults.
      Configure security requirements - Cognito defaults.
    2. In the Multi-factor authentication section, under MFA enforcement, select No MFA.
      Configure security requirements - No MFA
    3. In the Multi-factor authentication section, under Self-service account recovery, clear the Enable self-service account recovery – Recommended checkbox.
      Configure security requirements - Enable self-service account recovery.
  6. Click Next.
  7. In Step 3 - Configure sign-up experience, do the following:Configure sign-up experience.
    1. In the Self-service sign-up section, clear the Enable self-registration checkbox.
    2. In the Attribute verification and user account confirmation section, clear the Allow Cognito to automatically send messages to verify and confirm – Recommended checkbox.
  8. Click Next.
  9. In Step 4 - Configure message delivery, in the Email section, select Send email with Cognito.
    Configure message delivery.
  10. Click Next.
  11. In Step 5 - Integrate your app, do the following:
    1. In the User pool name section > User pool name field, enter a name for your user pool. 
      Integrate your app - User pool name.
    2. In the Hosted authentication pages section, select the Use the Cognito Hosted UI checkbox.
      Integrate your app - User the Cognito hosted UI checkbox.
    3. In the Domain section > Domain type field, select the Use a Cognito domain radio button.
      Integrate your app - Use a Cognito domain option.
    4. In the Domain section > Cognito domain field, provide a prefix for the Cognito domain.
      Integrate your app - Cognito domain field.
    5. In the Initial app client section > App type field, select Confidential client.
      Integrate your app - App type field.
    6. In the Initial app client section > App client name field, enter a name for your app client, and make a note of this name for future use.
      Integrate your app - App client name field.
    7. In the Initial app client section > Client secret field, retain the default selection, Generate a client secret.
      Integrate your app - Generate a client secret field.
    8. In the Client secret section > Allowed callback URLs field, enter myapp://demo.
      Integrate your app - Allowed callback URLs field.
  12. Click Next.
  13. Review the settings, and then click Create pool.
  14. Open the user pool that you created, and make a note of the User pool name and User pool ID values for future use:
    User pool name and User pool ID values.

Configure the user pool app client

  1. In the AWS Management Console, open the user pool that you created in Create a Cognito user pool above.

  2. In the App integration tab, do the following:

    1. In the App clients and analytics section, click your app client name. (See step 11.6 in Create a Cognito user pool above.)
      The App client information page opens.
    2. Click Edit.
    3. In the Authentication flows list, select the ALLOW_USER_PASSWORD_AUTH flow to add it to the list of authenticated flows.
      App integration - Authentication flows.
      Note: Retain any other authentication flows that are selected by default.
    4. In the Access token expiration field, set a value of 1 day or less.
      App integration - Access token expiration.
    5. In the ID token expiration field, set a value of 1 day or less.
      App integration tab - ID token expiration field.
    6. For all the other fields, retain the default values and selections.
  3. Click Save changes.
  4. Open the App client information page, and make a note of the system-generated Client ID and Client secret values.
    Client ID and Client secret values.

Create a user in the user pool

  1. In the AWS Management Console, open the user pool that you created in Create a Cognito user pool above.
  2. On the Users tab, click Create user.
  3. In the User information section, do the following:Creating a user - User information section.
    1. In the Invitation message field, select Don't send an invitation.
    2. In the User name field, enter a username, and make a note of this username for future use.
    3. In the Temporary password field, select Set a password.
    4. In the Password field, set a temporary password.

  4. Click Create user.
    The Users tab of the user pool displays the new user's details, with the Confirmation status column displaying the text Force change password.

  5. Confirm the user account and set a permanent password through administrator verification, by using the following AWS CLI API command:

    aws cognito-idp admin-set-user-password --user-pool-id <pool_ID> --username <username> --password <set permanent password> --permanent --region us-east-1

    Note: For the username value, refer to step 3.2 of this section (Create a user in the user pool). For the user_pool_ID value, refer to step 14 of the Create a Cognito user pool section.

  6. Make a note of the the permanent password that you set in step 5 for future use.

  7. Verify that the Confirmation status has changed to Confirmed.

Create a Cognito identity pool

  1. In the AWS Management Console, navigate to the Cognito service.
    Note: You can also go to the service directly at https://aws.amazon.com/cognito/.
  2. Click Identity pools, and then click Create new identity pool
  3. In Step 1 - Configure identity pool trust, select the following options:Configuring identity pool trust.
    1. In the Authentication section > User access field, select Cognito user pool
    2. In the Authentication section > Authenticated identity sources field, select Amazon Cognito user pool.
  4. Click Next.
  5. In Step 2 - Configure permissions, do the following:Configuring permissions.
    1. In the Authenticated role section > IAM role field, select Create a new IAM role.
    2. In the IAM role name field, enter a role name.
  6. Click Next.
  7. In Step 3 - Connect identity providers, select the following options:
    1. In the Amazon Cognito user pool section, in the User pool ID and App client ID fields, enter the name of the user pool and the app client, respectively. (See Create a Cognito User Pool above.)
      Connect identity providers - User pool ID and App Client ID values.
    2. In the Role settings section, in the Role field, select Use default authenticated rule.
      Connect identity providers - Use default authenticated role option.
    3. In the Attributes for access control section, in the Claim mapping field, select Inactive.
      Attributes for access control - Claim mapping.
  8. Click Next.
  9. In Step 4 - Configure properties, in the Identity pool name section, enter a name for the identity pool.
    Configure identity pool - Identity pool name field.
  10. Click Next.
  11. Review the settings, and then click Create identity pool.
  12. Open the created identity pool, and make a note of the Identity pool ID and Authenticated access role (IAM role) values for future use.
    Identity pool ID and Authenticated access role values.

Provide Amazon Transcribe access to the authenticated user

  1. In the AWS Management Console, navigate to Identity and Access Management (IAM).
    Note: You can also go to IAM directly at https://console.aws.amazon.com/iamv2.
  2. Expand Access Management, and click Roles.
  3. Find and click the IAM role that you noted in Create a Cognito Identity Pool > Step 12.
    The system displays the user information.
  4. In the Permissions policies section, in the Add permissions list, select Attach policies, then select the AmazonTranscribeFullAccess AWS managed policy.
    Adding permissions to authenticated users.
  5. Click Add permissions.

Next, configure the necessary settings in your Pega Customer Service application to complete the Amazon Transcribe setup. For more information, see Implementing multi-language support with Amazon Transcribe in the Pega Customer Service Implementation Guide for Constellation or the Pega Customer Service Implementation Guide for UI Kit.

Provide Amazon Kinesis Video Streams access to the authenticated user

  1. In the AWS Management Console, navigate to Identity and Access Management (IAM).
    Note: You can also go to IAM directly at https://console.aws.amazon.com/iamv2.
  2. Expand Access Management, and click Roles.
  3. Find and click the IAM role that you noted in Create a Cognito Identity Pool > Step 12.
    The system displays the user information.
  4. In the Permissions policies section, click Add permissions.
    The Add permissions option in the AWS Management Console.
  5. In the Add permissions list, select Attach policies, then select the AmazonKinesisVideoStreamsFullAccess AWS managed policy.
    The AmazonKinesisVideoStreamsFullAccess AWS managed policy.
  6. Click Add permissions.

Next, configure the necessary settings in your Pega Customer Service application to complete the Amazon Transcribe setup. For more information, see Implementing Kinesis Streams for Amazon Connect in the Pega Customer Service Implementation Guide for Constellation or the Pega Customer Service Implementation Guide for UI Kit.

To see attachments, please log in.
Pega Customer Service '23
Voice AI
How To

Did you find this content helpful?
Yes
No

  • Reply

Related content:

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice