ULM Cloud Onboarding and Integration
Content
- Overview
- Roles and Responsibilities
- Onboarding Requirements
- Access and Configuration
- Integration APIs
- Next Steps - Contact Us
Overview
This document contains the high-level requirements, steps, and configurations for any business looking to integrate and onboard with MarketONE Connect and implement user lifecycle management capabilities into their client application(s). As a part of your organization's journey, the MarketONE product team needs to some basic information about your organization, your product(s), and the required settings for your license of the Connect service.
System settings described below will be initially implemented in your organization's pre-production environment. Configurations will carry through to live production environment. Although some settings will not be immediately available, or decisions on other configuration points may be pending further discovery sessions between your organization and ours, the MarketONE team would like to collect as much information from you as available to build toward your desired go-live scenario as seamlessly as possible.
Please review the following sections to get an idea of what MarketONE needs upfront, and then reach out the MarketONE product team (enan.hoque@amdocs.com and sumit.parab@amdocs.com) for the next official steps (i.e., onboarding forms, checklists, documentation).
RACI Codes
The following table contains descriptions of RACI codes that are used in this topic.
| Code | Description |
|---|---|
| R | The person responsible for the completion of the tasks that constitute the project. |
| A | The person accountable for the successful completion of the entire project. This accountability consists in reviewing the work that the responsible person provides once the work is finished, and then giving technical sign-off for it. |
| C | The person consulted whose advice on the project is sought because they are a subject matter expert (SME). |
| I | The person informed (kept up-to-date) on the progress of the project. |
Roles and Responsibilities
MarketONE will work with your organization at every step of the onboarding journey, from day one to the final testing in pre-production, in order to ensure you achieve a streamlined and secure go-live scenario.
| Phase | Task | MarketONE | Org. | |
|---|---|---|---|---|
| Orientation and Education | 1 | Integration and onboarding-focused virtual sessions with your organization. | R, A | I |
| 2 | MarketONE provides your team with the following:
- Onboarding questionnaire - Developer Documentation, including: - REST API & Business Process Guide - REST API documentation via SwaggerHub - Supplemental documents, diagrams, and instructions as required |
R, A | I | |
| Organization Checklist | 3 | Your team reviews documents sent by MarketONE, and returns answers for the questionnaire. | ||
| Education, Q&A | 4 | MarketONE liaises with your organization for further Q&A on documentation and integration details. | R | R, A |
| Setup and Configuration | 5 | MarketONE provisions your organization in both production and non-production environments in the cloud. This includes:
- Initial configuration points and system settings, as per details provided by your organization. - Setting your team members up with access to the MarketONE Developer Portal. - Creating Admin User roles for your employees, o they can access the MarketONE Admin UI web application. |
R, A | I |
| 6 | Your organization familiarizes itself with the provisioned environments and Connect APIs. MarketONE provides technical consultation, Q&A. | C | R, A | |
| 7 | (Optional) Establish back end system integration between MarketONE Connect and your back-end Business or Operations Support System, if any.
MarketONE will perform testing to validate your setup and configuration. |
I, C | R, A | |
| API Implementation and Testing | 8 | Your developers integrate Connect APIs and Business Processes into their client applications. | C | R, A |
| 9 | Both parties perform system integration testing in pre-production leading up to go-live in the production environment. | R, A | R, A | |
Onboarding Requirements
This section contains the prerequisite information needed for the integration between your organization and MarketONE Connect. Contact the MarketONE Connect product management (enan.hoque@amdocs.com or sumit.parab@amdocs.com) once you're ready to start onboarding.
Business Details
MarketONE needs the following information about your organization:
| Required Details | Description | Example |
|---|---|---|
| Organization Name (e.g. Experience Co.) | Name of your organization. | Experience Co. |
| Organization Acronym/Code (e.g. EXP) | Short code of your organization, also used for Amdocs' hosted domains (exp.m1amdocs.com). Acronym/code limit: from 2 to 15 characters. |
EXP |
| Website | Website of your organization. | experienceco.com |
| Address | The physical address of your organization's primary office of operations. | 123 Valley Street, California |
| Country or Countries of Operation | The country or countries in which your business legally operates. | USA, CAN, UK |
| Country or Countries of User Base | The country or countries in which your user's reside. | Global reach with most customers in USA, CAN, UK |
| Target Go-live Date | The date in which you wish to go live with Connect integrated with your application(s). | Q3 202X |
Use Case Checklist
The following table contains key business use cases and capabilities delivered, out of the box, by MarketONE Your organization will be able to easily fulfil each use case when you integrate your application(s) or system with Connect REST APIs and API-driven Processes.
Certain administrative capabilities are provided through MarketONE Care and MarketONE Admin web applications that your employees (i.e., managers, system administrators, and customer service representatives) can sign into and use. However, Connect makes the relevant APIs available for direct integration, should your organization want to build certain Care and Admin functions into your own administrative or customer service applications.
Note: Certain functions, such as application settings configuration and management, can only be executed through the Admin UI.
ULM Cloud also includes the option of a standardized Identity Portal and User Profile UI (or simply IDP UI), out of the box, that your organization can integrate into your applications. This IdP leverages the same Connect REST APIs and Processes that your organization otherwise directly integrates to build your own sign-up/sign-in and user profile screens.
| Capabilities | Use Cases | Options |
|---|---|---|
| Identity Provisioning (i.e., User Onboarding) | Onboard a new user with their email address and password. | Process API, IdP & Profile UI |
| Onboard a new user with their mobile number and password. | Process API, IdP & Profile UI | |
| Onboard a new user with with desired social account. | Process API, IdP & Profile UI | |
| Generate, deliver, and redeem a One-time Passcode (OTP) to verify user's ownership of external contact channel (e.g., email or mobile), and activate User ID. | Process API, IdP & Profile UI | |
| Identity Management | Anonymous end user resets their password (i.e., "Forgot Password?" flow). | Process API, IdP & Profile UI |
| Authenticated end user updates their current password with a new one. | Process API, IdP & Profile UI | |
| Add/update/remove email address from User ID. | Process API, IdP & Profile UI | |
| Add/update/remove mobile number from User ID. | Process API, IdP & Profile UI | |
| Add/update/remove alias from User ID. | Process API, IdP & Profile UI | |
| Associate/dissociate social account to User ID. | Process API, IdP & Profile UI | |
| Register/remove email or mobile as a secondary factor, for Multi-Factor Authentication security option. | Process API, IdP & Profile UI | |
| Register/remove third-party Authentication App as secondary factor, for Multi-Factor Authentication security option. | Process API, IdP & Profile UI | |
| Identity Authentication (i.e., User Sign-In) | Authenticate user with their registered email and password. | Process API, IdP & Profile UI |
| Authenticate user with their registered mobile number and password. | Process API, IdP & Profile UI | |
| Authenticate user with their registered alias and password. | Process API, IdP & Profile UI | |
| Authenticate user with their associated social account (passwordless). | Process API, IdP & Profile UI | |
| Automatically invoke reCAPTCHA (invisible) security protocol to determine that the end user is human. | Process API, IdP & Profile UI | |
| Automatically invoke Multi-Factor Authentication security protocol to determine that the end user owns the User ID. | Process API, IdP & Profile UI | |
| Customer Care | Search for and retrieve User IDs using attributes (e.g., name, contact channel, etc.). | MarketONE Care |
| Review the historical activity of a selected User ID. | MarketONE Care, Admin API | |
| Add/update/remove attributes on a User ID on behalf of an end user. | MarketONE Care, Admin API | |
| Resend verification message (OTP) to an end user's contact channel, on behalf of an end user. | MarketONE Care, Admin API | |
| Send password reset message to an end user's contact channel, on behalf of an end user. | MarketONE Care, Admin API | |
| Dissociate an associated Social Account from User ID, on behalf of an end user. | MarketONE Care, Admin API | |
| System Administrative Settings | Create/update/remove system notification message templates. | MarketONE Admin API |
| Create/update/remove Admin users. | MarketONE Admin, Admin API | |
| Create/update/remove Admin roles (collection of permissions that define what an Admin user can access). | MarketONE Admin, Admin API | |
| Retrieve list of Admin users. | MarketONE Admin UI, Admin API | |
| Reset password for an Admin user. | MarketONE Admin UI, Admin API | |
| Register and manage third-parties for OIDC integration (i.e., create your own Relying Parties for Single-Sign-On). | MarketONE Admin UI | |
| Manage social connections settings (i.e., enableremove integrations with supported Social Identity providers). | MarketONE Admin UI | |
| Manage security settings (e.g., password complexity rules, user lockout duration, etc.). | MarketONE Admin UI | |
| Manage user authentication settings (e.g., define valid email/mobile patterns, number of allowable aliases per user, etc.). | MarketONE Admin UI |
Access and Configuration
This section contains the access needs and configuration points the MarketONE team will help set up in advance of your organization's access to ULM Cloud service capabilities.
Authorized User Access
MarketONE needs the list of persons from your organization who will serve as the “Authorized User” role or as your organization’s or product's representative with MarketONE. Authorized Users are designated individuals who are required to approve requests to modify SP configurations, add/delete portal users, and modify roles. When submitting your company and product information, please include a list of Authorized Users by full name, along with their titles, email address, and work phone number.
| Name | Title | Phone Number | |
|---|---|---|---|
Production Support Contact Email
MarketONE recommends that your organization creates one or more email address to recieve notifications from MarketONE production support. Notifications may include information on specific product announcements, outcomes of root cause analysis, or information concerning process delays or interruptions that have a specific impact on your operations.
| Production Support Contact Email(s) | |
|---|---|
| Production General Support Email | |
| Production General Support Alternate | |
Network Operating Center (NOC) Contact
MarketONE requires at least one person’s contact information, along with their email, phone, and third-party NOC contact (if applicable), be provided for the purpose of communicating mission critical information, such as network maintenance time windows, etc.
| NOC Contact Information | |||
|---|---|---|---|
| Name | Title | Phone Number | |
Super Admin
Your organization needs to provide a list of users to have access to the MarektONE Admin web application (or simply the Admin UI). The Admin UI enables your key employees to administer various aspects of the Connect service, including:
- Create Relying Parties (RPs) for Single Sign-On.
- Set up integrations with supported social identify providers (Facebook, Google, etc.).
- Adjust application settings to modify Process logic (e.g., enable Multi-Factor Authentication, tweak valid email or mobile formats, etc.).
When submitting your company and product information, please include a list of desired Admin UI users. For each user, include their full name, along with their titles, email address, and work phone number.
| MarketONE Admin User List - Super Admin Role | |||
|---|---|---|---|
| Name | Title | Phone Number | |
Note: The Super Admin role allows an Admin user to configure and add additional roles and Admin users, should your organization want to define and grant partial access to select teams member within your company.
Supported Devices
MarketONE needs to know the client platforms that your organization's application(s) will support:
| Client Platform | Meaning |
|---|---|
| Web Browsers | Your organization intends to use Connect capabilities in web-based applications. |
| Mobile Devices | Your organization intends to use Connect capabilities in mobile applications. |
| Android Set-top Boxes | Your organization intends to use Connect capabilities in Android-based Set-top Boxes. |
| Linux Set-top Boxes | Your organization intended to use Connect capabilities in Linux-based Set-top Boxes. |
| Others (Please Specify) | Please specify any other platforms or devices your applications will support. |
Technical Information
MarketONE needs to know the following technical information:
- The operating system and version where MarketONE client code will run.
- Programming language and version used to invoke MarketONE interfaces.
Domain Names and Certificates
As a tenant on MarketONE Connect service, your organization has access via an Amdocs-provided subdomain (based on the *.m1amdocs.com domain, for example orgname.m1amdocs.com). Amdocs provides secure access with enforced HTTPS access and TLS v1.2 certificates.
Your organization can include a custom domain instead of an Amdocs subdomain. However, MarketONE provides enforced HTTPS access and TLS certificates with the Amdocs subdomain.
Social Integrations
Out of the box, MarketONE Connect supports easy-to-configure integrations with the following social account providers:
- Apple
Integration with a social provider enables back end associations between a Connect user's User ID and that user's social account. In other words, a social integration allows your application to offer social onboarding and authentication user flows, so that prospective users can sign up and sign in with their existing social accounts.
There are two steps to configuring a social integration. First, your organization needs to navigate to the social provider's developer portal to create an app. As a part of that process, the social provider issues specific secret keys. Then, those keys are provided to MarketONE Connect in the MarkertONE Admin web application, under the Social Connections settings menu. Once these two steps are complete, your instance of the Connect service will support live calls between Connect Processes and the configured social provider.
For example, a Facebook integration is set up like this:
- Navigate to the Facebook Developer Portal portal, create an account, and sign in.
- Create an App ID (select the For Everything Else option).
- Enter the App Name.
- Add the Facebook Login product and select the Web platform.
- Facebook will then iue specific information required for the app integration. Make a note of the AppId and AppSecret.
- Add the end url (Amdocs managed or custom domain) to the Valid OAuth Redirect URIs.
- Navigate to the MarketONE Admin web application, and sign in.
- Navigate to Settings > Social Connections, and toggle the Enable Facebook option.
- Add the AppId and AppSecret to the equivalent ClientId and ClientSecret.
reCAPTCHA Site Key
MarketONE supports reCAPTCHA v2 (invisible) protocol in it's Authenticate User Process. If your organization wants to leverage reCAPTCHA in your application(s), then you'll need to create a reCAPTCHA site using the following steps:
- Navigate to the reCaptcha homepage, and create a new site with reCAPTCHA v2 (invisible).
- Add domain to match m1amdocs.com domain, or your own domain (if using one).
- Take a note of reCAPTCHA secret key and recaptcha site key.
- NNavigate to the MarketONE Admin web application, and sign in.
- Navigate to Settings > Security, and add the secret key and site key to the equivalent Default Secret Key and Default Site Key.
Relying Party (RP)
MarketONE Connect allows your organization to create and manage OIDC-based Relying Parties in the MarketONE Admin web application. A Relying Party is application that requires user authentication and claims from an OpenID Connect provider (in this case MarketONE ULM Cloud is the provider) for Single Sign-ON (SSO). In essence, your end users can sign into a single login portal, and then navigate to other applications. As a part of that navigation, the inintal sign-in client then federates authentication to the subsequent applications so that, on the front end, your end users have a smooth, seamless experience without the need to re-authenticate.
In the initial onboarding phase, MarketONE pre-provisdions a dummy/sample RP with a redirect URL, all authorization flows enabled, refresh tokens enabled, and all scopes enabled & whitelisted. The MarketONE team then informs your organization of the client-ID, the client secret, and the redirect URL. Once your Admin Users are set up, they can then sign into the Admin UI and easily set up additional RPs under the OIDC Clients section of the UI.
Settings
MarketONE ULM Cloud includes access to the MarketONE Admin UI web application (or simply the Admin UI). Once your organization is onboarded, MarketONE provisions Admin User profiles for your desired team members who can then sign into the manage system settings. However, for the initial onboarding phase, you can optionally us with a few details upfront so that the MarketONE team can pre-configure the key settings for your environment in advance. Your Admin Users will be able to sign into the application at a later date, and modify these settings as desired.
The following tables includes key settings with default/example values:=.
Security Settings
| User Lockout Security Settings | ||
|---|---|---|
| Setting | Description | Example/Default Value |
| Max failed sign-in attempts | Users will be temporarily locked out of their identity when this amount is reached (3-10 attempts). | 10 |
| Failed sign-in attempts | Sign-in attempts within this time window will count towards the maximum amount of failed signed in attempts (1800-7200 seconds). | 3600 |
| User lockout duration | Users will be unable to authenticate for this duration when the maximum number of failed sign-in attempts is reached (1800-7200 seconds). | 3600 |
| Password Complexity Security Settings | ||
|---|---|---|
| Setting | Description | Example/Default Value |
| Upper Case | Require passwords to include a minimum of one upper case (A-Z) character. | True |
| Lower Case | Require passwords to include a minimum of one lower case (a-z) character. | True |
| Numberic Case | Require passwords to include a minimum of one numeric (0-9) character. | True |
| Length | Require passwords to include a minimum password character length. | 8 characters |
| Action Token Security Settings | ||
|---|---|---|
| Setting | Description | Example/Default Value |
| Short Tokens - OTP Length | Character length for short-form One-time Passcodes (OTPs) sent to the end user by M1 Connect. Options include: 3, 4, 5, 6 |
4 |
| Short Tokens - OTP Format |
Character format for short-form One-time Passcodes (OTPs) sent to the end user by M1 Connect.
Options include: Numeric, Alphabetic, Alphanumeric, Base36 |
Alphabetic |
| Short Tokens - OTP Casing | Character caing for short-form One-time Passcodes (OTPs) sent to the end user by M1 Connect. Option include: Upper case, Lower caem Mixed Cae |
Uppercase |
| Long Tokens - Expiration Period | The expiration period of all tokens in minutes (1-28800 minutes). | 28800 |
| Long Tokens - Authenticate User Token | The token string will be appended to this URL to form the link sent out to users for verification during authentication. | https://nxt-ulm-qa.m1amdocs.io/user_confirm?token_value= |
| Long Tokens - Onboard User with Email or Mobile | The token string will be appended to this URL to form the link sent out to users for verification during onboarding with email or mobile number. | https://nxt-ulm-qa.m1amdocs.io/user_confirm?token_value= |
| Long Tokens - Onboard with Social Account | The token string will be appended to this URL to form the link sent out to users for verification during onboarding with social media. | http://nxt-ulm-qa.m1amdocs.io/user_confirm?token_value= |
| Long Tokens - Add or Update Email or Mobile | The token string will be appended to this URL to form the link sent out to users for verification during adding or updating authentication identifiers. | https://nxt-ulm-qa.m1amdocs.io/user_confirm?token_value= |
| Long Tokens - Resend Verification Message | The token string will be appended to this URL to form the link sent out to users for verification when a resend is requested. | http://nxt-ulm-qa.m1amdocs.io/user_confirm?token_value= |
| Long Tokens - Identity Recovery | The token string will be appended to this URL to form the link sent out to users for verification during identity recovery. | http://nxt-ulm-qa.m1amdocs.io/reset?token_value= |
| reCAPTCHA Security Settings | ||
|---|---|---|
| Setting | Description | Example/Default Value |
| Default Secret Key | The shared key between MarketONE ULM Cloud and reCAPTCHA. | 6LdcmqIZAAAAAK2mM3exampleBgplL5UAeCg1lrfBg5siUz |
| Default Site Key | The site key to use for client side integration | 6LdcmqIZAAAAAHFf4exampleZu7NW30IwJERJKRdYEORwh9 |
Social Connection Settings
| Apple Connection Settings | ||
|---|---|---|
| Setting | Description | Example/Default Value |
| Enable Apple Connection | Whether to enable Apple as a social provider. This will allow social association, social onboarding, and social association Processes to use Apple as a specified provider. | True |
| Client ID | ID used for integration between MarketONE ULM Cloud and Apple. | com.amdocs.example |
| Client Secret | Shared secret key used for integration between MarketONE ULM Cloud and Apple. | eyJraWQiOiI4VzdexampleGMlIzVjQ3IiwiY |
| LinkedIn Connection Settings | ||
|---|---|---|
| Setting | Description | Example/Default Value |
| Enable LinkedIn Connection | Whether to enable LinkedIn as a social provider. This will allow social association, social onboarding, and social association Processes to use LinkedIn as a specified provider. | False |
| Client ID | ID used for integration between MarketONE ULM Cloud and LinkedIn. | com.amdocs.example |
| Client Secret | Shared secret key used for integration between MarketONE ULM Cloud and LinkedIn. | eyJraWQiOiI4VzdexampleGMlIzVjQ3IiwiY |
| Facebook Connection Settings | ||
|---|---|---|
| Setting | Description | Example/Default Value |
| Enable Facebook Connection | Whether to enable Facebook as a social provider. This will allow social association, social onboarding, and social association Processes to use Facebook as a specified provider. | True |
| Client ID | ID used for integration between MarketONE ULM Cloud and Facebook. | com.amdocs.example |
| Client Secret | Shared secret key used for integration between MarketONE ULM Cloud and Facebook. | eyJraWQiOiI4VzdexampleGMlIzVjQ3IiwiY |
| Google Connection Settings | ||
|---|---|---|
| Setting | Description | Example/Default Value |
| Enable Google Connection | Whether to enable Apple as a social provider. This will allow social association, social onboarding, and social association Processes to use Google as a specified provider. | True |
| Client ID | ID used for integration between MarketONE ULM Cloud and Google. | com.amdocs.example |
| Client Secret | Shared secret key used for integration between MarketONE Connect and Google. | eyJraWQiOiI4VzdexampleGMlIzVjQ3IiwiY |
User Authentication Settings
| User Authentication Settings | ||
|---|---|---|
| Setting | Description | Example/Default Value |
| Maximum number of aliases | Limits the amount of aliases that your end users can create (1-3) | 1 alias per user |
| Valid email format | A regular expression pattern that defines what the valid email format is. | c.+@.+\..+ |
| Email obfuscation rule | A regular expression pattern that defines the display of an obfuscated email. | $1****$3 |
| Email obfuscation grouping pattern | A regular expression pattern to parse email addresses for obfuscation. | (\w{1})(\w+)?(@.*) |
| Valid mobile number format | A regular expression pattern that defines what the valid mobile number format is. | ^\(?([0-9]{3})\)?[-.\s]?([0-9]{3})[-.\s]?([0-9]{4})$ |
| Mobile obfuscation rule | A regular expression pattern that defines the display of an obfuscated mobile number. | ($1**)***-***$5 |
| Mobile obfuscation grouping pattern | A regular expression pattern to parse mobile numbers for obfuscation. | ^\(?([0-9]{1})([0-9]{2})\)?[-.\s]?([0-9]{3})[-.\s]?([0-9]{3})([0-9]{1})$ |
Integration APIs
If your organization is a large scale, telco-grade service provide, and you want to integrate your back-end syste,, (BSS, OSS, CRM) to MarketONE ULM Cloud, then your organization must integrate with a subset of MarketONE Adapter Interface APIs.
Depending on the use cases where MarketONE is involved, one or more APIs need to be provided by the organization according to the "MarketONE Adapter" interface specification.
| APIs for ULM Cloud Integration | API Overview |
|---|---|
| POST /v2/notification | MarketONE will send a notification to the user or customer, for example, at the time of purchase when a redemption code needs to be sent to a customer. |
| GET /v2/accounts | Retrieve accounts according to criteria in query parameters. |
| GET /v2/subscriptions | Retrieves a list of Subscriptions for a given account using the “account” query parameter. |
Note: Your organization's technical experts can navigate to the MarketONE Developer portal's API Reference library, and review integration API specification under the MarketONE CSP Adapter APIs section.
Next Steps - Contact Us
After reviewing the above information, please reach out to the MarketONE team at enan.hoque@amdocs.com and sumit.parab@amdocs.com with the above-mentioned required information. We'll clarify any additional initial required information, and set you on the path to a swift and secure implementation of the MarketONE Connect capabilities.