This feature allows you to securely identify an authenticated consumer and receive consumer information so our Zoom Virtual Agent bot and/or Zoom Contact Center agent can take appropriate steps to help resolve their issues. Consumer information of authenticated consumers are set by the Zoom Contact Center/Zoom Virtual Agent Web SDK to Zoom Contact Center / Zoom Virtual Agent Global variables so that they can be used in the flows or visible to agents in the Zoom Contact Center desktop client.

Prerequisites for changing campaign settings

• Account owner or admin privileges; or relevant role/privilege
• Zoom Contact Center license

How to configure consumer authentication

1. Sign in to the Zoom web portal.
2. In the navigation menu, click Contact Center Management then Preferences.
3. In the Account General Settings tab, scroll down to the Consumer Authentication section.
4. Enable the Consumer Authentication setting and configure the two settings below:
   • Authentication Endpoint: The Zoom Contact Center / Zoom Virtual Agent Web SDK will perform a GET API request when the consumer begins the engagement and when the page is reloaded. This endpoint should return a signed JWT containing information about the consumer.
   • JWT Public Key: This is ES256 public key that Zoom will use to verify the JWT signature. See details below

How to configure authenticated chat

1. Follow the previous section, create an authentication endpoint which uses cookies to authenticate the consumer.
2. When a consumer begins a chat engagement on your website, the Zoom Contact Center/Zoom Virtual Agent Web SDK will place a GET request to your authentication endpoint.
3. Verify if the consumer is a valid, authenticated user. If the consumer is valid, your authentication endpoint should respond with consumer information in a signed JWT response in the following format:
   {"loginUserIdJwt": "<JWT"}
4. The JWT should have three parts: Header, Payload, and Signature. The Header should contain information about the signing algorithm used, which should be ES256.

Example of JWT header

{
"cty": "text/plain",
"alg": "ES256"
}

The end consumer information should be part of payload. The payload should also include a field “exp” of epoch format, which indicates JWT expiration time. This will be used while verifying the JWT in the Zoom backend.

Example of JWT Payload

{
"exp": <epoch_expiration_time,
"email": "janet.smith@example.com",
}

Both Header and Payload data are in the JSON format but encoded. Finally, the signature is calculated by encoding the header and payload and signing it with ES256 private Key.

As mentioned, the JWT needs to be signed so that Zoom can validate the authenticity of the authentication endpoint response. To do this, create an ES 256 private key/public Key pair. Use your private key to sign the signature of the JWT. This ES256 public key should be added to the Zoom Contact Center/Zoom Virtual Agent Admin page. This public key will be used on Zoom’s backend to verify the JWT signature. You can refer this to create Key pairs:

ES256 private key/public key pair

Below is an example on how you can create ES256 private key/public key pair.

You can use this to create ES256 private Key public Key pairs. Create a private key using this:

openssl ecparam -name prime256v1 -genkey -noout -out es256-private-key.pem

Create the corresponding public key using this:

openssl ec -in es256-private-key.pem -pubout -out es256-public-key.pem

Private Key will be in es256-private-key.pem and public key in es256-public-key.pem

How to use Consumer Authentication in a Zoom Contact Center or Virtual Agent flow

The purpose of the Consumer Authentication feature is that you can access data about the consumer within your Zoom Contact Center / Zoom Virtual Agent flow. The data that you include in the JWT payload can be mapped to Zoom Contact Center / Zoom Virtual Agent global variables. Currently, we support the mapping below.

JWT Payload field	Zoom Contact Center / Zoom Virtual Agent global variable
email	global_system.Consumer.email

In addition to the above mapped fields, there is also the authenticationStatus variable (global_system.Engagement.authenticationStatus) which is a boolean variable that is set to True if the consumer is authenticated. In your Zoom Contact Center / Zoom Virtual Agent flow, you should check the value of this variable.

• If it is true, then you can trust that the above mapped fields/variables are set using the Consumer Authentication process and your signed JWT.
• If the authenticationStatus variable is false, the consumer is not authenticated. The global_system.Consumer.email variable may still be populated, for example with the Welcome Screen, however you should not trust the data as it is not verified using Consumer Authentication.