Enable audio playback

This page describes how to enable audio playback in the Conversational Insights console using signed URLs.

With audio playback enabled, you can listen to conversation audio directly in the Conversational Insights console. Audio playback uses signed URLs to provide authenticated, time-limited access to audio files stored in your Cloud Storage buckets. This removes the need to grant users direct access to Cloud Storage buckets for audio playback.

Before you begin

To play audio in the Conversational Insights console, users need permission to generate signed audio URLs. The required IAM permission depends on how the conversation is being accessed:

  • For all conversations: The contactcenterinsights.conversations.generateSignedAudio permission is in the predefined roles Contact Center AI Insights viewer and Contact Center AI Insights editor.
  • For all conversations accessed through a dataset: The contactcenterinsights.datasets.generateSignedAudio permission is in the predefined roles Contact Center AI Insights viewer and Contact Center AI Insights editor.
  • For fine grained accessed through an authorized view: The contactcenterinsights.authorizedConversations.generateSignedAudio permission is in the predefined roles Contact Center AI Insights authorizedViewer and Contact Center AI Insights authorizedEditor.

For more information on fine-grained permissions with authorized views, see Overview of fine-grained access control.

Before you begin, take the following steps:

  1. Make sure you have imported voice conversations into Conversational Insights and that these conversations have audio URIs pointing to audio files in a Cloud Storage bucket. This can be done through:
  2. Find your Google Cloud project number by going to your Project settings page.

Enable audio playback

To enable audio playback using signed URLs, you need to grant the Conversational Insights service account access to your Cloud Storage bucket and configure cross-origin resource sharing (CORS) on the bucket.

Grant service account access to Cloud Storage bucket

  • Conversational Insights requires access to the Cloud Storage bucket where conversation audio is stored to generate signed URLs. You need to grant the Storage Object Viewer role (roles/storage.objectViewer) to the Conversational Insights service account for the buckets containing your audio files.

  • The Conversational Insights service account identifier is: service-PROJECT_NUMBER@gcp-sa-contactcenterinsights.iam.gserviceaccount.com

  • Replace PROJECT_NUMBER with your Google Cloud project number.

For instructions on granting access to a service account for a bucket, see Add a principal to a bucket-level policy.

Configure CORS on Cloud Storage bucket

To allow browsers to play audio from signed URLs generated by Conversational Insights, you must configure CORS on your Cloud Storage bucket to allow access from Conversational Insights console origins.

First, create a JSON file named cors-config.json with the following content:

  [
    {
      "origin": ["https://ccai.cloud.google.com"],
      "responseHeader": ["Content-Type"],
      "method": ["GET"],
      "maxAgeSeconds": 3600
    }
  ]

Then run the following gcloud command to apply the CORS configuration to your bucket:

  gcloud storage buckets update gs://BUCKET_NAME --cors-file=cors-config.json

Finally, replace BUCKET_NAME with the name of your Cloud Storage bucket containing audio files. For more information, see Configure cross-origin resource sharing (CORS).