Skip to main content
Chat simulations Live monitoring Voice simulations

Overview

The Google CES integration connects a Google Customer Engagement Suite app to Roark for chat simulations. Roark sends each persona turn to the CES runSession endpoint and records the agent’s reply as part of the chat transcript. Authentication uses Workload Identity Federation (WIF) so no long-lived service account keys ever leave your GCP tenant. Roark mints a short-lived access token at simulation time using credentials your team controls and can revoke at any time.

Prerequisites

Before getting started, you’ll need:
  • A Google Cloud project with a published Customer Engagement Suite app
  • Permissions in that project to create a Workload Identity Pool and configure a service account with access to your CES app
  • The CES app coordinates: Location, App ID, Version ID, Deployment ID

Setting Up Workload Identity Federation

WIF setup requires a few values from Roark to authorize in your Workload Identity Pool. Reach out to us and we’ll walk you through it end-to-end — typically a single back-and-forth to share the values you need, after which you generate the WIF credential JSON on your side and paste it into Roark.

Get help setting up WIF

Email support@roark.ai and we’ll get you set up. Include your GCP project ID and CES app coordinates if you have them handy.
Once WIF is configured on your side, you’ll have a credential configuration JSON document (type: "external_account") ready to paste into Roark.

Creating the Integration in Roark

1

Open the integration form

Navigate to Settings → Integrations, click Add Integration, and select Google CES.
2

Fill in the configuration

FieldDescription
Integration NameFriendly name for this integration
WIF Config JSONThe full external-account credential JSON from your Workload Identity Pool. Stored encrypted at rest.
CES LocationGCP region for your CES app (e.g. us, global)
CES App IDUUID of the CES app, from the CES console
CES Version IDUUID of the app version to run
CES Deployment IDUUID of the deployment to target
3

Save

On save, Roark validates the WIF document’s shape, stores it encrypted, and auto-provisions:
  • One Roark agent named after the integration
  • One GOOGLE_CES chat endpoint linked to the integration
The endpoint is immediately usable in run plans.

How Authentication Works at Runtime

When a chat simulation runs against a Google CES endpoint, Roark mints a fresh access token for the request rather than storing one:
  1. Roark uses your WIF configuration to obtain a federated token from Google STS.
  2. The federated token is exchanged for a short-lived OAuth access token that impersonates your configured service account.
  3. Roark sends Authorization: Bearer <token> on each call to …/sessions/{sessionId}:runSession.
Tokens are short-lived (≈1 hour) and live only in memory for the duration of the simulation. You can revoke access at any time by removing Roark from your Workload Identity Pool.

How Conversations Are Driven

Each simulation generates a unique session ID per run. For every persona turn, Roark POSTs to: 
POST https://<location>-ces.googleapis.com/v1beta/projects/<project>/locations/<location>/apps/<appId>/sessions/<sessionId>:runSession
with a body referencing your app_version and deployment plus the user input text. The agent’s reply is read from outputs[0].text and added to the chat transcript. CES creates the session on the first call with a new session ID and resumes it on subsequent calls with the same ID, so no separate bootstrap call is needed.

What’s Not Supported

  • Voice simulations — Google CES integrations are chat-only.
  • Live monitoring / call import — Roark does not pull historical or live conversations from CES. Use chat simulations to evaluate the agent.

Next Steps

Run Chat Simulations

Test your CES app with persona-driven chats

Build Scenarios

Define the conversations to test

Metric Policies

Automate evaluation on every chat

Integration Overview

Explore other integrations