A place to ask questions, connect with others, and stay in the know
Would you please let me know if it is possible to have auto-provisioning of Genesys cloud users based on Azure AD application access group and utilize groups for access and provisioning?Currently Salesforce and Service Now apps have this auto provisioning users/access groups using SSO integration.In general, users will be added to the Genesys cloud access group in the Azure AD, where you have the option to specify the access groups ( such as Admin, users, MasterAdmin etc). based on that info when customers org is enabled for SSO integration, they wanted users allocated with necessary roles in the GC during login. i.e. auto-provisioning end-users with login group information in the Genesys cloud.Let us know if there are any API's available for SSO integration.Thanks
Thanks, Piotr for the update.
Employee role is the default base role and it will be assigned by the system when new users are created.Auto-provisioning create groups in Genesys cloud and allocate roles to the Groups. When users are synched from Azure to Genesys it will be allocated to the groups based on the group info configured in Azure.
Also, you mentioned the SCIM connector for this integration. From the notes, SCIM uses APIs to sync user entities from cloud or on-premises identity management systems to Genesys Cloud. Do I need any connector?
@Piotr Danielewski With the mapping of a user to a specific division using constant value works fine.
I would like to check with you how do we assign different divisions if we have created a single application for SSO setup and also configured SCIM integration for auto-provisioning, In our GC org we have two divisions. In Azure single application was create for SSO, mapping of the constant value was done outside of the groups so I can assign a single division, we tried in the groups and it doesn't have the same target attribute.
Is there a different way we can map the user to each division within the Azure?
Any further thoughts?
We did further testing with SSO integration for Genesys cloud i.e. basic SSO and it works ok. We haven't started testing the SCIM (Auto-provisioning functionality) because we encounter an issue with the Unique user identifier filed.The following question was raised by the customer, Does anyone have any solution or workaround?
Currently, in the attribute name Genesys recommends to use the value "user.userprincipalname" or user.email to match the email address for the user in Genesys cloud.
Here customer doesn't want to use the email ID as a unique user identifier field.
The customer has set the current Unique User Identifier in Azure SSO is user.onpremisessamaccountname
i.e. in our test employeeID which is the local AD SamAccountName known as user.onpremisessamaccountname in Azure SSO
This Value is the only unique value for all users in the customer's domain. It looks like from the basic testing that Genesys cloud application is using email as the Unique User Identifier which can change in the organisation and will cause security concerns.
Does anyone know if it is possible to use user.onpremisessamaccountname and map it to Genesys cloud as a unique user identifier for login rather than an email address?
We will test by setting the Attribute value email to user.onpremisessamaccountname in the Azure "User Attributes & Claims" section and use transformation to email id format i.e. user.onpremisessamaccountname@DummyDomain.com. Then configure Genesys cloud user with "user.onpremisessamaccountname@DummyDomain.com" in the main email id filed.
With SCIM also we will test my changing the attribute value for new account creation and map it to user.onpremisessamaccountname for the email IDAnother question: this Email ID user.onpremisessamaccountname@DummyDomain.com is configured as the main email ID in Genesys cloud, which is not the actual user's email ID, but it is fine customer can use this ID to log in to the GC. Is it ok to add the work email address as the actual user email as per below and make it primary?
Tested basic SSO functionality with the above setup and it works fine. In Azure, we used a unique user id field and set it as user.onpremisessamaccountname and transformed the value into email id format. i.e. user.onpremisessamaccountname@DummyDomain.com
In the Genesys cloud following are set in the user's profileMain email --> user.onpremisessamaccountname@DummyDomain.comWork Email --> set to users email address
SSO works OK, but when the alert email notifications are sent it always targets the main email address though the work email was set to primary.
Is there any option to change in alerts so that it can use the primary email address for any communication?Thanks
------------------------------premOriginal Message:Sent: 02-25-2021 04:54From: Piotr DanielewskiSubject: SSO integration with ADFS/Azure AD - Auto ProvisioningAs far as I know, Genesys Cloud requires you to use email address as an ID, so you could try "user.onpremisessamaccountname@DummyDomain.com".------------------------------Piotr DanielewskiErnst & Young Global Services LimitedOriginal Message:Sent: 02-24-2021 22:48From: prem venkateshSubject: SSO integration with ADFS/Azure AD - Auto Provisioning
Thanks, Piotr for the updates.
BTW, with the email alert notifications using the main email address rather than the primary email set on the user's profile, Dev has confirmed this is a bug and have put it into their queue to address. Since its a low priority, I will keep you updated once they are available.
Because of this bug/limitation, we used the email filed in the claims and attribution for SSO.
With Auto-provisioning we are still testing. I will post the update here once it is completed.
Every year, Genesys® delivers more than 70 billion remarkable customer experiences for organizations in over 100 countries. Through the power of the cloud and AI, our technology connects every customer moment across marketing, sales and service on any channel, while also improving employee experiences. Genesys pioneered Experience as a ServiceSM so organizations of any size can provide true personalization at scale, interact with empathy, and foster customer trust and loyalty. This is enabled by Genesys Cloud™, an all-in-one solution and the world's leading public cloud contact center platform, designed for rapid innovation, scalability and flexibility. Visit www.genesys.com.