Thanks, Piotr for the updates.
BTW, with the email alert notifications using the main email address rather than the primary email set on the user's profile, Dev has confirmed this is a bug and have put it into their queue to address. Since its a low priority, I will keep you updated once they are available.
Because of this bug/limitation, we used the email filed in the claims and attribution for SSO.
With Auto-provisioning we are still testing. I will post the update here once it is completed.
Original Message:
Sent: 02-26-2021 02:56
From: Piotr Danielewski
Subject: SSO integration with ADFS/Azure AD - Auto Provisioning
Hi Prem, sorry, but no - nothing comes to my mind at the moment.
------------------------------
Piotr Danielewski
Ernst & Young Global Services Limited
Original Message:
Sent: 02-26-2021 01:32
From: prem venkatesh
Subject: SSO integration with ADFS/Azure AD - Auto Provisioning
Hi Piotr,
Tested basic SSO functionality with the above setup and it works fine. In Azure, we used a unique user id field and set it as user.onpremisessamaccountname and transformed the value into email id format. i.e. user.onpremisessamaccountname@DummyDomain.com
In the Genesys cloud following are set in the user's profile
Main email --> user.onpremisessamaccountname@DummyDomain.com
Work Email --> set to users email address
SSO works OK, but when the alert email notifications are sent it always targets the main email address though the work email was set to primary.
Is there any option to change in alerts so that it can use the primary email address for any communication?
Thanks
------------------------------
prem
Original Message:
Sent: 02-25-2021 21:20
From: prem venkatesh
Subject: SSO integration with ADFS/Azure AD - Auto Provisioning
Thanks, Piotr for the update.
We will test by setting the Attribute value email to user.onpremisessamaccountname in the Azure "User Attributes & Claims" section and use transformation to email id format i.e. user.onpremisessamaccountname@DummyDomain.com. Then configure Genesys cloud user with "user.onpremisessamaccountname@DummyDomain.com" in the main email id filed.
With SCIM also we will test my changing the attribute value for new account creation and map it to user.onpremisessamaccountname for the email ID
Another question: this Email ID user.onpremisessamaccountname@DummyDomain.com is configured as the main email ID in Genesys cloud, which is not the actual user's email ID, but it is fine customer can use this ID to log in to the GC. Is it ok to add the work email address as the actual user email as per below and make it primary?
------------------------------
prem
Original Message:
Sent: 02-25-2021 04:54
From: Piotr Danielewski
Subject: SSO integration with ADFS/Azure AD - Auto Provisioning
As far as I know, Genesys Cloud requires you to use email address as an ID, so you could try "user.onpremisessamaccountname@DummyDomain.com".
------------------------------
Piotr Danielewski
Ernst & Young Global Services Limited
Original Message:
Sent: 02-24-2021 22:48
From: prem venkatesh
Subject: SSO integration with ADFS/Azure AD - Auto Provisioning
We did further testing with SSO integration for Genesys cloud i.e. basic SSO and it works ok. We haven't started testing the SCIM (Auto-provisioning functionality) because we encounter an issue with the Unique user identifier filed.
The following question was raised by the customer, Does anyone have any solution or workaround?
Currently, in the attribute name Genesys recommends to use the value "user.userprincipalname" or user.email to match the email address for the user in Genesys cloud.
Here customer doesn't want to use the email ID as a unique user identifier field.
The customer has set the current Unique User Identifier in Azure SSO is user.onpremisessamaccountname
i.e. in our test employeeID which is the local AD SamAccountName known as user.onpremisessamaccountname in Azure SSO
This Value is the only unique value for all users in the customer's domain. It looks like from the basic testing that Genesys cloud application is using email as the Unique User Identifier which can change in the organisation and will cause security concerns.
Does anyone know if it is possible to use user.onpremisessamaccountname and map it to Genesys cloud as a unique user identifier for login rather than an email address?
------------------------------
prem
Original Message:
Sent: 02-24-2021 03:12
From: Tommy Braes
Subject: SSO integration with ADFS/Azure AD - Auto Provisioning
Following. I'm interested in this functionality as well.
------------------------------
Tommy Braes
Consultant Professional Services
Proximus PLC
Original Message:
Sent: 02-23-2021 06:44
From: prem venkatesh
Subject: SSO integration with ADFS/Azure AD - Auto Provisioning
Hi There,
Would you please let me know if it is possible to have auto-provisioning of Genesys cloud users based on Azure AD application access group and utilize groups for access and provisioning?
Currently Salesforce and Service Now apps have this auto provisioning users/access groups using SSO integration.
In general, users will be added to the Genesys cloud access group in the Azure AD, where you have the option to specify the access groups ( such as Admin, users, MasterAdmin etc). based on that info when customers org is enabled for SSO integration, they wanted users allocated with necessary roles in the GC during login. i.e. auto-provisioning end-users with login group information in the Genesys cloud.
Let us know if there are any API's available for SSO integration.
Thanks
#Implementation
#Integrations
#PlatformAdministration
#SystemAdministration
------------------------------
prem
------------------------------