Thank you Richard,So I need to create an App role in Azure AD with same name as in GCCX (the key is the name, not role id), right?
The confusing thing in documentation is
{user roles API}
Is there a possibility to set static role for each user, not depending on role in AD? For example USER role for all.
Alternatively, if I'd like to set USER role for all users in AD group 'CallCenter' and SUPERVISOR role for users in AD group CC_Supervisors, how can Ito point it to Genesys?
Anyway, regardless on conditions, how to specific role for a user?
Regards,
------------------------------
Wojciech Dzikowski
CGI ISMC Polska Sp. z o.o.
------------------------------
Original Message:
Sent: 01-21-2022 09:18
From: Richard Schott
Subject: Genesys Cloud for Azure - assing roles to users
The challenge is actually on the Azure AD side of things. There aren't many great tools for manipulating payloads within Azure AD, so for certain fields (Roles being one of them), there's a very limited path forward. The only setup Azure AD has that is compatible with the Roles array of objects is to use the appRoleAssignments, as described here: https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/customize-application-attributes and https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/functions-for-customizing-application-data. Following this guide, you'll need to create an AppRole that matches the Genesys Cloud Role by name, then assign it to a user, and use one of the AppRoleAssignment functions as the source for the roles.[].value target in Genesys Cloud
Azure also has a known bug in their payload for the (AppRoleAssignmentsComplex) where they are only setting a single role out of the group assigned to the user. Azure AD is aware of this, and is supposed to be working on this from their end (as they control the payloads being sent to our API), but there has been no update in some time on the status of this bug.
------------------------------
Richard Schott
Genesys - Employees
Original Message:
Sent: 01-19-2022 06:17
From: Wojciech Dzikowski
Subject: Genesys Cloud for Azure - assing roles to users
Hello,
I'd like to synchronize users from AD to GCCX and add roles according to groups created in AD.
In fields mapping I can see that it is should be possible but it does not tell me how exactly I can achieve it.
I'd like lo leave most of configuration on customer side (AD).
Is that possible?
Thanks!
#Integrations
------------------------------
Wojciech Dzikowski
CGI ISMC Polska Sp. z o.o.
------------------------------