Genesys Cloud (formerly PureCloud)

Discussion Thread View
Expand all | Collapse all

SSO and Genesys Cloud Authentication

  • 1.  SSO and Genesys Cloud Authentication

    Top 25 Contributor
    Posted 05-22-2020 18:01
    If I integrate an org to say Azure AD for SSO, can I have some user/admin accounts that are not actually held within Azure and still use Cloud credentials?  Or does it become an all or nothing state then?  Just trying to think about the scenario where for some reason the SSO provider may be down/unreachable so still need a way for key people to log into the org.
    #AskMeAnything(AMA)
    #ArchitectureandDesign
    #Implementation
    #SystemAdministration

    ------------------------------
    Vaun McCarthy

    ------------------------------


  • 2.  RE: SSO and Genesys Cloud Authentication

    Posted 05-22-2020 23:51
    Hi Vaun,

    You will still be able to login with PureCloud as long as you don't turn on the setting in the screenshot below. You won't have the ability to specify which users can use which provider, they'll just have the option for both.
    Disable PureCloud Login

    Take a look here:
    https://help.mypurecloud.com/articles/log-in-to-purecloud-using-single-sign-on-sso/
    and here:
    https://help.mypurecloud.com/articles/what-users-can-expect-after-sso-setup/

    Thanks,
    Daniel McLeod

    ------------------------------
    Daniel McLeod
    Qsect LLC
    ------------------------------



  • 3.  RE: SSO and Genesys Cloud Authentication

    Top 25 Contributor
    Posted 05-23-2020 02:42

    Thanks Daniel, the way I'm reading that (which may be wrong) is that after SSO is enabled a user can sign on EITHER using PureCloud OR SSO.  Is that correct?  It says the first time post SSO enablement they have to sign on using the Purecloud credentials which are "cached".  So then they log out, and next time they log back in they'll see the SSO provider option but again they can still fall back to the Purecloud credentials.  How can we stop users from using the Purecloud login without turning it off?  I foresee a lot of "my password doesn't work" calls to the Service Desk all because they didn't choose the SSO provider link.

    Based on what you said I'm guessing there's no way to turn that Purecloud option off so they can ONLY go to SSO but still have Purecloud authentication available for admin stuff.  So if you turn off Purecloud login, and something goes horribly wrong with the SSO provider, nobody will be able to get into your org at all?  So in that scenario you'd need Genesys Care to turn that option off again and potentially reset an Admin's password to login and make changes?

    Maybe using something in the API to reset ALL users's passwords to something else but not tell them?



    ------------------------------
    Vaun McCarthy
    NTT New Zealand Limited
    ------------------------------



  • 4.  RE: SSO and Genesys Cloud Authentication

    Posted 15 days ago
    Hi Vaun,

    If the certificate is expired you will still have access to their environment via Authorized Org.

    If you can't fix it quickly you can disable SSO and send a new invite to the users who don't remember their password.



    ------------------------------
    Paulo Mesquita
    Spark NZ Trading
    ------------------------------



  • 5.  RE: SSO and Genesys Cloud Authentication

    GCAP Member
    Posted 14 days ago
    Hi Paulo
    but this doesn't solve the initial requirement.
    I'm also interested if there there is a way to split the login using SSO or not. With Genesys Engage is possible and also recommended that the "default" account is not linked to any external authorization system. In Genesys Engage (on prem) you can also at every person level disable or enable SSO.
    Regards
    /g/


    ------------------------------
    Gennaro Montanino
    AXA Versicherungen AG
    ------------------------------



  • 6.  RE: SSO and Genesys Cloud Authentication

    Posted 14 days ago
    Sorry, I don't think you can do the same on GC.


    ------------------------------
    Paulo Mesquita
    Spark NZ Trading
    ------------------------------



  • 7.  RE: SSO and Genesys Cloud Authentication

    Posted 14 days ago
    There is a feature request accepted for this which you can subscribe to for updates.

    https://genesyscloud.ideas.aha.io/ideas/CLPLA-I-657

    We have a similar approach to Paulo in that you can use an authorised org that has admin access to the platform. That second org does not have to be single sign on and can actually be an org purely of collaborate users.

    Unfortunately if you reset all the passwords but left the option to not use SSO then users can reset their Genesys stored password.

    ------------------------------
    Richard Chandler
    Conn3ct
    ------------------------------



  • 8.  RE: SSO and Genesys Cloud Authentication

    GCAP Member
    Posted 14 days ago
    The idea is already in accepted status =)
    Let's see when it will be released
    /g/

    ------------------------------
    Gennaro Montanino
    ------------------------------



  • 9.  RE: SSO and Genesys Cloud Authentication

    GENESYS
    Posted 14 days ago
    Edited by Becky Powell 14 days ago
    Please do vote for this idea in the Ideas Portal - your votes help us to prioritize development. Thank you!

    ------------------------------
    Becky Powell
    Principal Product Manager
    Genesys - Employees
    ------------------------------