That seems to be a bit of a misunderstanding of what divisions are and how they relate to users. A user is an object that can be placed into a division; in fact, division is a standard attribute that can be set on a user via the SCIM APIs. Roles are sets of permissions that dictate that a user can access certain other objects within the platform; that set of permissions can include division scoping on individual permissions to apply to objects that exist within the user's division, in a another division, or in all divisions. That said, the role itself is not an object that exists within a division, and therefore division mapping simply doesn't make sense in that context.
Further, SCIM does not provide for the manipulation of roles. SCIM allows for a pre-existing role to be assigned to a user, but does not allow you to modify the content of that role. If you wish to have cross division permissions established within a role, and then use scim to assign that role to a user, you can certainly do that.
With all of that said, I would highly advise doing a deep dive exercise on the application of divisions within Genesys Cloud, as getting some of these concepts wrong can lead to either a loss of access, or the inadvertent sharing of data where you're not intending.
------------------------------
Richard Schott
Genesys - Employees
------------------------------
Original Message:
Sent: 04-10-2024 14:34
From: Shailesh Singh
Subject: OKTA Integration for User Management
Can SCIM APIs also allow the roles to be mapped to the specific divisions, I tried to use the SCIM APIs it's allowing me to add roles but not edit division to it?
------------------------------
Shailesh Singh
Accenture Solutions Private Limited
Original Message:
Sent: 10-04-2021 11:06
From: Richard Schott
Subject: OKTA Integration for User Management
Yes, if SCIM is configured in your Okta tenant and the user is in scope for the user provisioning app, then Okta will invoke the SCIM API to create the user. If the user's mapped attributes are modified, then Okta will invoke the SCIM API to update the user. If the user is deleted from Okta, then Okta will invoke the SCIM API to delete the user.
Roles and Division are mappable attributes on our SCIM APIs: https://help.mypurecloud.com/articles/scim-and-genesys-cloud-field-mappings/
The specific configuration to leverage those attributes will depend on the data structure within Okta, but the specific requirements of the payloads for our APIs are documented in the link above.
------------------------------
Richard Schott
Genesys - Employees
Original Message:
Sent: 10-04-2021 02:27
From: Carlos Camacho Jimenez
Subject: OKTA Integration for User Management
Thanks for you reply @Richard Schott, that sounds good.
So, if I use SCIM can i create user only in Okta and this user will be create in Genesys Cloud automaticly?
Another question is... can i change roles, division of user trought Okta?
Thanks in advance.
Kind Regards.
------------------------------
Carlos Camacho Jimenez
Evolutio Cloud Enabler S.A.
Original Message:
Sent: 10-01-2021 10:51
From: Richard Schott
Subject: OKTA Integration for User Management
That is correct. SSO and user provisioning are completely separate, but complimentary features. We have a number of customers that use SCIM and SSO in conjunction, configuring their apps so that newly provisioned users will be able to immediately log in to Genesys Cloud, using the same credentials they use to access their other enterprise software.
------------------------------
Richard Schott
Genesys - Employees
Original Message:
Sent: 10-01-2021 05:00
From: Carlos Camacho Jimenez
Subject: OKTA Integration for User Management
Hi @Richard Schott,
I am interested in this matter.
If I understand correctly, to perform the SSO integration with Okta the steps to perform are as follows:
https://help.mypurecloud.com/articles/add-okta-as-a-single-sign-on-provider/
But if you want to perform a User Management from Okta it is necessary to use additionally configure Okta for Genesys Cloud SCIM.
https://help.mypurecloud.com/articles/configure-okta-for-genesys-cloud-scim-identity-management/
Am I right?
They are two completely different issues right?
Thanks in advance.
Regards.
------------------------------
Carlos Camacho Jimenez
Evolutio Cloud Enabler S.A.
Original Message:
Sent: 09-24-2020 08:28
From: Richard Schott
Subject: OKTA Integration for User Management
Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning. There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).
In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter. While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed. At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.
------------------------------
Richard Schott
Genesys - Employees
Original Message:
Sent: 09-23-2020 16:29
From: Matthew Rauenzahn
Subject: OKTA Integration for User Management
What account type/configuration in Genesys would be needed for advanced SCIM provisioning in OKTA to setup and manage Genesys Cloud accounts?
Has anyone had success with this?
#SystemAdministration
------------------------------
Matthew Rauenzahn
Product Owner - Vanguard
------------------------------