Yes, the only role you can assign to the Oauth Client that will allow you to generate the long lived token is the SCIM integration role (or a custom role that contains only the permissions included in the SCIM integration role). If the role provided to the client has ANY permissions not included in this default role, you will not be able to save the client with a token duration greater that 86,400 seconds. This is noted in the documentation for the setup of the Oauth client included in the Azure AD User Provisioning Setup documentation, found here:
https://help.mypurecloud.com/articles/configure-azure-active-directory-for-genesys-cloud-scim-identity-management/, specifically on this page:
https://help.mypurecloud.com/articles/create-an-oauth-client/#tab3------------------------------
Richard Schott
Genesys - Employees
------------------------------
Original Message:
Sent: 10-12-2021 11:13
From: Janice Jahnsen
Subject: Azure Token OATH Time Duration
We had reset our Oath time duration to be 38880000. I have to generate a new Secret and Key and I can not remember how we modified the this to be that. I for some reason thought it had to do with Roles that were assigned. The normal highest is 86,400.
Any input would be great
#Integrations
------------------------------
Janice Jahnsen
F5 Networks, Inc.
------------------------------