Genesys Cloud - Developer Community!

Hi Michael.

Ideally you'd do this by creating an OAuth that uses PKCE Grant in your main org, and set up your app to use that. When the app authenticates a user (e.g. using SSO in the main org), if they have access to multiple orgs it will prompt them for which org they want to log into. If you choose a (client) org that you haven't logged into before, and you're an admin in that org, it will prompt you to confirm if you trust the application and are happy to grant the required scopes. Assuming you do, then the app gets added to the Authorised Applications in the (client) org.

At this point you can access the client org using your SSO account that you logged into from your main org. But if you revoke the Authorised Application in the client org, or remove the trust relationship between your main org and the client org, or if the user's access to the client org is removed, then they will no longer be able to use your app in the client org.

Does that give you the functionality you are looking for?

Nick.

It certainly does thank you so much!

Hi Michael.

Ideally you'd do this by creating an OAuth that uses PKCE Grant in your main org, and set up your app to use that. When the app authenticates a user (e.g. using SSO in the main org), if they have access to multiple orgs it will prompt them for which org they want to log into. If you choose a (client) org that you haven't logged into before, and you're an admin in that org, it will prompt you to confirm if you trust the application and are happy to grant the required scopes. Assuming you do, then the app gets added to the Authorised Applications in the (client) org.

At this point you can access the client org using your SSO account that you logged into from your main org. But if you revoke the Authorised Application in the client org, or remove the trust relationship between your main org and the client org, or if the user's access to the client org is removed, then they will no longer be able to use your app in the client org.

Does that give you the functionality you are looking for?

Nick.

me too 

It certainly does thank you so much!

Hi Michael.

Ideally you'd do this by creating an OAuth that uses PKCE Grant in your main org, and set up your app to use that. When the app authenticates a user (e.g. using SSO in the main org), if they have access to multiple orgs it will prompt them for which org they want to log into. If you choose a (client) org that you haven't logged into before, and you're an admin in that org, it will prompt you to confirm if you trust the application and are happy to grant the required scopes. Assuming you do, then the app gets added to the Authorised Applications in the (client) org.

At this point you can access the client org using your SSO account that you logged into from your main org. But if you revoke the Authorised Application in the client org, or remove the trust relationship between your main org and the client org, or if the user's access to the client org is removed, then they will no longer be able to use your app in the client org.

Does that give you the functionality you are looking for?

Nick.