yuezhong | 2021-02-14 23:34:31 UTC | #1
Hi
I 'm configuring the Azure AD user provisioning in Genesys Cloud for a customer, I follow the steps described here https://help.mypurecloud.com/articles/configure-azure-active-directory-for-genesys-cloud-scim-identity-management/
I used Postman generated a token, everything is working fine on the day, user is created and group is mapped.
I got an error after some hours.
> # While attempting to validate our authorization to access your application, we received this unexpected response: Received response from Web resource. Resource: https://api.mypurecloud.com.au/api/v2/scim/v2/Groups?excludedAttributes=members&filter=displayName+eq+"AzureAD_Test-a247bae4-7a19-4f28-b00b-61459a6b500b" Operation: GET Response Status Code: Unauthorized Response Content: {"status":"401","detail":"Invalid login credentials.;\n PubApiError[status=401,code=bad.credentials, message=Invalid login credentials.];\n contextId:[ 08c77fa4-5214-4e52-b6e7-b63e8dfafde9 ]","schemas":["urn:ietf:params:scim:api:messages:2.0:Error"]} Please check the service.
my question is that will azure ad automatically request for a new token from purecloud after the original token expired ?
is the oauth client with SCIM role must be set token expire 38,880,000 ?
Notes, the Genesys documents states.
Provisioning can add users to a public group or remove users from a public group in Genesys Cloud, but cannot create or delete groups in Genesys Cloud. If you are syncing groups, only select Update .**
Customer insist to have 'CREATE and DELETE box ticked in the Azure AD. , it seems works, but not sure if this invalid credential is caused by that.
Jason_Mathison | 2021-02-15 15:25:52 UTC | #2
Hi yuezhong,
Azure will not automatically request a new token. That is why we allow dedicated SCIM tokens to have such a long expiration period. After configuring the SCIM OAuth credentials to be long-lived in the UI, the next token you generate in postman should have a long expiration.
You are not required to set the expiration to 38,800,000 seconds (450 days). You can set the duration to any value less than that, such as 3, 6, or 12 months.
I would not expect checking the create and/or delete group boxes to cause a authentication error, but it may lead to other errors. Can the customer explain why they require that the create/delete boxes be checked when our integration doesn't support those operations?
--Jason
yuezhong | 2021-02-19 04:45:19 UTC | #3
thank you very much!
system | 2021-03-22 04:45:23 UTC | #4
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.
This post was migrated from the old Developer Forum.
ref: 9993