Genesys Cloud - Main

We're using a 3rd party Salesforce integration (Avtex OneView) for CTI.  Our agent are facing issues because the default logon session duration is 24 hours, so they end up being forced to re-authenticate at awkward times, like during an active phone call (which drops the call).

I know we can set the OAuth client token duration in seconds, but Authorized Applications (Implicit Token Grant) do not have this setting, only the OAuth Scopes and Roles we'd want to assign.  I believe this integration is using the Authorized Application config for the agent logon portion, so I'm a bit stuck on how we can change this session duration.

Any help would be appreciated.

Paul,

We don't have that issue in our ORG.  I would suggest you look at the SSO provider for timeouts.   We see that as the default in Azure/AD when we set up SSO.  Ours is now set to 7 days.  As for logging out the agent, is the integration set to pop out to a new browser window?

We're using a 3rd party Salesforce integration (Avtex OneView) for CTI.  Our agent are facing issues because the default logon session duration is 24 hours, so they end up being forced to re-authenticate at awkward times, like during an active phone call (which drops the call).

I know we can set the OAuth client token duration in seconds, but Authorized Applications (Implicit Token Grant) do not have this setting, only the OAuth Scopes and Roles we'd want to assign.  I believe this integration is using the Authorized Application config for the agent logon portion, so I'm a bit stuck on how we can change this session duration.

Any help would be appreciated.

Hi Robert,

So our setup is

• Azure AD for SSO
• Avtex/TTEC OneView for the agent interface.  It is set to pop auth in a separate window.
• I configured the OAuth client for OneView to 18 hours instead of 24.  TTEC support suggested this, but I confirmed this morning with our testing agent that it didn't work.  Session was still allowed to proceed until the 24 hour mark.

How are you setting your AAD to a different time?  7 days would be lovely, but our security team would never let it fly.  So I'm shooting for 18 hours, to force users to log in to Genesys via AAD SSO at the start of their shift, rather than have Genesys kick them out at the 24 hour mark.

Paul,

We don't have that issue in our ORG.  I would suggest you look at the SSO provider for timeouts.   We see that as the default in Azure/AD when we set up SSO.  Ours is now set to 7 days.  As for logging out the agent, is the integration set to pop out to a new browser window?

We're using a 3rd party Salesforce integration (Avtex OneView) for CTI.  Our agent are facing issues because the default logon session duration is 24 hours, so they end up being forced to re-authenticate at awkward times, like during an active phone call (which drops the call).

I know we can set the OAuth client token duration in seconds, but Authorized Applications (Implicit Token Grant) do not have this setting, only the OAuth Scopes and Roles we'd want to assign.  I believe this integration is using the Authorized Application config for the agent logon portion, so I'm a bit stuck on how we can change this session duration.

Any help would be appreciated.

Our SSO timeout is set by our Azure folks.  Every morning at 8 am, we get the MFA even though we are logged in, so that has to be in the Azure setup.  As for logging out, did you look at the idle timeout stuff at the very bottom of the ORG settings?  Usually, we have customer set that to 1.5 hours to allow for late lunch return but still log them out at night.  

I'll talk to @Ashley Timbrook and see what she thinks as she is the PM for OneView. 

Last thought - do you have a single Genesys Cloud Salesforce CTI license to test with?  I don't think there should be a difference, but that would tell us that it is in the OneView setup.

Hi Robert,

So our setup is

• Azure AD for SSO
• Avtex/TTEC OneView for the agent interface.  It is set to pop auth in a separate window.
• I configured the OAuth client for OneView to 18 hours instead of 24.  TTEC support suggested this, but I confirmed this morning with our testing agent that it didn't work.  Session was still allowed to proceed until the 24 hour mark.

How are you setting your AAD to a different time?  7 days would be lovely, but our security team would never let it fly.  So I'm shooting for 18 hours, to force users to log in to Genesys via AAD SSO at the start of their shift, rather than have Genesys kick them out at the 24 hour mark.

Paul,

We don't have that issue in our ORG.  I would suggest you look at the SSO provider for timeouts.   We see that as the default in Azure/AD when we set up SSO.  Ours is now set to 7 days.  As for logging out the agent, is the integration set to pop out to a new browser window?

We're using a 3rd party Salesforce integration (Avtex OneView) for CTI.  Our agent are facing issues because the default logon session duration is 24 hours, so they end up being forced to re-authenticate at awkward times, like during an active phone call (which drops the call).

I know we can set the OAuth client token duration in seconds, but Authorized Applications (Implicit Token Grant) do not have this setting, only the OAuth Scopes and Roles we'd want to assign.  I believe this integration is using the Authorized Application config for the agent logon portion, so I'm a bit stuck on how we can change this session duration.

Any help would be appreciated.