Genesys Cloud - Main

 View Only

Sign Up

  • 1.  Genesys Azure SCIM Provisioning

    Posted 04-16-2026 02:36

    We are currently configuring a SCIM provisioning integration between Microsoft Entra ID (Azure AD) and Genesys Cloud.

    Azure provides two authentication methods for configuring SCIM provisioning with Genesys Cloud:

    1. Bearer Authentication
    2. OAuth 2.0 Client Credentials Grant

    We were able to successfully configure SCIM provisioning using the Bearer Authentication method with the supported user attributes. In this approach, we configured the Tenant URL and Secret Token generated via Postman, in accordance with the Genesys documentation: Configure Microsoft Entra ID for Genesys Cloud SCIM (Identity Management) View summary - Genesys Cloud Resource Center

    Although the SCIM integration and attribute mapping between Azure and Genesys Cloud are initially successful, we are encountering an issue when the bearer token expires. Once the token expires, user synchronization between Azure and Genesys Cloud stops, requiring manual regeneration and reconfiguration of the token.

    To address this limitation, we attempted to implement the second authentication option available in Azure: OAuth 2.0 Client Credentials Grant. For this method, the following values were provided in Azure:

    • Tenant URL:
      https://api.usw2.pure.cloud/api/v2/scim/v2
    • Token Endpoint:
      https://login.usw2.pure.cloud/oauth/token
    • Client Identifier
    • Client Secret

    However, when testing the connection in Azure using this method, the configuration fails with the following error:

    Error Code: CredentialValidationUnavailable

    At this stage, we are seeking guidance on the correct configuration for OAuth 2.0–based SCIM provisioning with Genesys Cloud, or clarification on whether OAuth 2.0 client credentials are currently supported for SCIM provisioning from Microsoft Entra ID.


    #System/PlatformAdministration
    #Telephony
    #Other

    ------------------------------
    Vignesh Mohan

    ------------------------------


  • 2.  RE: Genesys Azure SCIM Provisioning

    Posted 04-16-2026 06:17

    Good Day Vignesh

    I have not tested this myself but from what I can see is that the OAuth 2.0 client credentials is not supported for SCIM provisioning from Microsoft Entra ID to Genesys cloud.  

    Bearer-token based SCIM remains the only supported and reliable method for Entra - Genesys Cloud.
    This is what I found on resource center regarding token lifetime maximum number of days which is 450 - https://help.genesys.cloud/articles/create-an-oauth-client/.

    Hopefully someone in the community has some additional insights to a workaround or alternative options.
    Regards


    ------------------------------
    Stephan Taljaard
    EMBEDIT s.r.o
    ------------------------------



  • 3.  RE: Genesys Azure SCIM Provisioning
    Best Answer

    Posted 04-16-2026 08:41

    Hello Vignesh, 

    Right now, Genesys Cloud doesn't support using OAuth 2.0 Client Credentials Grant directly for SCIM provisioning with Entra ID. Even though Azure gives you that option, the Genesys SCIM endpoint is expecting a static bearer token instead, which is why you're running into errors like CredentialValidationUnavailable when trying to use OAuth directly.

    The supported approach is to create an OAuth client in Genesys Cloud with the SCIM Integration role, generate an access token (usually via Postman), and then drop that into Azure as the "Secret Token." The token expiration issue you're seeing is real, but there is a way to make it much more manageable-you can set the token duration up to 450 days (38,880,000 seconds) when creating the OAuth client, as long as it only has the SCIM Integration role and nothing else assigned. That way, instead of constantly rotating tokens, you're really only dealing with it about once every 15 months.

    Hope this helps!



    ------------------------------
    Cameron
    Online Community Manager/Moderator
    ------------------------------



  • 4.  RE: Genesys Azure SCIM Provisioning

    Posted 04-17-2026 01:34

    Hello Vignesh, 

    There is already an Idea to let Genesys manage the auth token to overcome the manual postman step:

    https://genesyscloud.ideas.aha.io/ideas/AMIAM-I-3



    ------------------------------
    Andreas Tikart
    Senior Application Engineer
    ------------------------------

    Original Message


  • 5.  RE: Genesys Azure SCIM Provisioning

    Posted 04-17-2026 01:36

    . It really worked after adding the default role "SCIM Integration" to the created OAuth for this SCIM integration. I was able to setup the Token duration up to 450 days . Thank you Cameron



    ------------------------------
    Vignesh Mohan
    Voice Engineer
    ------------------------------

    Original Message


Related Content