We have a product that uses the auth code grant flow to allow us to use the platform API in a user context. This works fine for all clients to date. However, we now have a new prospect that uses an external SSO provider for their access to Genesys Cloud. It appears we transfer to the Genesys Cloud page correctly, the client clicks the SSO login and goes and does that, then is redirected not back to our application with an access code, but instead to the Genesys Cloud UI user page for that user.

Given that the access code can presumably only be generated by Genesys, I'm guessing this is caused by the external SSO not redirecting back to the correct Genesys url, which would generate the code and then redirect back to our app. Where can we find info on how this is all configured and what the client may be able to do to resolve this behaviour?

Hi Austen,

Could you please tell us which specific SSO provider your prospect is using? Knowing the provider (like Okta, Azure AD, etc.) will let us look for any known gotchas or specific configuration instructions for Genesys Cloud. 

Also, it's always good to double-check the basics: could you take a look at your Genesys Cloud OAuth client settings and confirm the exact "Authorized Redirect URI" that's configured there? 

It's worth verifying that the URI in your OAuth client settings exactly matches the redirect_uri you're sending in the initial authorization request from your application.

We have a product that uses the auth code grant flow to allow us to use the platform API in a user context. This works fine for all clients to date. However, we now have a new prospect that uses an external SSO provider for their access to Genesys Cloud. It appears we transfer to the Genesys Cloud page correctly, the client clicks the SSO login and goes and does that, then is redirected not back to our application with an access code, but instead to the Genesys Cloud UI user page for that user.

Given that the access code can presumably only be generated by Genesys, I'm guessing this is caused by the external SSO not redirecting back to the correct Genesys url, which would generate the code and then redirect back to our app. Where can we find info on how this is all configured and what the client may be able to do to resolve this behaviour?

Hi Orhun,

Thanks for the reply.

I've checked with them and they are using the generic prodiver.

We had already checked the redirect parameters in our product config and they appear to be fine - we've got the prospect to take a screenshot of their OAuth config and that matches what we would be expecting.

Hi Austen,

Could you please tell us which specific SSO provider your prospect is using? Knowing the provider (like Okta, Azure AD, etc.) will let us look for any known gotchas or specific configuration instructions for Genesys Cloud. 

Also, it's always good to double-check the basics: could you take a look at your Genesys Cloud OAuth client settings and confirm the exact "Authorized Redirect URI" that's configured there? 

It's worth verifying that the URI in your OAuth client settings exactly matches the redirect_uri you're sending in the initial authorization request from your application.

We have a product that uses the auth code grant flow to allow us to use the platform API in a user context. This works fine for all clients to date. However, we now have a new prospect that uses an external SSO provider for their access to Genesys Cloud. It appears we transfer to the Genesys Cloud page correctly, the client clicks the SSO login and goes and does that, then is redirected not back to our application with an access code, but instead to the Genesys Cloud UI user page for that user.

Given that the access code can presumably only be generated by Genesys, I'm guessing this is caused by the external SSO not redirecting back to the correct Genesys url, which would generate the code and then redirect back to our app. Where can we find info on how this is all configured and what the client may be able to do to resolve this behaviour?

Hello,

I think the question was not about what provider is used on Genesys side (I mean the use of Generic provider). But what Auth provider they are using behind this generic provider (i.e. Okta, Azure, Ping, ...).

Regards,

Hi Orhun,

Thanks for the reply.

I've checked with them and they are using the generic prodiver.

We had already checked the redirect parameters in our product config and they appear to be fine - we've got the prospect to take a screenshot of their OAuth config and that matches what we would be expecting.

Hi Austen,

Could you please tell us which specific SSO provider your prospect is using? Knowing the provider (like Okta, Azure AD, etc.) will let us look for any known gotchas or specific configuration instructions for Genesys Cloud. 

Also, it's always good to double-check the basics: could you take a look at your Genesys Cloud OAuth client settings and confirm the exact "Authorized Redirect URI" that's configured there? 

It's worth verifying that the URI in your OAuth client settings exactly matches the redirect_uri you're sending in the initial authorization request from your application.

We have a product that uses the auth code grant flow to allow us to use the platform API in a user context. This works fine for all clients to date. However, we now have a new prospect that uses an external SSO provider for their access to Genesys Cloud. It appears we transfer to the Genesys Cloud page correctly, the client clicks the SSO login and goes and does that, then is redirected not back to our application with an access code, but instead to the Genesys Cloud UI user page for that user.

Given that the access code can presumably only be generated by Genesys, I'm guessing this is caused by the external SSO not redirecting back to the correct Genesys url, which would generate the code and then redirect back to our app. Where can we find info on how this is all configured and what the client may be able to do to resolve this behaviour?