Genesys Cloud - Main

 View Only

Sign Up

  Thread closed by the administrator, not accepting new replies.

  • 1.  Password Madness!

    Posted 12-06-2023 10:23
    No replies, thread closed.

    Genesys have just released a feature to allow users to change their cloud password, Great i hear you all say. But no its not so great as they as usual haven't done what they have said, in that the release notes it says  "This change does not affect SSO (single sign-on) users." Well it does if you use SSO and have the cloud login box as well (For admins to use to diagnose issues) then everyone that has been logged out of Genesys will try their Windows credentials in the cloud login box then reset the cloud password and not use SSO.

    The should be a permission to disable password reset.


    #SystemAdministration

    ------------------------------
    Andrew Lewis
    Health Management Ltd
    ------------------------------


  • 2.  RE: Password Madness!

    Posted 12-07-2023 03:49
    No replies, thread closed.

    Hello Andrew

    My reading of this is your main issue is that you cannot enforce SSO because you require to have 'break glass' accounts for Admin. Therefore you still have the native login page and users can reset password and get access that way.

    A potential 'trick' is to make the password strength rules difficult such as 20 characters https://help.mypurecloud.com/articles/set-password-requirements/

    I added an idea for break glass accounts recently for the MFA feature but equally it applies to SSO. There was a related idea for SSO from years back but I have not been able to find it now...

    https://genesyscloud.ideas.aha.io/ideas/AMIAM-I-38



    ------------------------------
    Thanks and regards
    Blair Wilkinson
    CVT (Global) Pty Ltd
    ------------------------------



  • 3.  RE: Password Madness!

    Posted 12-07-2023 04:29
    No replies, thread closed.

    Blair, that will work around this and they don't even tell the user what the issue is when they try to change the password, even better (:>



    ------------------------------
    Andrew Lewis
    Health Management Ltd
    ------------------------------

    Original Message


  • 4.  RE: Password Madness!
    Best Answer

    Posted 12-07-2023 15:12
    Edited by Cameron Tomlin 12-18-2024 08:51
    No replies, thread closed.

    Hi Andrew, thanks for contributing to the Community! I think you might be interested in this idea we're developing, that will allow you to enforce SSO for everyone except key administrative users. 

    Per your feedback about the generic password failure message - I understand your frustration but this is by design. We purposely don't give information that could enable a hacker or bad actor to better target their attack.

    Please do let us know if there's anything else about the password management experience that you think we can improve. Cheers!



    ------------------------------
    Becky Powell
    Director, Product Management
    Genesys - Employees
    ------------------------------

    Original Message


  • 5.  RE: Password Madness!

    Posted 12-08-2023 10:38
    No replies, thread closed.

    Hi, this sounds interesting. I look forward to it going live.



    ------------------------------
    Andrew Lewis
    Health Management Ltd
    ------------------------------

    Original Message


  • 6.  RE: Password Madness!

    Posted 12-17-2024 23:07
    No replies, thread closed.

    Hey Becky! Was that idea ever implemented? 



    ------------------------------
    Jared Russell
    Cloud Engr
    ------------------------------

    Original Message


  • 7.  RE: Password Madness!

    Posted 12-19-2024 06:00
    No replies, thread closed.

    Hi Jared, I've been doing some roadmap planning for the coming year with the Identity and Access Management team.  This item (Exception support for "SSO only" login setting) is on the roadmap and we have already had some initial discussions on the design approach we will be taking.  At this point, it is still a few months away from implementation, due to other priorities, but the requirement and need is fully understood.



    ------------------------------
    David Murray
    Principal Product Manager
    Genesys Cloud
    ------------------------------

    Original Message


  • 8.  RE: Password Madness!

    Posted 04-16-2025 08:55
    No replies, thread closed.

    Hi David,

    Just following up on this topic/idea. Are there any further updates?

    I reviewed the AHA! idea page, and the last official update from September 2024 stated: "'Sep 2024: Reviewed and confirmed as something we should address on our roadmap for 2025'". However, there hasn't been any news shared since then.

    We have a customer facing a similar scenario where they need to manage 100 agents authenticating via their Active Directory (likely synced to Azure AD for SSO) alongside 20 different teams of agents who *will not* have Azure AD accounts. This necessitates a hybrid login approach.

    The current inability to enforce SSO granularly (i.e., require it *only* for specific groups like the AD-synced users, while allowing standard login for others) poses significant challenges and security considerations, much like the password-related risks discussed here previously.

    Could you please provide any available information or an estimated timeline for when we might expect the release of more granular SSO configuration controls (e.g., the ability to enforce SSO per group)? Knowing when this capability might be available would be extremely helpful for our customer planning.

    Thanks,



Related Content