Genesys Cloud - Main

We're trying to come up with a way to restrict Users from being able to login, if their profile hasn't been setup properly.  Such as still assigned to the 'Home' Division.

And was looking at maybe restricting access to their profile, using ABAC, so if they were still in the Home Division, we could possibly block them from logging in.  But I'm not completely following the logic for ABAC and knowing all the functions that are available, etc.

ABAC flow example:

division=Home, DENY access to general

Just not sure if something like this possible (I don't think it is), but if it is, what would the ABAC json look like?  

We also tried to think of other ways to block access, so any other suggestions is appreciated.

Note: The User could possibly need access objects in the Home Division so I can't remove the Home division from their Roles.

Hello Tony, 

I dont think this is possible to my knowledge. ABAC cannot be used to block users from logging into GC based on their division assignment. 

Currently ABAC in Genesyys only supports three specific policy types:

1. Cannot grant new rules - this prevents non admin users from granting roles they dont have
2. Cannot update certain user profile fields - prevents defined profile fields from being modified except by supervisors or admins. 
3. Access control for Gamification scorecard and insights - Restricts gamification data visibility based on reporting hierarchy. 

With all this said though I would recommend setting the users to an inactive state. With this the inactive users cannot log into Genesys Cloud, user info, performance data, and conversation history are all retained. Inactive users dont appear in the directory and shouldnt impact billing and once setup is complete, you can set them to active and assign roles. 

Hope this helps!