Hi Rihab BEN MALEK . Curious if you have been able to figure this out as we sort of have the same issue and questions. Early off we discovered the same where all users synced and caused issues, we have created individual AD groups and assigned them to the Enterprise application. therefore, when the SCIM process kicks off the users are assigned to the correct division and correct role. With that being said Onboarding is working perfectly the challenge we are having if a user changes roes and divisions. it's one of 2 scenarios what 1) the user is added to the new Azure AD group and when the SCIM process runs it just adds the role onto what the user had before "prepends it" and does not remove the previous role 2) When moving to another division the division is updated in GENESYS, but the groups are prepended. Looking at the community and supporting documentation there is no clear was to set SCIM up when having multiple divisions and multiple roles, to your point is there a need for Multiple AD Azure security groups to accurately sync account modifications such as role. changes and division changes?
------------------------------
Matt Thacker
WTI Holdings LLC
------------------------------
Original Message:
Sent: 08-07-2023 12:34
From: Rihab BEN MALEK
Subject: SCIM API to sync entities between ADFS and Genesys Cloud
Hello,
For auto account provisioning and SCIM (Identity Management) activation, we used SCIM API to sync entities between ADFS and Genesys Cloud. But it doesn't seem to work properly. we followed the steps on this link Configure Azure Active Directory for Genesys Cloud SCIM (Identity Management) - Genesys Cloud Resource Center
Genesys Cloud Resource Center | remove preview |
| Configure Azure Active Directory for Genesys Cloud SCIM (Identity Management) - Genesys Cloud Resource Center | To use Genesys Cloud SCIM (Identity Management), configure Azure Active Directory to... [More] | View this on Genesys Cloud Resource Center > |
|
|
The issue that when I proceed ''start provisioning'', the system started to sychronize all users from our AD and I found 31646 users (Attachment: Capture1.JPG) added to Genesys which must not be and as I didn't know how to do a rollback, we had to delete the users on Genesys manually (Attachment: Capture2.jpg) I stopped provisioning but the ''Incremental cycle'' continued to sync. how can only declared users be synchronized with Genesys (Attachment: Capture3.JPG)? On the other hand how to make everything automated? sync groups instead of users between AD and Genesys? Do we have to create groups on Azure as well as on Genesys with the same names same for webrtc phones; could we synchronize the deletion with the deletion of users (if a user is deleted his webrtc phone will be automatically deleted ?
Thank you
#Implementation
#PlatformAdministration
#SystemAdministration
#Unsure/Other