Hi,
Genesys Cloud supports SSO login with non-email address identifier, and we'd like to get this configured in our org. We do have SSO enabled and working fine, and users have been provisioned with SCIM externalid data. It's just that email address is used as user identifier and we'd like to start using externalid.
What is unclear is how this should be configured on the IdP side. This has been documented at https://help.mypurecloud.com/articles/configure-sso-identity-provider-without-email-address/ , but in my eyes, this is not 100% clear.
In current setup, the IdP sets attributes "OrganizationName", "ServiceName", and "email" in the SAML assertion, as instructed at https://help.mypurecloud.com/articles/add-a-generic-single-sign-on-provider/ :
<saml:AttributeStatement>
<saml:Attribute Name="OrganizationName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
myorg
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="ServiceName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
directory
</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified">
<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
foobar@myowndomain.com
</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
How should we construct the assertion, if non-email address identifier would be used? Do you have example available? Should we replace the "email" attribute with "urn:ietf:params:scim:schemas:extension:genesys:purecloud:2.0:User:externalIds[authority eq "{Identity Provider Issuer URI}"].value", and put externalid value in that?
If someone has done this, example would be appreciated.
Thanks,
#Integrations------------------------------
Timo Välimäki
DXC Technology Finland Oy
------------------------------