Workforce Engagement Management

 View Only

Discussion Thread View
  • 1.  Use Tempo Mobile App - MFA & Main Platform restrictions

    Posted 02-28-2024 13:09

    Hello all,

    Hope you are having a great day.

    So our organisation is very happy with Genesys so far, but we are now moving our WFM rotas etc into Genesys and want employees to start using the Tempo App it self.

    We want them to be able to log into the Tempo App but not the main Collaborate Website. The Genesys platform needs to be off limits unless they are in the office.

    So we have SSO enabled, where it gives conditional access. If within a trusted location, It doesnt need MFA. So when a agent is working in the office, they can just log in without MFA.

    When a agent tries to log into the Genesys Platform outside of the office, they need to MFA.

    The problem is though, we dont want agents being able to log in and make calls using the Genesys platform outside of the office.

    We can add a IP whitelisting on the Genesys platform, but will this prevent logging into the Tempo App?

    Can anyone think of a way around this? We only want our agents logging into Temp App only when outside the building.

    thanks in advance!


    #WorkforceManagement

    ------------------------------
    David Mann
    Journeycall Ltd
    ------------------------------


  • 2.  RE: Use Tempo Mobile App - MFA & Main Platform restrictions

    Posted 02-28-2024 14:12

    Hi David,

    In the Genesys Tempo, the users will be access schedules and requests ONLY, if the users have this permission to access the web.

    To use Collaborate, the agent needs to use another app (Genesys Cloud Collaborate).

    Att,



    ------------------------------
    Breno Canyggia Ferreira Marreco
    https://www.linkedin.com/in/brenocfm-40b62182/
    ------------------------------



  • 3.  RE: Use Tempo Mobile App - MFA & Main Platform restrictions

    Posted 02-29-2024 05:23

    Hello Breno,

    Thank you for the reply, but it didnt help answer the question. I understand that Users will only be able access schedules if they use Tempo, but right now a user can access the Tempo App and the URL https://apps.euw2.pure.cloud/.

    I need to block access outside the building using Single SIgn On MFA conditions to the URL. By doing so, will I also block the use of the Tempo App as as it seems to use the https://login.euw2.pure.cloud/ URL to log in with as well.

    I need to find a way where agents can look at their schedules and dont have the ability to log onto the Platform and start taking calls when they feel like it.



    ------------------------------
    David Mann
    Journeycall Ltd
    ------------------------------



  • 4.  RE: Use Tempo Mobile App - MFA & Main Platform restrictions

    Posted 02-29-2024 13:55

    David, you can use SSO integration to schedule enable/disable users (through your Azure AD example), but if you disable users they don't use App Tempo and https://apps.euw2.pure.cloud/.

    One solution for you would be (thinking out loud)... Create an external process for changing roles/permission of the users removing what you need then the users don't use the outside working hours, and, in within working hours rollback.

    Att,



    ------------------------------
    Breno Canyggia Ferreira Marreco
    https://www.linkedin.com/in/brenocfm-40b62182/
    ------------------------------



  • 5.  RE: Use Tempo Mobile App - MFA & Main Platform restrictions

    NEW MEMBER
    Posted 12-12-2024 11:47

    Hello,

    Was this issue ever solved on your side?

    We are seeing the same situation in regard to IP whitelisting and the use of the tempo application from outside the network.

    They are obviously blocked from accessing our tenant

    Is the only situation to remove the IP whitelisting?

    thanks!

    Jonathan



    ------------------------------
    Jonathan Champagne
    ------------------------------



  • 6.  RE: Use Tempo Mobile App - MFA & Main Platform restrictions

    Posted 12-12-2024 12:41
    Edited by David Mann 12-12-2024 12:42

    Hello Jonathan,

    I'm afraid we did not. We were forced to not use IP whitelisting within Genesys organisation settings.

    What we did do, is create a separate Conditional Access for the Genesys App on Azure Identity, which forces the User to use Text message MFA When logging in through Mobile browser.

    When logging in using a Non Mobile browser, they would need a certain Security group in Azure AD and get MFA through Authenticator App instead.

    This didn't stop users from logging into the URL option using a mobile browser app.  We just haven't told our agents they can do this.

    We also went into the Genesys Integrated App settings, and disabled the use of Collaborate app for everyone. So even if an agent downloaded Collaborate and logged in successful, they would get a Genesys Permission error and would not be able to take calls.

    I believe Genesys needs to work on this IP white listing feature a lot more. So that Tempo isn't affected by the IP whitelisting.

    David.



    ------------------------------
    David Mann
    na
    ------------------------------



Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources