We have run into a very weird situation and looking for some inputs here.
We have an user who gets her session timed out every 4-5 mins sporadically in Genesys cloud. One thing to note here, the pop-up that she gets is exactly like the pop-up we get when session is timed out due Genesys' inactivity timeout, however the inactivity timeout is disabled right now under org settings. Also, to mention here that we use Azure ADFS as our SSO identity provider using SAML authentication, and also we have SCIM in place to automatically create users into Genesys cloud once they are added to the correct group in AD. Below are some of the key points of testing that has been done:
- the login works just fine, however session gets timed out after a few minutes, sometimes even when she is on a call.
- She is the only user in the group who faces this issue and she faces this both when working from home(VPN) and when working from office.
- We have replaced her laptop(even she was given a laptop which was used by an user previously who never reported the issue), and the issue still happens. When someone else log into genesys in her system, they work just fine.
- We raised concerns to Genesys support and they came back with network/proxy to be a probable cause, however everyone else who works just fine are also having exactly same network/proxy settings.
- We have tested disabling her and then re-enabling her from the AD side as a result of which she gets set to inactive in Genesys and again active once SCIM syncs. However, the same thing happens again.
- We have tested her by removing her from the AD groups and then setting her genesys profile to deleted state. Again when she is added to the groups and SCIM syncs and her profile in Genesys becomes active same issue happens.
- AD team confirmed she is not part of any conditional access policies in AD.
- We tried with the user in our non-prod environment where there is no AD or SCIM involvement, there she can work just fine without any issues.
What else can be done or checked from our end? I have recommended doing a SAML trace and checking the NotOnorAfter condition in the assertion, but was told that SAML assertion is only used at the time of login, after that it plays no part for Genesys' own session.
Also, some suspect that her Genesys profile might got corrupted. But, the problem here is like we can't get rid of her current genesys profile completely(without a GDPR delete, which is not an option since it will erase all the data including interaction data, performance data) as long as her email remains the same. Genesys will every time simply just activate her existing profile even if it was set to deleted state previously.
Also, we thought of deprovision the user completely from AD and SCIM and just allow her normal login to Genesys and test. However, we can't allow direct login to Genesys prod as it is a global setting and if we do so people can access Genesys even when they are not inside company's network. So, it's a security concern.
So, we are kind of running out of options to get to the root cause. Would really appreciate if someone has any inputs on potential next steps.
Thanks & Regards,
Mainak
#API/Integrations#ArchitectureandDesign#Implementation#Omni-ChannelDesktop/UserInterface#PlatformAdministration#SystemAdministration#Unsure/Other
------------------------------
Mainak Patra
------------------------------