Genesys Cloud - Main

 View Only

Discussion Thread View
  • 1.  Using Okta SCIM integration for User Management

    Posted 03-20-2024 11:57

    We are using AD with Okta for User Management but are having an issue with adding/updating a User's Supervisor.  Support has said we need to send the GUID of the Supervisor for the Manager Field Value. 

    (scimEnterpriseUser.manager.value)

    My question is, since the sync into Genesys Cloud is unilateral, what process are other organizations using to update/add a User's Manager?  How are you getting the GUID from Genesys back into AD or Okta to then be used to added or update a User's Manager?

    I hope this question makes sense.

    Thank you much!  


    #PlatformAdministration
    #SystemAdministration

    ------------------------------
    Jeff Lehmann
    CCS Medical, Inc.
    ------------------------------


  • 2.  RE: Using Okta SCIM integration for User Management

    Posted 03-30-2024 19:50

    This is usually the Email address of the manager/supervisor.  Also, that does not really define them as a supervisor, but just places them as a manager in the organization so you can filter for Reports To in places.  



    ------------------------------
    Robert Wakefield-Carl
    ttec Digital
    Sr. Director - Innovation Architects
    Robert.WC@ttecdigital.com
    https://www.ttecDigital.com
    https://RobertWC.Blogspot.com
    ------------------------------



  • 3.  RE: Using Okta SCIM integration for User Management

    Posted 04-01-2024 16:10

    Hey Robert, You would think the Email address of the manager/supervisor would work, similar to using the Bulk Import tool in Admin/People & Permissions/People when adding Users.  But it does not.  The SCIM Field: scimEnterpriseUser.manager.value   requires the GUID of the User that the Agent is going to report to.   

    So, who out there is using Okta/SCIM for user management, and what are you doing to work with the need for the GUID for adding or updating an Agents Supervisor?  When an Agent changes Supervisor/Manager, or who they report to, how are you updating it?  Are you changing them manually?  Is there an API out there I have not found yet that synchronizes User's GUIDs back into OKTA??

    Thank you much!



    ------------------------------
    Jeff Lehmann
    CCS Medical, Inc.
    ------------------------------



  • 4.  RE: Using Okta SCIM integration for User Management

    Posted 04-01-2024 16:30

    How about setting it to the email address or other lookup value and then having a workflow that looks at the fields and replaces it with the GUID.  That way the workflow could do the look up and replace without Okta.



    ------------------------------
    Robert Wakefield-Carl
    ttec Digital
    Sr. Director - Innovation Architects
    Robert.WC@ttecdigital.com
    https://www.ttecDigital.com
    https://RobertWC.Blogspot.com
    ------------------------------



  • 5.  RE: Using Okta SCIM integration for User Management
    Best Answer

    Posted 04-01-2024 18:01
    Edited by Samuel Jillard 07-11-2024 08:04

    Hey Jeff,

    From a recent setup we did, my learned understanding is as follows:

    1. When the SCIM integration is established between Okta and Genesys Cloud (GC), Okta will attempt to match users based on username and then save the user's GUID to the "externalId" attribute within Okta (ref: SCIM 2.0 Protocol Reference | Okta Developer)
    2. You can then use this externalId field to set a user's manager using Okta expressions and in particular the manager/assistant functions (ref: Okta Expression Language overview guide | Okta Developer). In our recent deployment, we had users being created in Active Directory then being sync'ed to Okta and then populated in Genesys Cloud via SCIM through the "purecloudcollaborate" application in Okta, and so the following mapping worked for us:

    Manager Value (managerValue)

    user.managerId != null ? (getManagerAppUser("active_directory","purecloudcollaborate").externalId ! = null ? getManagerAppUser("active_directory","purecloudcollaborate").externalId : "") : ""

    A couple of points about the NULL check in the expression above:

    1. A NULL check is required to cater for (a) users that don't have a manager assigned to them or(b) users that do have a manager but that manager does not have an account in Genesys Cloud (i.e. don't have an externalId). We found that we had to pass an empty string in these cases to prevent errors in Genesys Cloud.
    2. Okta expressions don't appear to support "&&" within the conditional/ternary operator and hence we had to split the NULL check across two conditional checks instead.

    Hope this helps
    Mark



    ------------------------------
    -------------------------------
    Mark Goldsmith
    NTT Data
    https://www.global.ntt/
    ------------------------------
    ------------------------------



  • 6.  RE: Using Okta SCIM integration for User Management

    Posted 04-01-2024 22:05

    Great research and solution.  Okta SCIM can be a bear at times.  We found that you need to remove users from Groups before Deleting them.  If you don't, you run into several issues.  



    ------------------------------
    Robert Wakefield-Carl
    ttec Digital
    Sr. Director - Innovation Architects
    Robert.WC@ttecdigital.com
    https://www.ttecDigital.com
    https://RobertWC.Blogspot.com
    ------------------------------



  • 7.  RE: Using Okta SCIM integration for User Management

    Posted 04-02-2024 15:24

    Good to know about remove users from Groups be for deleting them!!

    Thank you Robert!

    Jeff



    ------------------------------
    Jeff Lehmann
    CCS Medical, Inc.
    ------------------------------



  • 8.  RE: Using Okta SCIM integration for User Management

    Posted 04-02-2024 15:22

    Thank you Mark!

    We will give this a try and let you know how it goes!

    Jeff



    ------------------------------
    Jeff Lehmann
    CCS Medical, Inc.
    ------------------------------



  • 9.  RE: Using Okta SCIM integration for User Management

    Posted 07-15-2024 19:31

    An update to my last post. The manager expression provided failed on the edge case that a user's manager was configured and present in Okta, but not added to the purecloudcollaborate application. We needed to update the expression to:

    Manager Value (managerValue)

    getManagerAppUser("active_directory","purecloudcollaborate") != null ? (getManagerAppUser("active_directory","purecloudcollaborate").externalId ! = null ? getManagerAppUser("active_directory","purecloudcollaborate").externalId : "") : ""



    ------------------------------
    -------------------------------
    Mark Goldsmith
    NTT Australia
    https://www.global.ntt/
    ------------------------------
    ------------------------------



Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources