Genesys Cloud - Main

 View Only
Discussion Thread View
  • 1.  OKTA Integration for User Management

    Posted 09-23-2020 16:29
    What account type/configuration in Genesys would be needed for advanced SCIM provisioning in OKTA to setup and manage Genesys Cloud accounts?

    Has anyone had success with this?
    #SystemAdministration

    ------------------------------
    Matthew Rauenzahn
    Product Owner - Vanguard
    ------------------------------


  • 2.  RE: OKTA Integration for User Management

    GENESYS
    Posted 09-24-2020 08:29

    Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

    In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.  



    ------------------------------
    Richard Schott
    Genesys - Employees
    ------------------------------



  • 3.  RE: OKTA Integration for User Management

    Posted 10-01-2021 05:00
    Hi @Richard Schott,

    I am interested in this matter.

    If I understand correctly, to perform the SSO integration with Okta the steps to perform are as follows:

    https://help.mypurecloud.com/articles/add-okta-as-a-single-sign-on-provider/

    But if you want to perform a User Management from Okta it is necessary to use additionally configure Okta for Genesys Cloud SCIM.

    https://help.mypurecloud.com/articles/configure-okta-for-genesys-cloud-scim-identity-management/

    Am I right?
    They are two completely different issues right?

    Thanks in advance.

    Regards.


    ------------------------------
    Carlos Camacho Jimenez
    Evolutio Cloud Enabler S.A.
    ------------------------------



  • 4.  RE: OKTA Integration for User Management

    GENESYS
    Posted 10-01-2021 10:52
    That is correct.  SSO and user provisioning are completely separate, but complimentary features.  We have a number of customers that use SCIM and SSO in conjunction, configuring their apps so that newly provisioned users will be able to immediately log in to Genesys Cloud, using the same credentials they use to access their other enterprise software.

    ------------------------------
    Richard Schott
    Genesys - Employees
    ------------------------------



  • 5.  RE: OKTA Integration for User Management

    Posted 10-04-2021 02:27
    Thanks for you reply @Richard Schott, that sounds good.

    So, if I use SCIM can i create user only in Okta and this user will be create in Genesys Cloud automaticly?​

    Another question is... can i change roles, division of user trought Okta?

    Thanks in advance.
    Kind Regards.

    ------------------------------
    Carlos Camacho Jimenez
    Evolutio Cloud Enabler S.A.
    ------------------------------



  • 6.  RE: OKTA Integration for User Management

    GENESYS
    Posted 10-04-2021 11:06

    Yes, if SCIM is configured in your Okta tenant and the user is in scope for the user provisioning app, then Okta will invoke the SCIM API to create the user.  If the user's mapped attributes are modified, then Okta will invoke the SCIM API to update the user.  If the user is deleted from Okta, then Okta will invoke the SCIM API to delete the user.  

    Roles and Division are mappable attributes on our SCIM APIs: https://help.mypurecloud.com/articles/scim-and-genesys-cloud-field-mappings/

    The specific configuration to leverage those attributes will depend on the data structure within Okta, but the specific requirements of the payloads for our APIs are documented in the link above.  



    ------------------------------
    Richard Schott
    Genesys - Employees
    ------------------------------



  • 7.  RE: OKTA Integration for User Management

    Posted 10-06-2021 04:04
    Thank you @Richard Schott, that clears up all my doubts.

    Best regards!​

    ------------------------------
    Carlos Camacho Jimenez
    Evolutio Cloud Enabler S.A.
    ------------------------------



  • 8.  RE: OKTA Integration for User Management

    Posted 08-11-2022 22:33

    Hi @Richard Schott,

    Further to this. I am trying to get confirmation that it is an acceptable and supported model ​to have SCIM provided by one platform (e.g. Azure AD) and SSO/SAML coming from another provider. 

    I can't see anything that states it isn't. One of our clients is looking for firmer evidence to support that before going ahead. 

    Cheers




    ------------------------------
    Allan Klinbail
    Byte Information Technology
    ------------------------------



  • 9.  RE: OKTA Integration for User Management

    GENESYS
    Posted 08-12-2022 11:53
    You are correct that there is no requirement that SCIM and SSO integrations come from the same Identity Provider.  Most customers do take this approach for convenience/simplicity, but as long as the necessary information aligns across the 3 systems then there's no technical reason you couldn't use Azure for profile syncing and Okta for SSO authentication.

    ------------------------------
    Richard Schott
    Genesys - Employees
    ------------------------------



Need Help finding something?

Check out the Genesys Knowledge Network - your all-in-one access point for Genesys resources