Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.  

Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.  

Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.  

Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.  

Yes, if SCIM is configured in your Okta tenant and the user is in scope for the user provisioning app, then Okta will invoke the SCIM API to create the user.  If the user's mapped attributes are modified, then Okta will invoke the SCIM API to update the user.  If the user is deleted from Okta, then Okta will invoke the SCIM API to delete the user.

Roles and Division are mappable attributes on our SCIM APIs: https://help.mypurecloud.com/articles/scim-and-genesys-cloud-field-mappings/

The specific configuration to leverage those attributes will depend on the data structure within Okta, but the specific requirements of the payloads for our APIs are documented in the link above.  

Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.  

Yes, if SCIM is configured in your Okta tenant and the user is in scope for the user provisioning app, then Okta will invoke the SCIM API to create the user.  If the user's mapped attributes are modified, then Okta will invoke the SCIM API to update the user.  If the user is deleted from Okta, then Okta will invoke the SCIM API to delete the user.  

Roles and Division are mappable attributes on our SCIM APIs: https://help.mypurecloud.com/articles/scim-and-genesys-cloud-field-mappings/

The specific configuration to leverage those attributes will depend on the data structure within Okta, but the specific requirements of the payloads for our APIs are documented in the link above.  

Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.  

Can SCIM APIs also allow the roles to be mapped to the specific divisions, I tried to use the SCIM APIs it's allowing me to add roles but not edit division to it?

Yes, if SCIM is configured in your Okta tenant and the user is in scope for the user provisioning app, then Okta will invoke the SCIM API to create the user.  If the user's mapped attributes are modified, then Okta will invoke the SCIM API to update the user.  If the user is deleted from Okta, then Okta will invoke the SCIM API to delete the user.  

Roles and Division are mappable attributes on our SCIM APIs: https://help.mypurecloud.com/articles/scim-and-genesys-cloud-field-mappings/

The specific configuration to leverage those attributes will depend on the data structure within Okta, but the specific requirements of the payloads for our APIs are documented in the link above.  

Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.  

Can SCIM APIs also allow the roles to be mapped to the specific divisions, I tried to use the SCIM APIs it's allowing me to add roles but not edit division to it?

Yes, if SCIM is configured in your Okta tenant and the user is in scope for the user provisioning app, then Okta will invoke the SCIM API to create the user.  If the user's mapped attributes are modified, then Okta will invoke the SCIM API to update the user.  If the user is deleted from Okta, then Okta will invoke the SCIM API to delete the user.  

Roles and Division are mappable attributes on our SCIM APIs: https://help.mypurecloud.com/articles/scim-and-genesys-cloud-field-mappings/

The specific configuration to leverage those attributes will depend on the data structure within Okta, but the specific requirements of the payloads for our APIs are documented in the link above.  

Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.  

Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.  

Hi @Richard Schott,

Further to this. I am trying to get confirmation that it is an acceptable and supported model ​to have SCIM provided by one platform (e.g. Azure AD) and SSO/SAML coming from another provider. 

I can't see anything that states it isn't. One of our clients is looking for firmer evidence to support that before going ahead. 

Cheers

Generally, a Genesys Cloud account does not need configuration in order to leverage the SCIM APIs for user provisioning.  There does need to be an Oauth client created that can generate authorization tokens with the correct permissions to execute the API calls (the permissions required are contained within the SCIM Integration role, and generally consist of the ability to add/edit/remove users, groups, roles, etc.; the specific permissions required for each SCIM API route are documented on the route in the developer center: https://developer.mypurecloud.com/api/rest/v2/scim/index.html).

In terms of specific configurations for Okta, you'll need to consult Okta's documentation on the matter.  While we do intend to release an app with Okta through the Okta Integration Network (https://www.okta.com/integrations/), that work has not yet been completed.  At that point we might be able to provide more specific guidance on usage of the app we've developed, but when using Okta's own configuration options they would continue to be the best resource.