We are trying to create the user accounts with the specific to the divisions through SCIM. Could you please advise how this can be done.
Division is supported in Genesys Cloud under the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User schema in the User.
The specific field in the sub-schema is division.
In JSON it looks like this:
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"urn:ietf:params:scim:schemas:extension:genesys:purecloud:2.0:User"
],
"active": true,
"userName": "test.user@test.org",
"displayName": "test user 2",
"title": "Architect-6",
"phoneNumbers": [
{
"value": "+12223334444",
"type": "work",
"primary": true
}
],
"emails": [
{
"value": "test.user@test.org",
"type": "other",
"primary": true
}
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"division": "Home",
"department": "PureCloud Development-2"
}
}
Documentation of all available mappings supported is located here: SCIM and Genesys Cloud field mappings - Genesys Cloud Resource Center
If you are using Azure the full mappings available are in the documentation here: Configure Azure Active Directory for Genesys Cloud SCIM (Identity Management) - Genesys Cloud Resource Center
The entry for scimEnterpriseUser.division is missing the note that the full URN is "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:division". I have entered a ticket for DOC to fix that. The division mapping should be available in the Mappings editor in Azure SCIM APP.
Many thanks for the response Greg! We are planning to create the AD group in the Azure AD for every divisions to put the respective site / region (Agent & supervisor) in to it. Let me try and update you.
Ashok,
One thing I forgot to mention is that you will need to make sure the permission on the OAUTH client are setup to have the divisions specifically assigned. The default is to have the HOME devision, and unless it is changed, new divisions that are being created will not be added to the roles.
Hi Greg, Let me try to understand the flow to get this done. We have my access in place and the roles are defined based on the location and the roles specific. We have tried to enable an attribute extension 15 and assigned with the urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:division. However it's not reflecting on Azure AD. Should we create the attribute in local AD and separate groups in AD for the division wise? Please assist
Hi Ashok,
I don't know of any reason using a extension attribute assigned to the mapping would not be working. I suggest using the Sync a single user mechanism to check what happens and look at the provisioning log to see that is sending your attribute.
If logs show the division was sent, and it was not changed on the user, then it would be time to open a support case for us to investigate.
Hi Gerg, Finally, we are able to get that first step completed. We are able to provision the user creation through AD now. We yet to get the assign the roles and division configured appropriately. Inspite of all the trial and error, every users are going in to the home
division.
In the O-Auth, i don't find any options to enable the division wise access. Please advise.
Hi Ashok,
Glad to see you are making progress.
Divisions rights are assigned as part of the roles. There is a tab for their assignments on the OAuth Client config.
Thanks Greg! I tried to edit the existing O-Auth client but couldn't find the remaining divisions under the options. Is that something which need to be verified while setting up the O-AUTH client initially?
The UI is bit tricky. Try clicking on the blank line under the Home division. It should open up a pop-up that contains division that can be added.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.