Configure SSO identity provider without email address

AI-generated summary

Genesys Cloud supports configuring single sign-on with various third-party identity providers that allow users to log in without an email address. Instead of email, another unique identifier like an employee ID can be used by mapping the identity provider's field to the SCIM externalIds field in Genesys Cloud. This allows managing user identities between the identity provider and Genesys Cloud without using email addresses. Specific identity providers like Microsoft Entra can be integrated this way to enable seamless SSO authentication for users logging in with non-email identifiers.

Genesys Cloud supports various third-party identity providers for single sign-on integrations. The Add multiple single sign-on providers to Genesys Cloud describes how to configure your organization’s identity provider and Genesys Cloud to automate the authentication process.

Depending on your SSO configuration, you can allow your users to log in with an identifier that is not an email address by selecting one of the alternative options from the Name Identifier Format drop down.

To manage the user identities between your identity provider and Genesys Cloud, you can use Genesys Cloud SCIM. The SCIM and Genesys Cloud field mappings shows the SCIM fields that Genesys Cloud SCIM (Identity Management) maps to Genesys Cloud fields. Depending on the identity provider, you can modify these mappings or add new attributes to the existing mappings. You can define other fields to avoid using the email address to identify a user.

For example, with Microsoft Entra ID as the identity provider, you can map the following Microsoft Entra ID field to the SCIM field if you do not want to use the email address:

Microsoft Entra ID field	SCIM field
{Customer-dependent field}	urn:ietf:params:scim:schemas:extension:genesys:purecloud:2.0:User:externalIds[authority eq “{Identity Provider Issuer URI}”].value

[NEXT] Was this article helpful?

Get user feedback about articles.