Auth Orgs Articles

Prerequisites

  1. A pairing link sent by Genesys Cloud support.
  2. The following permissions:
    • Authorization > Org Trustor > All
    • Authorization > Org Trustor > View
    • Authorization > Org Trustee Group > Add
    • Authorization > Org Trustee Group > View
    • Authorization > Role > View

To access your Cloud organization, the Genesys Cloud Customer Care team may ask to pair their Genesys Cloud Customer Care Support Team organization to your organization.

NOTE: You can control their access to your organization by assigning roles, and you can revoke their access at any time.

Pair your organization with Customer Care organization

  1. Log in to your Cloud organization.
  2. To access the pairing request page, open the pairing link sent by Genesys Cloud Customer Care.
    • NOTE: The pairing link expires after seven days, and you can use it only one time. If your link expired, ask your Customer Care representative for a new one.
  3. From the pairing request page, click Yes, I authorize access.
  4. Click the Groups tab.
  5. Assign roles to the Genesys Cloud Customer Care Support Team group by selecting roles in the Role(s) column.
  6. Support recommends that you either assign every role to their group or create a new role with all permissions and assign it their group.
    • NOTE: Genesys Cloud does not bill your organization for the roles or licenses used by Customer Care.

Additional resources

Prerequisites: See Roles and permissions for pairing organizations and Roles and permissions for authorized users and groups.

If another organization wants to pair with you, you receive an email that contains a generic pairing link. For example: https://apps.mypurecloud.com/directory/#/admin/people-permissions/auth-orgs/pair/9d0230d0-6b16-4f15-bfbb-aa5085ee1450

NOTE:A pairing link expires after seven days.

  1. Click the link and read the message. 
    • WARNING: Do not approve a pairing request unless you know the sender.
    • NOTE:When granting system access to another user or group (“permitted user”), be aware that you are responsible for how the permitted user uses your system. Genesys is not responsible for any misuse of data, change to configuration, etc.
  2. To accept the request, click Yes, I authorize access.
  3. Select the appropriate role for the user or group.
    • NOTE: All members in the group receive the role and the associated permissions.

NOTE

  • The roles you assign here determine how the user or group can work in your organization. 
  • Assign only the roles that you are comfortable providing to the other organization. In the typical customer-to-partner scenario, it is common for the customer to assign the Master Admin role or the Admin role to their partner’s users or groups. Other roles may be necessary when working with Customer Care.

NOTE: When granting system access to another user or group (“permitted user”), be aware that you are responsible for how the permitted user uses your system. Genesys is not responsible for any misuse of data, change to configuration, etc.

An administrator from the Genesys Cloud organization in which the authorized users and groups work must assign the appropriate permissions to them. For example, in a customer-to-partner scenario, a customer must assign the appropriate permissions to the users and groups from the partner. Roles are predefined sets of permissions that streamline the process of assigning permissions.

Access control for authorized users and groups

Be aware of access control when you allow authorized groups or users the access to work in another organization. Genesys Cloud automatically grants authorized groups or users access to all divisions assigned to the roles that the member receives by pairing with the organization. 

Permissions for authorized users and groups

This table lists all the permissions that are available for authorized users and groups. You can assign any permission to any user or groups.

This permission Allows these actions
Authorization > Orgtrustee > Add Create a trust relationship and send the pairing request
Authorization > Orgtrustee > Delete Delete authorized users
Authorization > Orgtrustee > View  View authorized users
Authorization > Orgtrustee > Edit Enable and disable authorized organizations, and add and remove authorized users in an authorized organization
Authorization > Orgtrusteeuser > All Permissions View, edit, and delete new authorized users
Authorization > Orgtrustor > View View information about an authorized organization
Authorization > Role > View

View Genesys Cloud roles

Note: To grant roles to authorized users, you must have this permission.

Minimum permissions

All external authorized users and groups require the following permissions.

This permission Allows these actions
Authorization > Orgtrustor > View View information about an authorized organization
Authorization > Orgtrusteeuser > View View authorized users

Trusted External User role

An administrator must assign the Trusted External User role or the minimum permissions to all authorized external users and groups who work in the organization.

NOTE:The Trusted External User role is available only for Genesys Cloud organizations created on or after May 17, 2017. If your organization was created before May 17, 2017, create a custom role that has the minimum permissions necessary for authorized users. For more information, see Example of a custom role (Trusted External User).

Master Admin role

In the typical customer-to-partner scenario, it is common for customers to assign the Master Admin role to the authorized users from their partner. The default Master Admin role has all the permissions that are necessary for a user or group to administer your organization. When you seek assistance, Customer Care may require other permissions and roles.

NOTE: The permissions that a role contains are what enables a user to perform an action. Because you can modify existing roles, it is important to be sure that a role has the permission(s) required to perform a specified action.

If you do not want to assign the Master Admin role to an authorized user or group from another organization, create custom roles that contain only the permissions you want to assign. 

Example of a custom role (Authorized User Admin)

Here is an example of a custom role that provides the minimum permissions that are necessary for an authorized user or group.

  1. Add a custom role called Authorized User Admin.
  2. Assign the following rights to the Authorized User Admin role.
This permission Allows these actions
Authorization > Orgtrustee > Add Create trust relationship and send the pairing request
Authorization > Orgtrustee > Delete Delete authorized users
Authorization > Orgtrustee > View View authorized users
Authorization > Orgtrustee > Edit Enable and disable authorized organizations, add, and remove authorized users in an authorized organization.
Authorization > Orgtrusteeuser > All Permissions View, edit, and delete new authorized users
Authorization > Orgtrustor > View View information about an authorized organization
Authorization > Role > View View Genesys Cloud roles

NOTE: A user who grants roles to authorized users needs this permission.

Example of a custom role (Trusted External User)

Here is an example of a custom role that provides the minimum permissions that are necessary for an authorized user or group. 

  1. Add a custom role called Trusted External User.
  2. Assign the following rights to the Trusted External User role.
This permission Allows these actions
Authorization > Orgtrustor > View View information about an authorized organization
Authorization > Orgtrusteeuser > View View authorized users

Minimum permissions for partners

If you are a partner and you want to work with your clients, you must have the following permissions:

View your clients

To view your clients, you must have a role with these permissions:

  • affiliateOrganization > clients > View
  • externalOrganization > externalContacts > View
  • authorization > orgTrustee > View

Pair with your clients

To pair with your clients, you must have a role with these permissions:

  • Authorization > Orgtrustee > Add
  • AffiliateOrganization > Clients > Pair
  • AffiliateOrganization > Clients > View
  • ExternalOrganization > Externalcontacts > View

Prerequisites: See Roles and permissions for pairing organizations and Roles and permissions for authorized users and groups.

After you approve a pairing request, you must authorize users and groups to work in your organization. To authorize users and groups, assign them the roles their work requires.

NOTE:When granting system access to another user or group (“permitted user”), be aware that you are responsible for how the permitted user uses your system. Genesys is not responsible for any misuse of data, change to configuration, etc.

When an administrator sends you a pairing link, the administrator can request authorization for multiple users and groups. Later, the administrator can request authorization for other users and groups as well. The maximum number of users that can access another organization is 25.

  1. Click Admin.
  2. Under People and Permissions, click Authorized Organizations.
  3. Click Access To My Organization
  4. Click the name of the paired organization.
  5. Click the user’s or group’s name.
  6. Under Roles, search for and select the roles for the user or group.

NOTE

  • The default Master Admin role has all the permissions that are necessary for a user or group to administer your organization. When you seek assistance, Customer Care may require other permissions and roles.
  • The permissions that a role contains are what enables a user to perform an action. Because you can modify existing roles, it is important to be sure that a role has the permission(s) required to perform a specified action.
  • Until an administrator assigns one or more roles to a user or group, the user or group cannot work in the organization.
  • When an administrator selects a role for a user or group, that user or group receives access immediately.

Auth Orgs is Care's implementation of a Genesys Cloud feature called Authorized Organizations. ​

Care combines the Authorized Organizations feature with OneLogin and Genesys Cloud Orgs in each AWS region to create the Auth Orgs system. Through this system Care can perform tasks inside a customer's org in a way that the customer controls, using the same roles used to manage their internal users. With authorized organizations, you can establish a secure relationship with another Genesys Cloud organization. This relationship allows permitted users and groups from one organization to log in to another organization.

Manage the pairing between two Genesys Cloud organizations

Learn how two organizations become paired. Create and send a pairing ID to an organization you want to pair with. If you receive a pairing request, understand what it means to accept it. Remove access or delete a pairing if necessary.

Manage authorized users and groups

Allow users and groups from another Genesys Cloud organization to work in your organization and track their activity.

See your relationships 

See which organizations you can work in, and see who can work in your organization. 

Support Users and Cloned Users

Once pairing is completed, Care will access a customer’s Org in one of two ways:

  • Via a Support Org User​
  • Via a Cloned User​

Access granted to these users is controlled by the role(s) the customer assigns to the pairing link. ​Actions taken by Care using either a Support Org User or Cloned User are audited as the first & last name of the engineer taking the action.​ Support Org Users are for tasks such as checking configurations, running reports, or reviewing specific interactions.​ Cloned Users are for agent tasks such as placing/receiving calls or ACD interactions or using Genesys Cloud chat features. 

To establish a pairing between two organizations, you must have specific permissions in your home organization. 

NOTE: When granting system access to another user or group (“permitted user”), be aware that you are responsible for how the permitted user uses your system. Genesys is not responsible for any misuse of data, change to configuration, etc.

Initiate a pairing request

To initiate the pairing request, you need one of these permissions:

  • Authorization > Org Trustee > All
  • Authorization > Org Trustee > Add

Authorize the pairing request

To authorize the pairing request, you need these permissions:

  • Authorization > Org Trustor > All 
  • Authorization > Org Trustor > View

Authorize users and groups

To authorize users and groups from another organization to work in your organization, you need these permissions:

  • Authorization > Org Trustee User > Add
  • Authorization > Org Trustee User > View
  • Authorization > Org Trustee Group > Add
  • Authorization > Org Trustee Group > View
  • Authorization > Role > View

An authorized user is a user who has permission to work in an organization other than the user’s home organization. By managing authorized users and groups, you can allow users and groups from another Genesys Cloud organization to work in your organization and track their activity.

For example, if you are in a trusted relationship with a partner, you can allow the partner’s users to help you configure your Genesys Cloud organization. The partner’s team of support personnel are authorized users for a customer’s organization.

You can assign roles and permissions to ensure that each user or group has the appropriate level of access. You can also remove access if necessary. Use groups to streamline the management of which users have access to your organization.

To streamline the management of authorized users, use groups. Create groups in your home organization. Then request permission for them to work in another organization. All members in the group receive the same roles and permissions. If you change the membership of the group by adding or removing a user, you do not affect the other members of the group.

NOTE

  • An organization can have a maximum 25 authorized users.
  • Genesys Cloud tracks authorized users separately from regular Genesys Cloud users. Authorized users do not affect user counts for the purposes of licensing and billing.

Authorized users assist only with administrative tasks. The following functionality is unavailable to an authorized user in another organization.

Feature Details
Alerting This feature is not available
Chat
  • Authorized users cannot chat with other users
  • Authorized users cannot search chats in public groups
Interactions
  • The authorized user cannot receive interactions
  • The agent dashboard does not load because the authorized user has no interaction statistics
  • The active interactions panel does not load because the authorized user has no interactions
Phone calls This feature is not available
Video conferences This feature is not available

Auth Orgs customers can control​:

  • When Care can access their Org​
  • The permissions Care has when accessing their Org

Disable access entirely

  1. Go to Admin > Authorized Organizations > Access To My Organization.
  2. Toggle Access to Off.

Limit access

  1. Go to Admin > Authorized Organizations > Access to My Organization > [Support Org Name].
  2. In the Groups tab, add or remove roles in the Role(s) section as desired.

The pairing process authorizes users and groups from one Genesys Cloud organization to work in another Genesys Cloud organization.

Examples

  • A Genesys partner can assist a client in configuring, managing, or troubleshooting Genesys Cloud.
  • A manager from a parent company can log in to a subsidiary organization to view usage reports.
  • An application developer or an independent consultant can log in to a client organization to assist with customizations.

Notes

  • Any organization can generate or receive pairing requests.
  • You can pair with any other organization in your region.
  • An organization can have multiple paired relationships, although each pairing can involve only two organizations. For example, a partner can have a separate paired relationship with each of its client organizations.

Process

  1. Your organization generates a pairing request and sends it to the other organization
  2. The other organization approves the pairing request and grants the appropriate permissions to users from your organization
  3. Your organization, if necessary, promotes additional users to work in your organization
  4. The other organization, as appropriate, approves the additional users from your organization to work in the other organization
  5. Users from your organization log in to the other organization and perform requested work

Prerequisites: See Roles and permissions for pairing organizations and Roles and permissions for authorized users and groups.

  1. Click Admin.
  2. Under People and Permissions, click Authorized Organizations.
  3. Click Create Pair. In the Add new person or group box, begin typing the name of the Genesys Cloud user or group in your organization who needs access to the other organization. Then select the user or group from the list. Tip: To see the users who already have access, click the Users tab. To see the groups who already have access, click the Groups tab.
  4. In the Add new person box, begin typing the name of the Genesys Cloud user in your organization who needs access to the other organization. Select the user from the list.
  5. Repeat step 4 to select more people. 
  6. Click Click to Copy. The pairing link is now in your clipboard.
  7. Paste the pairing link into an email or chat message and send it to the person at the other organization you want to pair with.

Prerequisites: See Roles and permissions for pairing organizations and Roles and permissions for authorized users and groups.

When two organizations are in a paired relationship, either side can remove access at any time.

NOTE: If you remove access from another organization, but the pairing with that organization remains, then you can reenable access to that organization at any time. All authorized users keep their roles.

  1. Click Admin.
  2. Under People and Permissions, click Authorized Organizations.
  3. Click Access To My Organization or Access to Other Organizations, depending on how the pairing was established.
  4. Do one of the following:
  5. To remove the pairing with another organization, next to the organization’s name, click the X.
  6. To disable temporarily the trust relationship, under Access, slide the toggle to Off.

Prerequisites: See Roles and permissions for pairing organizations and Roles and permissions for authorized users and groups.
  1. Click Admin.
  2. Under People and Permissions, click Authorized Organizations.
  3. Click Access To My Organization

Prerequisites: See Roles and permissions for pairing organizations and Roles and permissions for authorized users and groups.

When you are part of a trust relationship with another organization, either party can remove access from any user or group in that relationship.

NOTE

  • If your organization has users and groups from another organization working in it, then you can remove either specific roles from those users or groups, or you can remove those users or groups completely.
  • If your organization’s users or groups work in another organization, then you can remove those users or groups. 
  • If you remove access from a user or group while the user or group member is logged in to your organization, the user or group member is immediately logged out.
  1. Click Admin.
  2. Under People and Permissions click Authorized Organizations.
  3. Click Access To My Organization or Access to Another Organization.
  4. Click the organization name. The list of users appears.
  5. To remove access from a user, click the Users tab.
    • To completely remove access for a user, click the x next to the user’s name.
    • To remove a role from a user, next to the user’s name, click the x for the role you want to remove.
  6. To remove access from a group, click the Groups tab.
    • To completely remove access for a group, click the x next to the group’s name.
    • To remove a role from a group, next to the group’s name, click the x for the role you want to remove.
  7. To remove access from a user, next to the user’s name, click the x.
  8. To remove a role from a user, click Access to Another Organization. Next to the user’s name, click the x for the role you want to remove.  

Prerequisites: See Roles and permissions for pairing organizations and Roles and permissions for authorized users and groups.

When two organizations pair, the administrator of the organization providing the users or groups to complete the work requests authorization for them. The administrator of the organization in which the work will be performed assigns the roles for those users or groups.

Later, the same process of requesting and authorizing users and groups can occur if additional authorized users are needed. The maximum number of authorized users and groups that can access another organization is 25.

Note: When granting system access to another user or group (“permitted user”), be aware that you are responsible for how the permitted user uses your system. Genesys is not responsible for any misuse of data, change to configuration, etc.

  1. Click Admin.
  2. Under People and Permissions, click Authorized Organizations.
  3. Click Access To Other Organizations.
  4. Click the organization name. 
  5. In the Add New Person or group box, begin typing the name of the person or group who needs access.
  6. Click the user or group in the list. 
    • NOTE:The user or group does not yet have any roles in the organization, and therefore cannot perform work in it. An administrator in the other organization must authorize the user or group first.
  7. The administrator in the other organization grants access and assign the roles to the user or group.

Prerequisites: See Roles and permissions for pairing organizations and Roles and permissions for authorized users and groups.

You can see the users and groups from another organization who work in your organization.

  1. Click Admin.
  2. Under People and Permissions, click Authorized Organizations.
  3. Click Access To My Organization.
  4. Click the organization name. To see the list of authorized users, click the Users tab. To see the list of authorized groups, click the Groups tab. The list of users from the organization with roles in your organization appears.

To see who is in a trust, you must be a member of its trusted group

Genesys Cloud’s Authenticated Organizations feature establishes a circle of trust between organizations. This circle of trust permits a user who authenticated with their home organization to access an external organization for which they do not have a user account. To view the names of other users in the trust, or the names of groups authorized by the trust, a user must be a member of the trusted group.

Notes:

  • A user must be a member of the trusted group to do the following:
    • View details about the trust and its members.
    • Access the external organization.
  • An untrusted user sees an empty list of users and groups in the trust along with a message about missing permissions.
  • If you are not a member of the trusted group, Genesys Cloud does not reveal its name to you.
  • To have yourself added to the group authorizing the trust, contact your Genesys Cloud administrator.

Prerequisites: See Roles and permissions for pairing organizations and Roles and permissions for authorized users and groups.

To assist another organization with testing or troubleshooting, you can clone a user within trust. The cloned user inherits all permissions granted from the trusting organization. You can have up to five cloned users in an organization. 

Once cloned, the trusting organization is able to manage the user like any other user within the organization. 

Note: When granting system access to another user or group (“permitted user”), be aware that you are responsible for how the permitted user uses your system. Genesys is not responsible for any misuse of data, change to configuration, etc.

To be cloned, a user must be trusted as a named user or part of a trusted group through a pairing request. For more information, see Create and send a pairing request to an authorized organization.

  1. Click Admin.
  2. Under People and Permissions, click Authorized Organizations.
  3. Click the Access To Other Organizations tab.
  4. Click the name of the paired organization.
  5. Select a trusted user or a user from a trusted group. 
  6. Under Cloned Users, select a user or user from a trusted group.
  7. Log out of Genesys Cloud.
  8. Log back into Genesys Cloud and select the targeted organization.

Note: Cloned users are non-billable and are limited to 5 at any given time within a trust.

Prerequisites: See Roles and permissions for pairing organizations and Roles and permissions for authorized users and groups.
  1. Click Admin.
  2. Under People and Permissions, click Authorized Organizations.
  3. Click Access To Other Organizations.

Announcements

Case Escalation Management Process

This article outlines the process for escalating an open case with customer care, including the criteria a case must meet in order to be escalated, how to submit an Escalation Request through the My Support Portal, and the Escalation Management Process that Customer Care follows once an Escalation Request has been submitted.

Escalation criteria

Note: If a case requires engagement of Development, Cloud Operations or a 3rd party, please understand that it may require additional time to resolve, pending their analysis and findings.

  • There must be an active case for the Escalation
    • Closed Cases: If your case is already closed, the Escalate Case button will not be active. If you need to reopen a case, please do so through the MySupport portal or call into our Care team to request a case reopen.
    • No Case: There must be an existing case open with Genesys Product Support team before it can be escalated.
  • Double-check your case before requesting an Escalation
    • Has there been a recent update to the case that you may have missed?
    • Is Genesys Product Support waiting on additional information from you before they can proceed?
  • Is there already an active Escalation on the case? While multiple escalations can exist on a case, only one can be active at any given moment. If there is an open Escalation on your case already, you will not be able to submit a second until the first is closed.
  • Please do not request an Escalation based on change in urgency/impact. If a case needs to be changed to a higher priority based on a greater need for urgency or broader impact, please call in the request to our care team
  • An Escalation should not be requested for a Root Cause Analysis (RCA) unless Genesys Product Support has had 5 business days for cloud deployments or 7 business days for premise to complete analysis, per our standard Service Level Targets for RCA delivery (listed in your Customer Handbook: – PureConnect Direct Customer, PureConnect Partner Handbook, PureCloud).
  • If a high priority case has not been updated in the last 24 hours and the case is actively causing significant business impact, an Escalation can be requested.
  • Low priority cases are not eligible for escalation, if the impact of a low priority case changes, please request a change to medium through a work note in the case. If a change to high is required, please contact our care team by phone.

How to submit an Escalation Request

  1. From the MySupport portal, select the case you wish to escalate
  2. Navigate to the bottom right-hand corner of the case page and select Escalate Case. (If the Escalate button is disabled, it is most likely due to an already existing and open Escalation. See Escalation Criteria section for more info on multiple Escalations..)

    Screenshot of a case record in the My Support Portal. Escalate Case button is highlighted.
     
  3. A new window will open, displaying the Escalate Case form. There are two main fields:
    • Reason: Select the reason for the Escalation. Once a reason is selected, you may be prompted for additional information.
    • Escalation Details: This may include any initial notes which the Escalation Owner may need.
  4. Once the form is completed, click Escalate Case.
  5. Once the case has been escalated, a time stamp will appear within the case, and a banner will pop-up across your screen, confirming the Escalation has been created.

Escalation management process

  1. Customer or Partner submits an Escalation Request. 
  2. Escalation Owner reviews request and determines if it meets the Escalation Criteria
  3. Escalation Owner replies to request with next steps. If the Escalation Request is invalid, the Escalation Owner will provide reasons why and provide process information to the requestor.
  4. If Escalation request is valid, the Escalation Owner assesses the situation, prioritizes the Escalation by importance and urgency, and works with the engineer(s) to set expectations regarding next steps.
  5. Escalation Owner updates the case with all additional external communications with the customer or partner, regarding the Escalation.

Communicate directly with Escalation Owner

You can communicate directly with the Owner of the Escalation from the Escalation Feed section on the case. There will now be two feed sections on the case. 

  • The Case Feed will capture the technical aspects of the case. 
  • The Escalation Feed will capture the communication flow of the Case Escalation.

Please be mindful of the type of update you are sending and use the appropriate feed section for your update.

Additional training

If you would like to learn more about the new Escalation Management Process, you can access our training here: https://rise.articulate.com/share/0N9zbnlzRL2HDa9AGu9rm1Yw5BOZnBNI using the password: Genesys2022.

Overview of the My Support Portal

Only Designated Contacts have access to create, update, close, or re-open a case. Other employees who work for Genesys direct customers, Partners, Resellers, or end users can request Read-Only access to the My Support Portal to view cases opened by Designated Contacts on behalf of their company.

The My Support Portal allows you to:

  • Open and manage your support cases (Designated Contacts only)
  • Search our Knowledge Base and Technical Documentation site
  • Register for and view our Genesys Engage Tech Tutorials
  • Learn about current Product Support news and announcements
  • Access Genesys Care Apps and Tools (Designated Contacts only)