FAQs: Single sign-on

Genesys Cloud supports third-party identity providers for single sign-on integrations. For more information about configuring the user attributes for your identity provider, see Configure single sign-on identity provider without email address. 

Yes, it is possible to log in with either the user ID and password or SSO, unless you configure Genesys Cloud to authenticate with SSO only. For more information, see Configure Genesys Cloud to authenticate with SSO only.

If you want two instances of the same IdP, use the generic provider in addition to the name brand provider. You can have a maximum of two instances of the same IdP. 

Ensure that the signing certificate published by the single sign-on provider is correctly registered with Genesys Cloud.

Ensure that the relying party identifier is the correctly registered with the single sign-on provider and Genesys Cloud.

You can implement Single Logout to prevent users from being logged back in automatically.

Yes, the generic identity provider configuration enables Genesys Cloud customers to integrate with most identity providers that support SAML 2.0.

The Identity Provider Name list on the Single Sign-On Customization screen, contains a set of the most common providers. All of the identity providers shown in the Identity Provider Name list allow you to add multiple Genesys Cloud orgs.

To use a single identity provider with multiple orgs, repeat the steps you followed when configuring your first single sign-on integration. As you do, make sure that there is a unique Relying Issuer URI for each one. This allows the identity provider to distinguish which organization initiated the request.

Yes. The generic identity provider configuration enables Genesys Cloud customers to integrate with most identity providers that support SAML 2.0. For more information, see Add a generic single sign-on provider.