About Genesys Authentication

Genesys Authentication provides authentication capabilities for Genesys Multicloud CX private edition services and applications. Genesys Authentication is based on the OAuth 2.0 authorization framework, with support for OpenID Connect. It supports the following OAuth grant types:

• Authorization Code
• Client Credentials
• Refresh Token
• Password
• Implicit
• Token Convert
• Assertion

Genesys Authentication confirms a client identity, or a client and user identities, and provides related metadata. It does NOT do authorization or handle and manage permissions - this is the responsibility of the authentication service client. The Authentication API service authenticates a user against a tenant's Configuration Server or a tenant's identity provider (IdP), if configured for single sign-on (SSO) use. See Single sign-on for details about how to set up SSO. You can have both Configuration Server and IdP authentication functionalities for a particular tenant. When a client makes a successful authentication attempt, the Authentication API service provides an API access token. The service also verifies existing tokens.

Genesys Authentication has three components, which are always distributed together:

• Authentication API service - Provides the authentication capabilities described above.
• Authentication UI service - A user interface used by many Genesys Multicloud CX private edition applications for log in and change password functionality. See Log in to Genesys Multicloud CX for details.
• Environment API service - An internal service that manages contact centers and environments. An environment contains information about connecting to Configuration Server and can have one or more contact centers.

Genesys Authentication is supported on the following cloud platforms:

• Azure Kubernetes Service (AKS)
• Google Kubernetes Engine (GKE)

See the Authentication, Login, and SSO Release Notes for information about when support was introduced.