About Genesys Authentication
Learn about Genesys Authentication and how it works in Genesys Engage cloud private edition.
Genesys Authentication provides authentication capabilities for Genesys Engage cloud private edition services and applications. Genesys Authentication is based on the OAuth 2.0 authorization framework, with support for OpenID Connect. It supports the following OAuth grant types:
- Authorization Code
- Client Credentials
- Refresh Token
- Password
- Implicit
- Token Convert
- Assertion
Genesys Authentication confirms a client identity, or a client and user identities, and provides related metadata. It does NOT do authorization or handle and manage permissions - this is the responsibility of the authentication service client. The Authentication API service authenticates a user against a tenant's Configuration Server or a tenant's identity provider (IdP), if configured for single sign-on (SSO) use. See Single sign-on for details about how to set up SSO. You can have both Configuration Server and IdP authentication functionalities for a particular tenant. When a client makes a successful authentication attempt, the Authentication API service provides an API access token. The service also verifies existing tokens.
Genesys Authentication has three components, which are always distributed together:
- Authentication API service - Provides the authentication capabilities described above.
- Authentication UI service - A user interface used by many Genesys Engage cloud private edition applications for log in and change password functionality. See Log in to Genesys Multicloud CX for details.
- Environment API service - An internal service that manages contact centers and environments. An environment contains information about connecting to Configuration Server and can have one or more contact centers.