Genesys Cloud
Deprecation: Ability for administrators to log in using user name and password only
| Announced on | Effective date | Aha! idea |
|---|---|---|
| 2025-11-10 | 2026-02-09 | - |
On the effective date, Genesys Cloud will deprecate the ability for administrators to access Genesys Cloud using user name and password only. From the effective date, administrators must additionally use multi-factor authentication (MFA) when logging into Genesys Cloud. This update applies to all admin users with specific permissions that grant elevated access, except for those who log in through single sign-on (SSO) systems. Mandating MFA improves account security and reduces the risk of unauthorized access in cases where login credentials are compromised.
FAQs
Am I affected?
You are affected by this deprecation if your organization has not implemented MFA for admin users logging in with user name and password. Users logging in via single sign-on are not affected.
What do I need to do before the removal date?
Genesys recommends that you instruct users with administrative permissions to enable MFA before the effective date. The following permissions are classified as administrative permissions. If any of these permissions are included in a user’s assigned roles, that user must provide an MFA token when signing in to Genesys Cloud.
- authorization:division:add
- authorization:division:delete
- authorization:division:edit
- authorization:grant:add
- authorization:grant:delete
- authorization:orgTrusteeUser:add
- authorization:orgTrusteeUser:delete
- authorization:orgTrusteeUser:edit
- authorization:orgTrustee:add
- authorization:orgTrustee:delete
- authorization:orgTrustee:edit
- authorization:orgTrusteeGroup:add
- authorization:orgTrusteeGroup:delete
- authorization:orgTrusteeGroup:edit
- authorization:policy:add
- authorization:policy:delete
- authorization:policy:edit
- authorization:role:add
- authorization:role:delete
- authorization:role:edit
- authorization:settings:edit
- authorization:settings:delete
- directory:organization:admin
- directory:user:add
- directory:user:delete
- directory:user:setPassword
- directory:userPassword:edit
- oauth:client:add
- oauth:client:authorize
- oauth:client:delete
- sso:provider:add
- sso:provider:delete
- sso:provider:edit
How can I prepare for this deprecation?
Follow these steps:
- Click User Management > Roles and Permissions. Review the roles in use and determine which roles contain administrative permissions.
- Identify users and groups, which have been assigned with these roles.
- For each role, select Change Membership to view the list of users that have been assigned with this role directly.
- Click User Management > Groups. For each group, review the Roles tab to identify the groups that have roles with administrative permissions assigned. For any roles with administrative permissions, view the Membership tab to identify the list of users.
- Compile a list of administrative users by following the instructions in step 2.
- Prepare and send a communication for the list of administrative users that instructs them to add an MFA device before the effective date.
- Before the effective date, these users can optionally add an MFA device via the My Account tile on the Genesys Cloud splash screen.
- On the effective date, any admin users who do not have an MFA device already added will be required to add an MFA device on their next log in. For more information about MFA, see Overview of multi-factor authentication (MFA).
What if I need help or have questions?
Contact your Genesys account team. You can also visit Genesys Product Support for more assistance.
