Enabling OAuth scope enforcement

Prerequisites
  • Directory > Organization > Admin permission

Genesys Cloud organizations, by default currently, do not enforce scopes on OAuth clients. Enabling OAuth scopes immediately affects any current applications leveraging an external OAuth client. Enforcing scopes enhances security and privacy by limiting the data accessible by an external application. If scopes are not enforced, applications have the same access as the user of the application, including administrators. Exercise caution when enabling enforcement of scopes within your Genesys Cloud organization. This procedure will guide an administrator through enabling OAuth client authorization and Scope enforcement for your organization. 

Identify OAuth clients requiring authorization

Before you enable OAuth scope enforcement, first determine your existing OAuth clients that have not been authorized.

  1. Under Performance, click API Usage.
  2. Determine the list of existing external applications (OAuth clients).
  3. Ensure your user has access to each of these applications.

Enable OAuth scope enforcement

  1. Click Admin.
  2. Under Organization Settings, click Settings.
  3. Set Enforce Scopes to On.
  4. Navigate to an external application.
  5. Select the desired scopes.
  6. Click Approve.
  7. Repeat steps 4-6 for each external application.