Genesys Cloud acquires OAuth tokens, which are specific to the CX agent workspace and other apps within Genesys Cloud.

What does this mean?

Instead of one OAuth token to authenticate the user in of Genesys Cloud, the identity provider reauthorizes the user in multiple apps inside Genesys Cloud. If your identity provider (IdP) does not allow authentication in an embedded iframe, then these apps attempt authentication in a pop-out window. 

If your Genesys Cloud organization settings do not allow pop-out authentication, you cannot authenticate these apps.

Am I affected?

If you use an identity provider for Genesys Cloud authentication, then you are affected. Some known affected IDPs are Okta and Azure. Check with your internal security team for your own IDP settings.

How can I solve this problem?

If you use an identity provider for authentication to Genesys Cloud, then you must check both the settings on your IDP and your organization settings on Genesys Cloud with your internal security team. This process avoids error pages in Genesys Cloud.

Click the image to enlarge.
Identity provider pop-up management for Genesys Agent Assist

To ensure a positive experience, allow pop-ups on your browser for Genesys Cloud domains. If you use pop-up blockers, Genesys Cloud recommends you to allowlist Genesys Cloud.

To access the Use Pop-out Authentication for Embedded iframes setting:

  1. Click Admin.
  2. Under Account Settings, click Organization settings.
  3. On the Authentication tab, enable Use Pop-out Authentication for Embedded iframes.
  4. Click Save.

What if I need help or have questions?

Contact your customer success manager and your internal security team.