We have recently enforced SAML SSO for all human users in our Genesys Cloud organization. The SAML integration is working correctly for the UI login, but our CI/CD pipeline, which relies on the genesyscloud Terraform provider, is now failing. The provider uses OAuth client credentials to authenticate. We are getting a 401 Unauthorized response when attempting to fetch the access token via the standard POST request to /oauth/token.
The request payload is structured as follows:
{
"grant_type": "client_credentials",
"client_id": "our-client-id",
"client_secret": "our-client-secret"
}
The response from Genesys is:
{
"error": "invalid_client",
"error_description": "Client authentication failed"
}
We have verified that the client ID and secret are correct. We also checked the OAuth client settings in the Admin UI. The client is still active. We assumed that enabling SAML would only affect user-based authentication flows like authorization_code or password, and that client_credentials would remain unaffected. However, it seems the API is rejecting the request entirely.
Is there a specific configuration required to keep programmatic API access working while SAML is enforced? We are not seeing any documentation that suggests OAuth clients need to be re-registered or linked to a SAML identity provider. We are using the official Terraform provider version 1.50.0. We have also tried using the Python SDK directly to isolate the issue, but the result is identical. The error persists regardless of the client used.
We need to restore our deployment pipeline. Any insights on how to configure the OAuth client to work alongside enforced SAML would be appreciated. We are currently blocked on all infrastructure updates.