Implementing Multi-Brand Digital Routing for Global Conglomerates using Org-Level Divisions

How-To-Articles
1

Implementing Multi-Brand Digital Routing for Global Conglomerates using Org-Level Divisions

What This Guide Covers

You are configuring Genesys Cloud to handle digital interactions (chat, email, messaging) for multiple distinct brands within a single organizational tenant, using the Divisions framework to enforce data isolation, routing segmentation, and agent access control. When complete, Brand A agents cannot see Brand B queues, conversations, or customer data - but a shared supervisor pool can monitor across all brands, and your routing architects can build Architect flows that branch on the digital channel’s origin.

Prerequisites, Roles & Licensing

  • Licensing: Genesys Cloud CX 2 Digital or CX 3 (Digital channels, Architect Web Messaging flows)
  • Permissions required (Admin performing setup):
    • Authorization > Division > Add
    • Authorization > Division > View
    • Routing > Queue > Add
    • Routing > Queue > Edit
    • Messaging > Deployment > Add
    • Webchat > Deployment > Add (legacy chat only)
    • Architect > Flow > Add
  • Agent role scoping: Agents must be assigned roles whose Division scope matches only their brand’s division. The Home Division is a trap - see Step 2.
  • External dependencies: Each brand’s website/app team (to implement the web messaging snippet), an identity provider if SSO is per-brand

The Implementation Deep-Dive

1. Creating Brand Divisions and Understanding the Data Isolation Model

Divisions in Genesys Cloud are not just organizational labels. They are the enforcement boundary for every object in the platform. A queue, a flow, a wrap-up code, a user - each belongs to exactly one division. When a role is granted with a division-scoped permission, the bearer of that role can only see objects in that division.

For a two-brand deployment (Brand A and Brand B):

  1. Navigate to Admin > People & Permissions > Divisions.
  2. Create Division: Brand-A and Division: Brand-B.
  3. Note the divisionId for each - you will need these for API-driven assignments.

The architecture that follows assumes all brand-specific objects (queues, flows, messaging deployments, wrap-up codes) are created within their respective division. Objects that cross brands - shared supervisor views, reporting dashboards - live in the Home Division.

The Trap - the Home Division is not a fallback bucket: Many architects assign brand-specific queues to the Home Division because that’s the default and it’s easier. This collapses the isolation boundary entirely. Every agent in the org with a role that grants Routing > Queue > View on Home Division will see all queues. Create brand queues in brand divisions from day one. Retroactively migrating objects between divisions is not supported via the UI; it requires the Division API and a careful object-by-object reassignment operation.

API-driven division assignment for a queue:

POST /api/v2/routing/queues
Authorization: Bearer {access_token}
Content-Type: application/json

{
  "name": "Brand-A Customer Support",
  "division": {
    "id": "div-uuid-brand-a"
  },
  "mediaSettings": {
    "chat": { "alertingTimeoutSeconds": 30, "serviceLevel": { "percentage": 0.80, "durationMs": 20000 } },
    "email": { "alertingTimeoutSeconds": 300, "serviceLevel": { "percentage": 0.80, "durationMs": 86400000 } }
  }
}

2. Designing Brand-Scoped Agent Roles

The role framework for multi-brand isolation requires one role per brand. Do not use a single shared role with a broad division scope - this destroys the isolation.

Recommended role structure:

Role Name Division Scope Key Permissions
Brand-A Agent Brand-A Division Routing > Queue > Join, Conversation > Communication > View scoped to Brand-A
Brand-B Agent Brand-B Division Same, scoped to Brand-B
Brand-A Supervisor Brand-A Division Adds Analytics > Conversation Detail > View, Quality > Calibration > View
Global Supervisor All Divisions Full monitoring permissions, no queue management
Platform Admin Home Division Full admin rights

Create each role under Admin > People & Permissions > Roles. When assigning permissions, use the Division Selector on each permission grant - this is where most multi-brand implementations are misconfigured.

The Trap - role inheritance doesn’t inherit division scope: If you create a Brand-A Supervisor role by duplicating the Brand-A Agent role and adding supervisor permissions, the division scope for the new permissions defaults to Home Division, not Brand-A Division. You must explicitly set the division on every individual permission grant in the cloned role. Validate with: GET /api/v2/authorization/roles/{roleId} and inspect the permissionPolicies[].divisionId array for every entry.

3. Configuring Per-Brand Web Messaging Deployments

Each brand requires its own Messenger Configuration and Messenger Deployment. The deployment generates the JavaScript snippet that goes on the brand’s website. The deployment is the routing hook - it determines which Architect Inbound Message flow handles interactions from that brand’s digital channels.

Step 1: Create a Messenger Configuration per brand

Navigate to Admin > Message > Messenger Configurations. Create Config-Brand-A and Config-Brand-B. Key settings:

  • Appearance: Brand-specific logos, colors, launcher text (this is the visual identity layer)
  • Languages: Specify supported languages per brand (critical for global conglomerates)
  • File Attachment: Enable or disable per brand’s DPA requirements

Step 2: Create Messenger Deployments and link to a flow

POST /api/v2/webdeployments/deployments
Authorization: Bearer {access_token}
Content-Type: application/json

{
  "name": "Brand-A Web Deployment",
  "description": "Production web chat for Brand-A digital properties",
  "allowedDomains": ["support.brand-a.com", "www.brand-a.com"],
  "configuration": {
    "id": "config-uuid-brand-a",
    "version": "1"
  },
  "flow": {
    "id": "flow-uuid-brand-a-inbound-message"
  }
}

The allowedDomains array is a security control - the Messenger widget will refuse to initialize on domains not in this list. For global brands with regional TLDs (brand-a.co.jp, brand-a.com.au), add every domain explicitly. Wildcard subdomains are supported: *.brand-a.com.

The Trap - sharing a single deployment across brands: Some teams create one deployment with a generic flow and attempt to determine the brand at flow runtime by inspecting URL referrer via JavaScript injection. This is fragile and bypasses the division isolation entirely - the conversation object created in Genesys Cloud won’t carry a division-scoped origin, meaning it will land in Home Division. Each brand must have its own deployment for conversations to be correctly division-attributed.

4. Building the Architect Flow Routing Logic

Each brand has its own Inbound Message flow. Within that flow, you route to brand-scoped queues. The simplest structure:

[Start]
  |
  v
[Set Language from Customer Attribute]
  |
  v
[Decision: What issue type?]
  |--- "billing" --> [Transfer to Queue: Brand-A Billing Support]
  |--- "technical" --> [Transfer to Queue: Brand-A Tech Support]
  |--- default --> [Transfer to Queue: Brand-A General Support]

Injecting brand context as a conversation attribute:

At flow start, use a Set Participant Data action to stamp the brand identifier:

Action: Set Participant Data
Attribute Name: brand
Attribute Value: "Brand-A"

Action: Set Participant Data
Attribute Name: brandRegion
Attribute Value: Flow.CustomerData.region  (if passed from the web widget)

These attributes persist on the conversation object and are available in analytics, QM evaluations, and downstream CRM integrations. They are also the correct way to filter Interaction Detail reports by brand without relying on queue name parsing.

Passing custom attributes from the web widget to the flow:

// On Brand-A's website
Genesys("command", "Database.set", {
  messaging: {
    customAttributes: {
      brand: "Brand-A",
      accountTier: "enterprise",
      region: "JP"
    }
  }
});

These custom attributes arrive in the Architect flow as Flow.CustomerData.<attributeName> and can drive routing decisions without requiring the agent to ask the customer to identify themselves.

5. Email Channel Isolation

For email, each brand requires its own Inbound Email Domain and Email Route. Genesys Cloud allows multiple custom email domains (e.g., support@brand-a.com, help@brand-b.com).

Navigate to Admin > Routing > Email Domains. Each domain routes through its own Architect Inbound Email flow. The same division-scoping rules apply: the email route object belongs to the brand’s division.

The Trap - shared reply domain for multiple brands: Some implementations use a single noreply@platform-tenant.com reply domain for all brands to simplify email certificate management. Customers replying to this address appear in Brand-A’s queue even if the original ticket was Brand-B, because email routing is domain-based. If a shared reply domain is required for operational reasons, use a conversation attribute (To: header parsing via a Data Action at flow start) to re-route to the correct brand queue, and document the limitation in your design spec.

Validation, Edge Cases & Troubleshooting

Edge Case 1: Supervisors Needing Cross-Brand Visibility

A global operations manager needs to monitor queue metrics across Brand-A and Brand-B simultaneously. The solution is a role with permissions scoped to multiple divisions, not to Home Division. Assign this user both Brand-A Supervisor and Brand-B Supervisor roles, or create a dedicated Global Operations role with division scope explicitly set to [Brand-A Division, Brand-B Division]. The Performance Supervisor views in Genesys Cloud will then show queues from both divisions. Do not escalate their scope to Home Division unless they also need to manage platform-wide objects - that grants access to all current and future divisions, including any added for future brand acquisitions.

Edge Case 2: Brand Acquisitions Mid-Deployment

When the conglomerate acquires a new brand (Brand-C), create the division and all associated objects before the brand’s digital channels go live. Retroactively isolating an existing brand that was running on Home Division is disruptive - it requires re-assigning queues, re-configuring agent roles, and rebuilding flows. The division architecture is far easier to extend prospectively than to retrofit.

Edge Case 3: CSAT Surveys Surfacing Wrong Brand Identity

If you use the built-in Genesys Cloud digital survey feature, the survey invitation email originates from the tenant-level sender domain, not the brand domain. A Brand-B customer completing a survey after a Brand-A interaction will see the wrong sender. Mitigate with a post-conversation webhook that triggers a brand-specific survey via a third-party survey tool (SurveyMonkey, Qualtrics), passing the brand attribute as a parameter to pre-populate the survey template.

Edge Case 4: Reporting Across Divisions

Genesys Cloud Analytics API calls respect the calling token’s division scope. A reporting integration using a service account with Home Division scope will return conversations from all divisions - useful for consolidated reporting, but requires careful data governance. Consider separate reporting service accounts per brand if contractual data isolation (e.g., JV partners) prohibits cross-brand data sharing at the API level.

Official References