Does anyone know the correct scope configuration required for a Premium App to authenticate across multiple Genesys Cloud organizations using the client credentials flow?
Our integration is currently failing with a 401 Unauthorized error when attempting to acquire an access token for a secondary tenant. The primary organization authenticates successfully, but requests to the secondary tenant’s authorization server return an invalid grant error. We are using the standard urn:ietf:params:oauth:grant-type:jwt-bearer grant type with a signed JWT assertion.
The AppFoundry registration includes the admin:organization scope, and the OAuth application is linked to both organizations in the Partner Portal. However, the token endpoint consistently rejects the request for the secondary tenant. We have verified that the client ID and secret are correct and that the JWT signature is valid. The issue appears to be related to scope validation or tenant isolation settings within the OAuth provider.
Has anyone successfully implemented cross-tenant authentication for a Premium App? We need to ensure our integration can manage resources across multiple customer environments without requiring manual re-registration for each new tenant.