Quick question about the specific OAuth scopes required when mapping Zendesk user roles to Genesys Cloud security profiles during a migration project.
We are currently migrating a mid-sized support team from Zendesk to Genesys Cloud, and the integration script is failing at the authentication stage with a 403 Forbidden error.
The error log explicitly states: Missing required scope: admin:security:profiles:write.
In Zendesk, we simply assigned the ‘Agent’ role, which handled most permissions implicitly, but Genesys Cloud seems much stricter about granular security profiles.
I have verified that the service account used for the migration has the admin:api:keys:read scope, but the write permission for security profiles is still causing issues.
Is there a known workaround for beginners who do not have full admin rights to modify global security settings?
We are using the Genesys Cloud Python SDK version 10.5.0, and the migration script is running in a European data center (Frankfurt).
Any advice on how to map Zendesk’s simpler role structure to Genesys Cloud’s more complex permission set without breaking the deployment?