Quick question about the new SSO integration we rolled out last week for our workforce management self-service portal. We are seeing a strange permission error when agents try to access the shift swap module via the embedded app. The error code is 403 Forbidden with the message Insufficient permissions for resource: wfm:schedule:swap.
Our SAML assertion maps correctly to the Genesys Cloud user account, and the users have the wfm_agent role assigned in the admin console. The issue seems specific to users logging in via the SSO provider rather than standard login. I checked the audit logs and see the user is authenticated successfully, but the role propagation seems to lag or fail for the WFM-specific scopes.
We are on version 24.05 in the US-East region. Is there a known delay in role synchronization for SSO users accessing WFM features? We need this resolved before our weekly schedule publication on Tuesday, or we risk a backlog of manual swap requests. Any insights on forcing a role refresh or checking the SAML attribute mapping for WFM scopes would be appreciated.
Thanks for the help.