Hey everyone, I’ve run into a really strange issue with SSO MFA enforcement. Migrating from Zendesk, where SAML was enough, to Genesys Cloud. The API returns 401 Unauthorized when trying to fetch user profiles via the Admin API. Genesys Docs says MFA is optional, but our Azure AD flow seems to block it. Is there a specific config flag in Architect or Admin to bypass this for service accounts? The error logs are vague.
Make sure you configure authType as oauth2 in your ServiceNow HTTP request. SSO users lack the refreshToken scope required for Admin API calls. Create a dedicated OAuth service account in Genesys Cloud and use grant_type=client_credentials. This bypasses MFA checks entirely, unlike SAML assertions which enforce interactive login policies.