Trying to understand why our SAML integration is dropping group memberships during the Zendesk to Genesys Cloud migration. We have mapped Zendesk Agent Groups to specific Genesys Cloud Organization Roles via the SAML assertion attributes.
When a user logs in, the authentication succeeds, but the role assignment fails silently. The Genesys Cloud admin console shows the user with the default ‘Agent’ role instead of the mapped ‘Tier 2 Support’ role. Checking the /api/v2/users/{userId} endpoint confirms the roles array is empty for the custom roles.
We are using the default Genesys Cloud SAML metadata and have verified the attribute name is ‘Role’ with the value ‘Tier 2 Support’. The Zendesk side is exporting these groups correctly. Is there a specific casing requirement or a delay in role propagation that we are missing? We need this mapping to work before we can decommission the Zendesk group permissions.
Any insights on debugging SAML role mapping failures would be appreciated.