Authorized Organizations (Pairing)
What Are Authorized Organizations?
Common use cases:
- A support vendor or MSP managing a customer's org
- A Genesys partner administering a client environment
- A parent company accessing a subsidiary org
- Genesys Product Support pairing with your org to troubleshoot
💡 Telecom analogy: Think of this like a Federated Trust between two PBX systems — a technician from System A uses their own credentials to manage System B without needing a local extension or station created for them in System B.
Hard Constraints (Exam Critical)
| Constraint | Detail |
|---|---|
| Same AWS region required | Pairing is only possible between orgs in the same AWS region — cross-region pairing is not supported |
| Max 25 users | A maximum of 25 users from the requesting org can be authorized to access the target org |
| No license consumption | Authorized users do not consume a license seat in the target org — they are billed to their home org |
| Admin tasks only | Authorized users cannot receive ACD interactions (calls, chats, emails), use internal chat, or access the agent dashboard |
| Division access | Authorized users are automatically granted access to all divisions assigned to the roles they receive in the target org |
How Pairing Works — Two Sides
Pairing involves two org administrators: one who requests access and one who grants it.
Side 1: Creating a Pairing Request (Requesting Org)
The org that wants access initiates the request:
- Admin → People & Permissions → Authorized Organizations
- Click Create Pair
- In the selection box, type and select the users or groups from your org who need access
- Click Create Pairing Link
- Click the copy icon to copy the unique URL
- Manually send the link to an administrator of the target org (via email, chat, etc. — Genesys does not send it automatically)
⚠️ The pairing link must be sent out-of-band. Genesys does not email it to the target org.
Side 2: Accepting a Pairing Request (Target Org)
The org being accessed approves and assigns permissions:
- Open the pairing link received from the requesting org
- Review the prompt and click Yes, I authorize access
- You are taken to the paired organization management page
- Click on the users or groups included in the request
- Assign the specific roles they need (e.g., Admin, Architect, Telephony Admin)
- Click Save
⚠️ Until roles are assigned, authorized users have zero permissions in the target org. Accepting the pairing alone grants no access.
Role Assignment in the Target Org
Roles assigned to authorized users work the same as regular role assignments with one important note:
- The roles assigned determine what the authorized user can do in the target org
- Division access is automatically scoped to all divisions attached to those roles
- Roles should follow least-privilege — only assign what the partner/vendor actually needs
Common role assignments for external access:
| Scenario | Suggested Roles |
|---|---|
| Genesys support troubleshooting | Admin (temporary, revoke after session) |
| Partner building Architect flows | Architect access, flow designer permissions |
| Vendor monitoring dashboards | Read-only supervisor / analytics roles |
| MSP full management | Admin or Master Admin (use with caution) |
Managing the Pairing
Revoking Access
- Go to Admin → People & Permissions → Authorized Organizations
- Delete the pairing
- This immediately terminates all active sessions for the authorized users in your org
Cloned Users
Pairing vs. Regular User Creation
| Factor | Authorized Org (Pairing) | Creating a User in Target Org |
|---|---|---|
| License in target org | Not consumed | Consumed |
| Identity / credentials | Home org credentials | Target org credentials (separate account) |
| ACD interactions | Not allowed | Allowed (if role permits) |
| Internal chat | Not available | Available |
| Max users | 25 | No pairing limit |
| Region requirement | Must match | No restriction |
| Best for | Temporary admin / vendor access | Permanent staff |
Permissions Required
| Action | Permission |
|---|---|
| Create pairing request | People & Permissions admin access |
| Accept pairing request | Admin in the target org |
| Assign roles to authorized users | Authorization > Grant > Add in the target org |
| Delete/revoke pairing | Admin in the target org |
See Also
- Roles & Permissions — role assignment principles that apply to authorized users
- Divisions & Access Control — how division scoping affects authorized user access
- Organization Settings → Security & Compliance — IP allowlists and auth controls that also apply to authorized users