Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization. |
When an Identity Provider (IDP) creates unique IDs for users, deleting and recreating a user in the IDP results in a new unique ID for that user. If you add the recreated user back into Avigilon Alta, the system will recognize them as a new user due to the new ID, even though the email address is the same. This can cause confusion, as it becomes unclear which version of the user is correct.
Contents
...
Anchor | ||||
---|---|---|---|---|
|
The Okta/Avigilon Alta Security SAML integration currently supports the following features:
...
For more information on the listed features, visit the Okta Glossary.
...
Anchor | ||||
---|---|---|---|---|
|
On Okta:
1. Go to your Okta instance and install the Avigilon Alta app.
...
4. Log in to the Avigilon Alta Control CenterAccess system.
5. Navigate to App Marketplace> Get apps, click on Marketplace, click ‘Get apps’, and select Okta:
Iframe | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
6. Navigate to Now, from App Marketplace > , click ‘My appsapps’, click on and select Okta:
7. Enter the following:
API URL: Copy and paste the following:
Sign in to the Okta Admin
...
Dashboard to
...
generate this variable
...
.
Copy and paste the API URL provided.
API Key:
Enter the API Token you
saved in step
3.
Check Enable Single Sign-On (SSO):
Check the option to enable SSO for users with portal access.
Namespace:
Make a copy of
the Namespace value provided.
Allow IDP-Initiated SSO:
Turn on
the option to allow IDP-Initiated SSO.
SAML SSO URL: Copy and paste the following:
Sign
...
in to the Okta Admin Dashboard to generate this variable.
Copy and paste the
SAML SSO URL provided.
SAML Issuer:
Sign
...
in to the Okta Admin Dashboard to generate this variable.
...
Copy and paste the
SAML Issuer provided.
SAML Certificate:
Sign
...
in to the Okta Admin Dashboard to generate this variable.
Copy and paste the SAML Certificate provided.
Click Save:
Iframe | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
8. Go back to the Okta integration.
Auto-remove users Users from groups: This will Groups:
Enabling this feature will automatically remove users from
Avigilon Alta groups if they no longer exist in the corresponding Okta groups.
Import Users Only import users from groups with an Openpath group mapping: from Mapped Groups:
When enabled, this feature
ensures that only users who belong to at least one identity provider group mapped to an
Avigilon Alta group will be imported. This is
useful when the identity provider contains
many users
or non-person system accounts
that do not require access to
Avigilon Alta-managed resources.
Map Okta groups to Openpath Avigilon Alta groups.
Click Save:
Iframe | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
10. Navigate to Users > Users and check that the users were imported from Okta into OpenpathAvigilon Alta.
11. Done!
...
Anchor | ||||
---|---|---|---|---|
|
The following SAML attributes are supported:
Name | Value |
---|---|
firstName | user.firstName |
lastName | user.lastName |
user.email | |
login | user.login |
id | user.id |
SP-initiated SSO
1. Go to: https://control.openpath.com/login/sso
...
Info |
---|
Note: Avigilon Alta only prompts for a Namespace (you made a copy of in step 4 7 above) if the namespace is required to disambiguate between multiple IDP-synced records on the Avigilon Alta side that have the identical email address. |
Related Pages:
How do I log into the Openpath Avigilon Alta Open app with OKTA Okta SSO?