Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can integrate Microsoft Azure Active Directory with Openpath Avigilon Alta to import and sync users automatically.

Info

Note: To enable this integration, you must have the Application Administrator role on the Microsoft Azure side.

When an Identity Provider (IDP) creates unique IDs for users, deleting and recreating a user in the IDP results in a new unique ID for that user. If you add the recreated user back into Avigilon Alta, the system will recognize them as a new user due to the new ID, even though the email address is the same. This can cause confusion, as it becomes unclear which version of the user is correct.

We offer two types of authentication with Microsoft Azure, OAuth2 and OAuth Client (Service Principal)

To set up the integration:

...

Go

...

to

...

https://control.openpath.com/login

...

and

...

log

...

in.

...

To

...

access

...

the

...

European Alta Access, please go to https://control.eu.openpath.com/login

...

.

...

  1. Under App Marketplace > Get Apps, select Microsoft Azure AD (Or ‘Essential User Management’ if you are on the legacy billing plan), then click Get App.

  2. Under App Marketplace > My Apps, and click Microsoft Azure AD.

  3. Microsoft will prompt you to sign in. Sign in with your Azure AD account credentials and allow Avigilon Alta to access your users and groups.

Info

Note: Avigilon Alta can only read data from your Azure account; it cannot write data or make any changes within Azure. The token Avigilon Alta uses only has read permissions for users, groups, and directory data in Azure.

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/images/kustomer-articles/azure-ad-permissions.png

...

width350
frameborderhide
titleazure permissions
alignmiddle
height518
longdescAzure permissions

Anchor
oauth2
oauth2
Setting up OAuth2

5. After signing in, you’ll be directed back to Avigilon Alta where you can enable the following settings:

A. Auto-sync every 1 hour/15 minutes – this will sync Avigilon Alta with Azure AD once every hour or once every 15 minutes. depending on which user management package you're using (see Administration > Account for package details).

B. Auto-create mobile credential - this will create a mobile credential for every user.

C. Auto-create cloud key credential - this will create a cloud key credential for every user.

D. Enable Single Sign-On (SSO) for users with portal access - this will let users log into Alta Access with their Azure credentials.

E. Only import users from groups that have an Avigilon Alta group mapping - if this is enabled, no users will be imported from Azure if they are not assigned to an Avigilon Alta group.

F. Auto-remove users from groups - this will remove users from Avigilon Alta groups if they no longer exist in Azure groups.

G. Mobile Phone - Azure AD has a specific mobilePhone field to sync the mobile phone of users. You must use the E.164 format and it is recommended it is an actual mobile phone number and not a landline.

Info

Note: E.164 numbers are formatted [+][country code][subscriber number including area code] with a maximum of fifteen digits.

6. To map a specific group from Azure to Avigilon Alta (required if you enabled Only import users from groups that have an Avigilon Alta group mapping), click +Create Group Mapping.

A. Select the group from Azure.

B. Select the group from Avigilon Alta.

C. Click +Create Group Mapping

7. Repeat step 6 until all groups that need to be mapped have been created.

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/images/kustomer-articles/create-group-mapping.png

...

width700
frameborderhide
titleCreate Group Mapping
alignmiddle
height234
longdescCreate Group Mapping

After saving, you now have the option to Manually Sync. You can perform this action at any time by clicking the Synchronize button on the Azure AD settings page.

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/images/kustomer-articles/azure-resync.png

...

width500
frameborderhide
titleazure resync
alignmiddle
height247
longdescAzure Resync

Additional resources

Learn more about Openpath Avigilon Alta integrations

Learn more about the Active Directory integration