Versions Compared

Version Old Version 35 New Version Current
Changes made by

Chad Fay

Chad Fay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

When an Identity Provider (IDP) creates unique IDs for users, deleting and recreating a user in the IDP results in a new unique ID for that user. If you add the recreated user back into Avigilon Alta, the system will recognize them as a new user due to the new ID, even though the email address is the same. This can cause confusionconfuse, as it becomes unclear which version of the user is correct.

...

Info

Note:
If a user is manually inactivated in the Alta Access system, they will no longer sync through Okta.
The push now feature in Okta is not currently supportedremain inactive regardless of Identity Provider updates until manually reactivated from within the Alta Access system.

Avigilon Alta currently does not support the following Okta provisioning features but may do so in the future:

  • Sync Password

  • Groups > Push Now

  • Remove Users *

  • Import Users/Groups

* Note: Users are not removed from the Avigilon Alta application; they are only deactivated.

Info

Note: If you are using Groups in Okta to manage your users please read this doc as Okta prescribes a certain way to handle this scenario.

Prerequisites

To use this application, your account must meet the following requirements:

  • Have these Avigilon Alta licenses:

    • Premium or Enterprise

    • Okta Advanced

  • Admin access to your Okta organization is required to configure SCIM.

Supported features

The SCIM service supports the following capabilities:

  • Create Users: Users assigned to the Avigilon Alta application in Okta are eligible for synchronization with Avigilon Alta.

  • Update User Attributes: Changes made to user attributes in Okta are propagated to the Avigilon Alta application.

  • Group Push: Groups and their members in Okta can be pushed directly to the Avigilon Alta application.

Okta Advanced app set up and configure

  1. Go to Sign in to your account:

    and sign in. To access

    • for the standard Alta Access portal.

    • For the European Alta Access portal,

    go to

  2. Go Navigate to App marketplace Marketplace > Get appsApps.

  3. Click the Okta Advanced tile.

  4. Click the

    Select + Get

    app

    App Organization

    button

    .

  5. Go to App marketplace Marketplace > My appsApps.

  6. Click the pencil icon to edit the Okta Advanced app.

  7. In Under Sync typeType, select SCIM.

  8. Click the Generate auth token button and Generate Auth Token, copy the token. Click , and click Done.

    • Note: You will

    need

    • use this token

    for the

    • during SCIM setup

    of SCIM

    • in Okta

    in step 6

    • (Step 9).

  9. Set up SCIM in your Okta portal.

  10. After setting up SCIM in Okta, manually :

    • Manually trigger the first sync in the Okta portal

    and then refresh

    • .

    • Refresh the Access Groups or Roles page in Alta Access.

  11. Enable any of the following settings , as needed:

    • Auto-create mobile credential

    - Creates

    • : Automatically creates a mobile credential for every user.

    • Auto-create cloud key credential

    - Creates

    • : Automatically create a cloud key credential for every user.

    • Sync mobile phone numbers

    -

    • : Syncs

    the mobile phone number for every user. Phone numbers must
    use

    • user phone numbers in E.164 format

    with a

    • (maximum

    of

    • 15 digits

    :

    • , e.g., +[country code][subscriber number


    including area code

    • ]).

    • Enable single sign-on (SSO) for

    users with

    • portal access

    -

    • : Allows Okta super

    admin users

    • admins to log in to

    the

    • Avigilon Alta Access

    with their

    • using Okta credentials.

    • Enable single sign-on (SSO) for mobile app

    - Allows

    • : Enables users to log in to the Openpath app using Okta


    • credentials.

  12. If you have not haven’t created any Avigilon Alta access groups yet, please first create them in go to Users > Access groupsGroups and create them.

  13. Use the Create access group mapping Access Group Mapping button to map your Okta groups to your Avigilon Alta Access groups.

Iframe
srchttps://info.openpath.com/hubfs/Openpath/images/kustomer-articles/group_mapping.png
width276
frameborderhide
titlecreate access group mapping
alignmiddle
height56
longdesccreate access group mapping

  1. SCIM advanced mapping (optional)

Info

Tip: Consider using the http://control.openpath.com/loginSSO or http://control.eu.openpath.com/loginSSO setup page to prevent users from trying a standard login.

...

Follow these steps to set up the SCIM integration

...

In the left-hand menu, select Applications and then click Applications item.

...

Click Create App Integration, choose SAML 2.0, then click Next to complete the SAML setup workflow.

...

Go to the General tab, then select SCIM under Provisioning.

...

:

  1. Go to Okta > Applications

  2. Browse App Catalog

  3. Search for and select Avigilon Alta

  4. Add integration

  5. Navigate to the Provisioning tab

  6. Select Configure API Integration

  7. Enable the checkbox labeled Enable API integration

  8. Enter the following SCIM Connection settings:

    • SCIM connector base URL: Enter

    the base URL for your organization (e.g., yourcompanyname).Configure the fields for the Unique identifier for users, Import New Users and Profile Updates, Push New Users and Profile Updates, and HTTP Header for Authentication Mode.

  9. In the Authorization section, paste the token from Alta Access.

  10. Checkbox Import Groups must be unchecked as it is not supported.

  11. Test the connection configuration and click Save.

  12. Switch back Return to your Okta Advanced app , continuing at and continue from step #7 above.

SCIM advanced mapping

...

Use the JSON editor to create rules for HTTPS requests that map users from the identity provider to a role or a specific group or all groups in Alta Access.

Iframe
srchttps://info.openpath.com/hubfs/Openpath/images/kustomer-articles/advanced_mapping.png
width650
frameborderhide
titleSCIM advanced mapping
alignmiddle
height177
longdescSCIM advanced mapping

...