Content Comparison

...

...

Prerequisites

To use this application, your account must meet the following requirements:

• Have these Avigilon Alta licenses:

  • Premium or Enterprise

  • Okta Advanced

• Admin access to your Okta organization is required to configure SCIM.

Supported features

The SCIM service supports the following capabilities:

• Create Users: Users assigned to the Avigilon Alta application in Okta are eligible for synchronization with Avigilon Alta.

• Update User Attributes: Changes made to user attributes in Okta are propagated to the Avigilon Alta application.

• Group Push: Groups and their members in Okta can be pushed directly to the Avigilon Alta application.

Okta Advanced app set up and configure

1. Sign in to your account:

   • Visit http://control.openpath.com/login for the standard Alta Access portal.

   • For the European Alta Access portal, visit http://control.eu.openpath.com/login.

2. Navigate to App Marketplace > Get Apps.

3. Click the Okta Advanced tile.

4. Select + Get App Organization.

5. Go to App Marketplace > My Apps.

6. Click the pencil icon to edit the Okta Advanced app.

7. Under Sync Type, select SCIM.

8. Click Generate Auth Token, copy the token, and click Done.

   • Note: You will use this token during SCIM setup in Okta (Step 9).

9. Set up SCIM in your Okta portal.

10. After setting up SCIM in Okta:

    • Manually trigger the first sync in the Okta portal.

    • Refresh the Access Groups or Roles page in Alta Access.

11. Enable any of the following settings as needed:

    • Auto-create mobile credential: Automatically creates a mobile credential for every user.

    • Auto-create cloud key credential: Automatically create a cloud key credential for every user.

    • Sync mobile phone numbers: Syncs user phone numbers in E.164 format (maximum 15 digits, e.g., +[country code][subscriber number]).

    • Enable single sign-on (SSO) for portal access: Allows Okta super admins to log in to Avigilon Alta Access using Okta credentials.

    • Enable single sign-on (SSO) for mobile app: Enables users to log in to the Openpath app using Okta credentials.

12. If you haven’t created any Avigilon Alta access groups yet, go to Users > Access Groups and create them.

13. Use the Create Access Group Mapping button to map Okta groups to Avigilon Alta Access groups.

...

Follow these steps to set up the SCIM integration:

1. In the left-hand menu, go to Applications and select Applications.

2. Click Create App Integration, choose SAML 2.0, and click Next to complete the SAML setup workflow.Go to Okta > Applications

3. Browse App Catalog

4. Search for and select Avigilon Alta

5. Add integration

6. Navigate to the General tab and choose SCIM under Provisioning.Switch to the Provisioning tab and click Integration.Provisioning tab

7. Select Configure API Integration

8. Enable the checkbox labeled Enable API integration

9. Enter the following SCIM Connection settings:

   • SCIM connector base URL: Enter your organization's base URL (e.g., <https://yourcompanyname

     • The US region is https://api.openpath.com/scim/v2/okta/{orgId}

     • The EU region is https://api.eu.openpath.com/scim/v2/okta/

     ).>

   • Configure the fields for:

     • Unique identifier for users

     • Import New Users and Profile Updates

     • Push New Users and Profile Updates

     • HTTP Header for Authentication Mode

   • • {orgId}

10. In the Authorization section, paste the token from Alta Access.

11. Checkbox Import Groups must be unchecked as it is not supported.

12. Test the connection configuration and click Save.

13. Return to your Okta Advanced app and continue from step #7 above.

SCIM advanced mapping

...

Use the JSON editor to create rules for HTTPS requests that map users from the identity provider to a role or a specific group or all groups in Alta Access.

...