Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#FF8F73

This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.

When an Identity Provider (IDP) creates unique IDs for users, deleting and recreating a user in the IDP results in a new unique ID for that user. If you add the recreated user back into Avigilon Alta, the system will recognize them as a new user due to the new ID, even though the email address is the same. This can cause confusion, as it becomes unclear which version of the user is correct.

Contents

...

Anchor
supported
supported
Supported Features

The Okta/Avigilon Alta Security SAML integration currently supports the following features:

...

For more information on the listed features, visit the Okta Glossary.

...

Anchor
configuration
configuration
Configuration Steps

On Okta:

1. Go to your Okta instance and install the Avigilon Alta app.

  • Search for the Avigilon Alta app here:

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/Openpath/images/kustomer-articles/okta_search.png
width700
frameborderhide
titleOkta app search
alignmiddle
height45
longdescSearch Okta for Avigilon Alta app

2. Set up your Region Base URL:

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/Openpath/images/kustomer-articles/okta_get_to_region.png
width700
frameborderhide
titleokta region
alignmiddle
height261
longdescOkta Region

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/Openpath/images/kustomer-articles/okta_region_base.png
width700
titleOkta set region base
alignmiddle
height224

  • The US region is https;//api.openpath.com

  • The EU region is https://api.eu.openpath.com

3. Create an API token in Okta:

  • In Okta, navigate to Security > API.

  • Click Create Token, name the token Openpath Security, then click Create Token.

Iframe
allowfullscreentrue
srchttps://info.openpath.

...

com/hubfs/Openpath/images/kustomer-articles/okta-create-token.png
width700
frameborderhide
titleokta-create-token
alignmiddle
height519
longdescOkta_create_token

  • Save the token value for later.

Important: This is the only time that you will able to view it.

<INSERT IMAGE FROM OKTA>

2

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/Openpath/images/kustomer-articles/okta-view-token.png
width700
frameborderhide
titleOkta-view-token
alignmiddle
height455
longdescOkta_view_token

4. Log in to the Avigilon Alta Control CenterAccess system.

35. Navigate to App Marketplace> My apps, Click on Okta:

<INSERT IMAGE FROM CONTROL CENTER>

4Marketplace, click ‘Get apps’, and select Okta:

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/Openpath/images/kustomer-articles/okta-get-apps.png
width700
frameborderhide
titleOkta-get-apps
alignmiddle
height359
longdescOkta_get_apps

6. Now, from App Marketplace, click ‘My apps’, and select Okta:

7. Enter the following:

  • API URL: Copy and paste the following:

    • Sign in to the Okta Admin

...

    • Dashboard to

...

    • generate this variable

...

    • .

    • Copy and paste the API URL provided.

  • API Key:

    • Enter

    your
    • the API Token you

    made a copy of
    • saved in step

    1
    • 3.

  • Check Enable Single Sign-On (SSO):

    • Check the option to enable SSO for users with portal access.

  • Namespace:

    • Make a copy of

    this
    • the Namespace value provided.

  • Allow IDP-Initiated SSO:

    • Turn on

    Allow
    • the option to allow IDP-Initiated SSO.

  • SAML SSO URL: Copy and paste the following:

    • Sign

...

    • in to the Okta Admin Dashboard to generate this variable.

    SAML Issuer:
    • Copy and paste the

    following
    • SAML SSO URL provided.

  • SAML Issuer:

    • Sign

...

    • in to the Okta Admin Dashboard to generate this variable.

...

    SAML Certificate:
    • Copy and paste the

    following
    • SAML Issuer provided.

  • SAML Certificate:

    • Sign

...

    • in to the Okta Admin Dashboard to generate this variable.

    • Copy and paste the SAML Certificate provided.

  • Click Save:

<INSERT UPDATED IMAGE FROM aVIGILON ALTA CONTROL CENTER>

...

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/Openpath/images/kustomer-articles/okta-fields.png
width701
frameborderhide
titleOkta Fields
alignmiddle
height367
longdescOkta_Fields

8. Go back to the Okta integration.

  • Auto-remove users Users from groups: This will Groups:

    • Enabling this feature will automatically remove users from

    Openpath
    • Avigilon Alta groups if they no longer exist in the corresponding Okta groups.

  • Import Users Only import users from groups that have an Openpath group mapping: from Mapped Groups:

    • When enabled, this feature

    prevents users from being imported from the identity provider if they do not
    • ensures that only users who belong to at least one identity provider group

    that is
    • mapped to an

    Openpath
    • Avigilon Alta group will be imported. This is

    typically the desired behavior
    • useful when the identity provider contains

    large numbers of
    • many users

    (
    • or non-person system accounts

    ) that will never need
    • that do not require access to

    Openpath
    • Avigilon Alta-managed resources.

  • Map Okta groups to Openpath Avigilon Alta groups.

  • Click Save:

<INSERT IMAGE FROM AVIGILON ALTA CONTROL CENTER>

6. Click Sync:

<INSERT IMAGE FROM AVIGILON ALTA OKTA TILE>

...

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/images/kustomer-articles/create-group-mapping.png
width700
frameborderhide
titleOkta Create Group Mapping
alignmiddle
height234
longdescOkta Create Group Mapping

9. Click Sync:

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/images/kustomer-articles/okta-resync.png
width500
frameborderhide
titleOkta Sync
alignmiddle
height202
longdescOkta Sync

10. Navigate to Users > Users and check that the users were imported from Okta into OpenpathAvigilon Alta.

811. Done!

...

Anchor
notes
notes
Notes

The following SAML attributes are supported:

Name

Value

firstName

user.firstName

lastName

user.lastName

email

user.email

login

user.login

id

user.id

SP-initiated SSO

1. Go to: https://control.openpath.com/login/sso

2. Enter your email then click Sign In:<INSERT UPDATED AVIGILON ALTA LOGIN IMAGE WITH SSO>

Iframe
allowfullscreentrue
srchttps://info.openpath.com/hubfs/Openpath/images/kustomer-articles/okta_sso.png
width700
framebordershow
titleOkta SSO
alignmiddle
height676
longdescOkta SSO
Info

Note: Avigilon Alta only prompts for a Namespace (you made a copy of in step 4 7 above) if the namespace is required to disambiguate between multiple IDP-synced records on the Avigilon Alta side that have the identical email address.

Related Pages:

...

<INSERT AVIGILON ALTA LOGIN SHOWING NAMESPACE>

How do I log into the Avigilon Alta Open app with Okta SSO?

How do I sync users with Okta?

How do I enable Single Sign-On for Okta?