The current Openpath Jira and Confluence instances will be migrated to the MSI On-Premise solution from August 9th-11th, the current platform will be set to read-only and all future usage will be in the Avigilon Instance. Please ensure access to MSI Jira & MSI Confluence, both are accessible through OKTA. For additional information and details please refer to the Atlassian migration page

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

You can integrate Microsoft Azure Active Directory with Avigilon Alta to import and sync users automatically.

Note: To enable this integration, you must have the Application Administrator role on the Microsoft Azure side.

We offer two types of authentication with Microsoft Azure, OAuth2 and OAuth Client (Service Principal)

To set up the Azure side:

1. Log into your Microsoft Azure account and create your app registration.

2. Set up your Client Secret, and remember to copy and save the Secret ID as you will only see it this one time.

3. Set an expiration date on your secret.

Note: Syncing will break once that expiration date passes and it will be your responsibility to update the secret credential when this happens.

4. Configure your app permissions.

5. Make a note of your Application (client) ID, and your Directory (tenant) ID. You will need these to complete the setup on the Avigilon Alta side.

To set up the Avigilon Alta side:

Note: This assumes you have created an App registration within Azure AD

Go to https://control.openpath.com/login and log in. To access the European Control Center, please go to https://control.eu.openpath.com/login.

  1. Under App Marketplace > Get Apps, select Microsoft Azure AD, then click Get App.

  2. Under App Marketplace > My Apps, and click Microsoft Azure AD.

  3. Microsoft will prompt you to sign in. Sign in with your Azure AD account credentials and allow Avigilon Alta to access your users and groups.

Note: Avigilon Alta can only read data from your Azure account; it cannot write data or make any changes within Azure. The token Avigilon Alta uses only has read permissions for users, groups, and directory data in Azure.

Setting up in the Marketplace Azure app

1. Select the OAuth Client (Service Principal) option.

2. Fill out the required information using the values you set up in the prior steps. You will need your Application (client) ID, Directory (tenant) ID, and Secret ID that we mentioned to create a copy of in the prior section.

3. Now you can enable the following settings:

A. Auto-sync every 1 hour/15 minutes – this will sync Avigilon Alta with Azure AD once every hour or once every 15 minutes. depending on which user management package you're using (see Administration > Account for package details).

B. Auto-create mobile credential – this will create a mobile credential for every user.

C. Auto-create cloud key credential – this will create a cloud key credential for every user.

D. Enable Single Sign-On (SSO) for users with portal access – this will let users log into the Control Center with their Azure credentials.

E. Only import users from groups that have an Avigilon Alta group mapping — if this is enabled, no users will be imported from Azure if they are not assigned to an Avigilon Alta group.

F. Auto-remove users from groups — this will remove users from Avigilon Alta groups if they no longer exist in Azure groups.

4. To map a specific group from Azure to Avigilon Alta (required if you enabled Only import users from groups that have an Avigilon Alta group mapping), click +Create Group Mapping.

A. Select the group from Azure.

B. Select the group from Avigilon Alta.

C. Click +Create Group Mapping

5. Repeat step 6 until all groups that need to be mapped have been created.

  • No labels