The current Openpath Jira and Confluence instances will be migrated to the MSI On-Premise solution from August 9th-11th, the current platform will be set to read-only and all future usage will be in the Avigilon Instance. Please ensure access to MSI Jira & MSI Confluence, both are accessible through OKTA. For additional information and details please refer to the Atlassian migration page
How to sync users with OneLogin and set up Single Sign-On?
You can integrate OneLogin with Avigilon Alta to import and sync users automatically.
Note: To enable this integration, you must have administrative privileges in your OneLogin account.
Note: OneLogin SSO is currently not supported in our EU orgs.
When an Identity Provider (IDP) creates unique IDs for users, deleting and recreating a user in the IDP results in a new unique ID for that user. If you add the recreated user back into Avigilon Alta, the system will recognize them as a new user due to the new ID, even though the email address is the same. This can cause confusion, as it becomes unclear which version of the user is correct.
To set up the integration:
Go to https://control.openpath.com/login and log in.
Under App Marketplace > Get Apps, click on the OneLogin app, then click Get App.
Under App Marketplace > My Apps, click OneLogin.
Enter the Subdomain for your OneLogin account—it should look something like yourcompanyname.onelogin.com with yourcompanyname being the subdomain.
Click Get API credentials to go to OneLogin, then click New Credential.
Enter a name for the credential, select Read Users, then click Save.
A. Refer to Working with API Credentials in OneLogin.Copy and paste the Client ID and Client Secret to Avigilon Alta Open, then click Save.
After saving, you can enable the following settings:
A. Auto-sync every 1 hour/15 minutes - this will sync Avigilon Alta Open with OneLogin once every hour or once every 15 minutes depending on which user management package you're using (see Administration > Account for package details).
B. Auto-create mobile credential - this will create a mobile credential for every user.
C. Auto-create cloud key credential - this will create a cloud key credential for every user.
D. Enable Single Sign-On (SSO) for users with portal access – this will let users log into Avigilon Alta Access with their OneLogin credentials.
1. Copy and paste your SSO Client ID here, which you can find by connecting an OIDC enabled app in OneLogin.
E. Only import users from groups that have an Avigilon Alta Open group mapping - if this is enabled, no users will be imported from OneLogin if they are not assigned to an Avigilon Alta Open group.
F. Auto-remove users from groups - this will remove users from Avigilon Alta Open groups if they no longer exist in OneLogin groups.
G. Mobile Phone - OneLogin has a phone
field to sync the mobile phone of users. You must use the E.164 format and it is recommended it is an actual mobile phone number and not a landline.
9. (After saving API credentials) To map a specific group from OneLogin to Avigilon Alta Open (required if you enabled Only import users from groups that have an Avigilon Alta Open group mapping), click +Create Group Mapping.
A. Select the group from OneLogin.
B. Select the group from Avigilon Alta.
C. Click + Create Group Mapping.
10. Repeat step 9 until all groups that need to be mapped have been created.
After saving, you now have the option to Manually Sync. You can perform this action at any time by clicking the Synchronize button on the OneLogin settings page.
Additional resources