Skip to main content

Okta

As a Kisi organization owner you can set up Okta single sign-on (SSO) for your Kisi users. To further control your SSO integration, you can sync it with your Okta directory members and groups with SCIM.

Enable SSO on Okta

Set up the integration in Okta

  1. Sign in to Okta and ensure you are using the classic UI interface (top-left corner)
  2. From the main navigation click on Applications and select Add Application
  3. Open the dropdown menu and look for the Kisi Physical Security app
  4. Click Add
  5. On the following General Settings page, click Done
  6. In the Kisi Physical Security app detail page, click on the Sign On tab
  7. Click Identity Provider metadata and copy the Metadata URL

Set up the integration in Kisi

  1. Sign in to Kisi
  2. Under Organization Setup, click on SSO & SCIM and paste the metadata URL that you saved in the step above
  3. Click Save
  4. Click Generate Certificate

Now that you have generated the encryption certificate, go back to Okta and follow the steps below to complete the configuration.

  1. In the Kisi Physical Security SAML app in Okta, click on the Sign On tab
  2. Under Settings, click Edit
  3. In the Encryption Certificate field, upload the encryption certificate that you have previously downloaded in Kisi
  4. In the Domain field, enter your Kisi domain. (You can find your Kisi organization domain under Organization Setup > Settings)
  5. Click Save

As a last step, make sure you assign people or groups from Okta to the Kisi application.

  1. Navigate to the Kisi Physical Security SAML app in Okta, look for the Assignments tab, and click on Assign
  2. Choose to Assign to people or Assign to groups

Enable SCIM on Okta

Before you start, make sure you have SSO set up for your organization. Then just follow the next steps to generate a SCIM token and add the Kisi Physical Security app in Okta.

Generate your SCIM Token in Kisi

  1. Sign in to Kisi
  2. Under Organization setup click on SSO & SCIM
  3. Enable SCIM and click on Generate Token
  4. Copy the token (shown once)

Set up SCIM with Okta

  1. Sign in to Okta and ensure you are using the classic UI interface (top-left corner)
  2. Click on Admin, select Applications, and select your Kisi Physical Security app from the list
  3. Navigate to the Provisioning tab, and click Configure API Integration
  4. Click on the Enable API Integration checkbox and enter your SCIM token (without the leading Bearer if present)
  5. Click Test API Credentials
  6. Once a success message is displayed above the Enable API Integration checkbox, click Save
  7. Navigate to the Provisioning tab, and under Settings select To App
  8. Click Edit and enable Create Users, Update User Attributes and Deactivate Users
  9. Click Save

As a last step, you need to assign users under Push Groups.

Push Okta Groups to Kisi

  1. In the Kisi Physical Security SAML app in Okta, click on Push Groups
  2. Select Find Groups by name
  3. Search for the Okta group you want to push to Kisi
  4. Under Match result & push action choose to either Create Group or Link Group

For more details on how to configure Okta, please visit SCIM: Provisioning and Deprovisioning Kisi Organization Members with Okta.