Skip to main content

Okta

As a Kisi organization owner you can set up Okta single sign-on (SSO) for your Kisi users. To further control your SSO integration, you can sync it with your Okta directory members and groups with SCIM.

Enable SSO on Okta

Set up the integration in Okta

  1. Sign in to Okta and ensure you are using the classic UI interface (top-left corner)
  2. From the main navigation click on Applications and select Add Application
  3. Open the dropdown menu and look for the Kisi Physical Security app
  4. Click Add
  5. On the following General Settings page, click Done
  6. In the Kisi Physical Security app detail page, click on the Sign On tab
  7. Click Identity Provider metadata and copy the Metadata URL

Set up the integration in Kisi

  1. Sign in to Kisi
  2. Under Organization Setup, click on SSO & SCIM and paste the metadata URL that you saved in the step above
  3. Click Save
  4. Click Generate Certificate

Now that you have generated the encryption certificate, go back to Okta and follow the steps below to complete the configuration.

  1. In the Kisi Physical Security SAML app in Okta, click on the Sign On tab
  2. Under Settings, click Edit
  3. In the Encryption Certificate field, upload the encryption certificate that you have previously downloaded in Kisi
  4. In the Domain field, enter your Kisi domain. (You can find your Kisi organization domain under Organization Setup > Settings)
  5. Click Save

As a last step, make sure you assign people or groups from Okta to the Kisi application.

  1. Navigate to the Kisi Physical Security SAML app in Okta, look for the Assignments tab, and click on Assign
  2. Choose to Assign to people or Assign to groups

Enable SCIM on Okta

Before you start, make sure you have SSO set up for your organization. Then just follow the next steps to generate a SCIM token and add the Kisi Physical Security app in Okta.

Generate your SCIM Token in Kisi

  1. Sign in to Kisi
  2. Under Organization setup click on SSO & SCIM
  3. Enable SCIM and click on Generate Token
  4. Copy the token (shown once)

Set up SCIM with Okta

  1. Sign in to Okta and ensure you are using the classic UI interface (top-left corner)
  2. Click on Admin, select Applications, and select your Kisi Physical Security app from the list
  3. Navigate to the Provisioning tab, and click Configure API Integration
  4. Click on the Enable API Integration checkbox and enter your SCIM token (without the leading Bearer if present)
  5. Click Test API Credentials
  6. Once a success message is displayed above the Enable API Integration checkbox, click Save
  7. Navigate to the Provisioning tab, and under Settings select To App
  8. Click Edit and enable Create Users, Update User Attributes and Deactivate Users
  9. Click Save

As a last step, you need to assign users under Push Groups.

Push Okta Groups to Kisi

  1. In the Kisi Physical Security SAML app in Okta, click on Push Groups
  2. Select Find Groups by name
  3. Search for the Okta group you want to push to Kisi
  4. Under Match result & push action choose to either Create Group or Link Group

For more details on how to configure Okta, please visit SCIM: Provisioning and Deprovisioning Kisi Organization Members with Okta.

Restrict Kisi emails for white label users

If you are a white labeling partner and don't want your users to receive emails from Kisi you can restrict this using a custom attribute. Note that this attribute can only be set when the user is created in Kisi and cannot be updated.

  1. In the Kisi Physical Security SAML app in Okta, click on Provisioning
  2. Click Go to Profile Editor
  3. Click Add Attribute
  4. Select Data type boolean
  5. Fill in the form as follows:
  • Display name: Send Kisi emails (or what makes sense for you)
  • Variable name: sendEmails
  • External name: sendEmails
  • External namespace: urn:ietf:params:scim:schemas:core:2.0:User
  • Scope: Check the box next to User personal
  1. Click Save

Now, when you assign a user to your Kisi Physical Security app in Okta, you can select whether or not they should receive emails. If you always want the same value for all of your users, follow the steps below.

  1. In the Kisi Physical Security SAML app in Okta, click on Provisioning
  2. Scroll down and click on Show Unmapped Attributes if the sendEmails attribute is not already shown in the list.
  3. Click on the pencil icon for the sendEmails attribute.
  4. Select Same value for all users in the Attribute value dropdown.
  5. Select the value you want applied to all users in the second dropdown.
  6. Make sure Apply on is set to Create
  7. Click Save