Skip to main content

Integrate Kisi with Okta SSO


This is a Kisi-built integration, maintained and supported by Kisi.

As a Kisi organization owner you can set up Okta single sign-on (SSO) for your Kisi users. In addition to your SSO integration, you can:


  • a Kisi organization owner account
  • a valid and activated SSO license

Before setting up the integration, ensure you are logged in as the Kisi organization owner and have a valid, activated SSO license. If these prerequisites are met and the SSO & SCIM option is still not visible on the dashboard, please reach out to Kisi Support for assistance.

Set up the integration in Okta

  1. Sign in to Okta and ensure you are using the classic UI interface (top-left corner)
  2. From the main navigation click on Applications and select Add Application
  3. Open the dropdown menu and look for the Kisi Physical Security app
  4. Click Add
  5. On the following General Settings page, click Done
  6. In the Kisi Physical Security app detail page, click on the Sign On tab
  7. Click Identity Provider metadata and copy the Metadata URL

Set up the integration in Kisi

  1. Sign in to Kisi as the organization owner
  2. Under Settings, click on SSO & SCIM and paste the metadata URL that you saved in the step above
  3. Click Save
  4. Click Generate Certificate

Now that you have generated the encryption certificate, go back to Okta and follow the steps below to complete the configuration.

  1. In the Kisi Physical Security SAML app in Okta, click on the Sign On tab
  2. Under Settings, click Edit
  3. In the Encryption Certificate field, upload the encryption certificate that you have previously downloaded in Kisi
  4. In the Domain field, enter your Kisi domain. (You can find your Kisi organization domain under Settings > General)
  5. Click Save

As a last step, make sure you assign people or groups from Okta to the Kisi application.

  1. Navigate to the Kisi Physical Security SAML app in Okta, look for the Assignments tab, and click on Assign
  2. Choose to Assign to people or Assign to groups

To further control your SSO integration, you can set up SCIM provisioning. This will help you to easily and securely sync identities between your IdP and Kisi.

Flexible authentication: SSO or password

Kisi organizations with Single Sign-On (SSO) enabled can, if needed, also enable authentication with password for users. If enabled, the user will be able to log in with email and password. If the user is in the organizations' IdP directory, an SSO login will also be available.

User removal impact on event logs

If you're utilizing a Single Sign-On (SSO) platform and an employee is removed, upon reviewing the Event history, the logs related to that user will continue displaying the user's name, even though they've been removed from the system.