Kisi supports SSO (Single Sign-On) with Okta as a way of authentication for your Organization. Below are the steps to our self-service SSO configuration.
Setting up SSO with Okta
To set up SSO, you must be the Kisi Organization Owner. For additional guidance on SSO setup, please refer to our Kisi API documentation.
- Sign in to Okta and ensure you are using the classic UI interface (top-left corner)
- Click on Applications from the main navigation and select Add Application
- Search for the Kisi Physical Security app and select it from the dropdown menu
- Click Add
- On the following General Settings page, click Done
- Click on the Sign On tab for the Kisi Physical Security app, then click Identity Provider metadata and copy the Metadata URL
- Sign in to your Kisi Organization account
- Under Organization Setup, click on SSO & SCIM and paste the Metadata URL
- Click Save
- Under Step 3, click on Generate Certificate
Now that you have generated the encryption certificate, go back to Okta and follow the steps below to complete the configuration.
- In Okta, under the Sign On tab for the Kisi Physical Security SAML app, click Edit
- In Encryption Certificate: Upload the encryption certificate that you have downloaded from the previous steps
- In Domain: Enter your Kisi Domain. Every Organization in Kisi has a domain. It's an alphanumeric string that can also contain "-" character used to uniquely identify your organizations and required during signing in. If you do not remember your Kisi Domain, you can use Find My Organizations feature.
- Click Save
Assigning people to the Kisi application
To test the SSO setup, please make sure to assign yourself to the Kisi app. You can then try to sign into Kisi using the SSO option.
Under the Assignments tab, click the Assign button to assign people or groups who should be able to access Kisi. If you don't add them, they won't be able to access Kisi via Okta.
Provisioning and Deprovisioning Members with Okta (SCIM)
To configure SCIM (System for Cross-domain Identity Management) provisioning and deprovisioning of Kisi members, please follow the steps in this article.