Kisi wordmark

HelpSpace

search
close

Try searching for

integrations

getting started

apple watch app

blinkup

arrow up arrow down

navigate

esc to close

SSO: Configuring Okta for use with Kisi

Updated

This content is being deprecated.
Please see our new Kisi Docs portal at docs.kisi.io
Relevant section: Okta

SSO requires a Kisi Organization license. Please contact Kisi Support to learn more and upgrade your account.

Kisi supports SSO (Single Sign-On) with Okta as a way of authentication for your Organization. Below are the steps to our self-service SSO configuration.

Setting up SSO with Okta

To set up SSO, you must be the Kisi Organization Owner. For additional guidance on SSO setup, please refer to our Kisi API documentation.

  1. Sign in to Okta and ensure you are using the classic UI interface (top-left corner)
  2. Click on Applications from the main navigation and select Add Application
    sso-okta-add-app.png
  3. Search for the Kisi Physical Security app and select it from the dropdown menu
    sso-search-kisi.png
  4. Click Add
    sso-add-kisi.png
  5. On the following General Settings page, click Done
    sso-general-settings.png
  6. Click on the Sign On tab for the Kisi Physical Security app, then click Identity Provider metadata and copy the Metadata URLsso-copy-metadata.png

In Kisi:

  1. Sign in to your Kisi Organization account
  2. Under Organization Setup, click on SSO & SCIM and paste the Metadata URL
    kisi-sso-setup.png
  3. Click Save
  4. Under Step 3, click on Generate Certificate

Now that you have generated the encryption certificate, go back to Okta and follow the steps below to complete the configuration.

  1. In Okta, under the Sign On tab for the Kisi Physical Security SAML app, click Edit
    sso-edit-sign-on.png
  2. In Encryption Certificate: Upload the encryption certificate that you have downloaded from the previous steps
  3. In Domain: Enter your Kisi Domain. Every Organization in Kisi has a domain. It's an alphanumeric string that can also contain "-" character used to uniquely identify your organizations and required during signing in. If you do not remember your Kisi Domain, you can use Find My Organizations feature.
    sso-cert-domain.png
  4. Click Save

Assigning people to the Kisi application

To test the SSO setup, please make sure to assign yourself to the Kisi app. You can then try to sign into Kisi using the SSO option.

Under the Assignments tab, click the Assign button to assign people or groups who should be able to access Kisi. If you don't add them, they won't be able to access Kisi via Okta.

sso-assign.png

Provisioning and Deprovisioning Members with Okta (SCIM)

To configure SCIM (System for Cross-domain Identity Management) provisioning and deprovisioning of Kisi members, please follow the steps in this article.

Written by Joao,

Was this article helpful?
Have more questions? Submit a request

Related articles