Okta Integration: Extending Physical Access Control into Your Identity Management Platform

Physical access control has traditionally been a standalone system that companies use to add and remove users (typically with key cards) manually. Even as cloud-based access control systems have come to market, there hasn’t been much urgency for traditional software providers to integrate with these systems to automate the provisioning and deprovisioning workflows to manage physical access control.

Having a largely manual process leads to some critical failure points, especially with deprovisioning of user access. Often, when employees leave the company or are terminated, it can take months to disable their key cards — if it even happens at all. For organizations that are security conscious or have requirements to deactivate user access within a few hours of termination, this status quo is untenable. While moving to the cloud can seemingly solve some of these issues, it does require a SAML integration to ensure proper access to the platform.

Okta Integration:

Our first ever integration in this arena was with Okta. Here is a look at how Genea’s Okta integration allows you to automate provisioning workflows across all your offices and integrate single sign-on (SSO) for both admin access to the management dashboard and user access to their mobile keys.  

One key aspect of this integration is that when users are deactivated in Okta, all of their keys across all offices will be deactivated. No more chasing down tickets from HR or going to your Windows machine in the IT closet to deactivate individual keys. Let’s look at how simple it is to automate your access control management with Okta.

1. Set up your Integration

All that is required to integrate Genea with Okta is your Okta integration token, API token, and Okta Domain:

Okta integration step 1

2. Create Provisioning Rule

Once you’ve integrated your Okta instance with Genea, you’ll want to first govern which organizational units get which level of access by office. As you can see here, the New York office will have its own set of rules and Scranton will have another set of rules based on title, location, and other factors.

3. Create Granular Provisioning Rules + Issue Mobile Keys Automatically

Automating the provisioning workflow is a great first step. However, with Genea, you can govern which groups in Okta are assigned to which Access Groups in Genea. This includes whether or not they will receive access to the admin dashboard and if they will automatically receive a mobile key on their phone.

Setting up SSO

Using Genea’s SAML 2.0 integration with Okta SSO takes only minutes to setup.

Simply provide your SSO URL and X.509 Certificate.

Genea's SAML integration with Okta SSO

Now you are all set! To get started with this integration and other ways we are automating access control, please book a demo.