Physical access control has traditionally been a standalone system that companies use to add and remove users (typically with key cards) manually. Even as cloud-based access control systems have come to market, there hasn't been much urgency for traditional software providers to integrate with these systems to automate the provisioning and deprovisioning workflows to manage physical access control.
Having a largely manual process leads to some critical failure points, especially with deprovisioning of user access. Often, when employees leave the company or are terminated, it can take months to disable their key cards -- if it even happens at all. For organizations that are security conscious or have requirements to deactivate user access within a few hours of termination, this status quo is untenable. While moving to the cloud can seemingly solve some of these issues, it does require a SAML integration to ensure proper access to the platform.
Our first ever integration in this arena was with Okta. Here is a look at how Sequr’s Okta integration allows you to automate provisioning workflows across all your offices and integrate single sign-on (SSO) for both admin access to the management dashboard and user access to their mobile keys.
One key aspect of this integration is that when users are deactivated in Okta, all of their keys across all offices will be deactivated. No more chasing down tickets from HR or going to your Windows machine in the IT closet to deactivate individual keys. Let’s look at how simple it is to automate your access control management with Okta.
Step 1: Create Integration
All that is required is to integrate Sequr with Okta is your Okta integration token, API token, and Okta Domain:
Step 2: Create Provisioning Rules by Location
Once you’ve integrated your Okta instance with Sequr, you’ll want to first govern which Organizational Units get which level of access by office. As you can see here, the New York office will have its own set of rules and Scranton will have another set of rules based on title, location, and other factors.
Bonus Step: Create Granular Provisioning Rules + Issue Mobile Keys Automatically
Automating the provisioning workflow is a great first step. However, with Sequr you can govern which Groups in Okta are assigned to which Access Groups in Sequr. This includes whether or not they will receive access to the admin dashboard and if they will automatically receive a mobile key on their phone.
Setting up SSO
Using Sequr’s SAML 2.0 integration with Okta SSO takes only minutes to setup.
Simply provide your SSO URL and X.509 Certificate.
If you’d like to learn more about extending your Okta identity management platform into the physical world reach out to us today at firstname.lastname@example.org