Identity & Access Management
Okta SSO + KyberAccess
Enterprise single sign-on for visitor management.
Connect Okta, Azure AD, Google Workspace, or any SAML 2.0 identity provider to KyberAccess. Give your team seamless, secure access with single sign-on — no separate passwords needed.
Features
What You Get with Okta SSO
SAML 2.0 Single Sign-On
Industry-standard SAML 2.0 integration works with Okta, Azure AD, Google Workspace, OneLogin, PingFederate, and any compatible identity provider.
Just-in-Time Provisioning
New users are automatically created in KyberAccess on first SSO login. No manual account setup required — they sign in and they're ready to go.
Group-Based Role Mapping
Map your IdP groups directly to KyberAccess roles. Okta Admins become KyberAccess Admins, front-desk groups get front-desk access — automatically.
Domain-Based Authentication
Configure SSO domains so users with matching email addresses are automatically redirected to your identity provider. No friction, no confusion.
Real-Time Deprovisioning
When a user is removed from your identity provider, their KyberAccess access is immediately revoked. No orphaned accounts, no security gaps.
Multi-Provider Support
Running multiple identity providers? No problem. Configure different SSO providers for different organizations — perfect for multi-tenant deployments.
Why Use Okta SSO with KyberAccess?
Setup
Get Started in Minutes
Setting up the Okta SSO integration is quick and easy.
Create SAML App in Your IdP
In Okta (or your IdP), create a new SAML 2.0 application. Copy the Entity ID and ACS URL from KyberAccess settings into the IdP configuration.
Enter IdP Details in KyberAccess
Paste your IdP's SSO URL, Entity ID, and X.509 certificate into the KyberAccess SSO settings page. Select your provider type.
Map Domains & Roles
Add your email domains (e.g., company.com) and map IdP groups to KyberAccess roles — admin, staff, front-desk, guard, or read-only.
Test & Activate
Use the built-in connection test to verify everything works. Enable SSO and your team can start signing in with their corporate credentials.
Use Cases
How Organizations Use This
Enterprise Headquarters
Large organizations with hundreds of employees use Okta SSO to provide seamless access to KyberAccess visitor management without managing separate credentials.
Multi-Campus Schools
School districts configure Google Workspace SSO so teachers and staff across multiple campuses can access the visitor management system with their school email.
Healthcare Facilities
Hospitals with strict compliance requirements use Azure AD SSO to enforce MFA and audit trail requirements while providing frictionless access to front-desk staff.
Managed Security Services
Security companies managing multiple client sites configure SSO per organization, letting each client use their own identity provider for access control.
FAQ
Frequently Asked Questions
Which identity providers are supported?
KyberAccess supports any SAML 2.0 compliant identity provider including Okta, Microsoft Azure AD (Entra ID), Google Workspace, OneLogin, PingFederate, JumpCloud, Auth0, and Duo. We provide pre-configured templates for Okta, Azure AD, and Google Workspace.
Can SSO users still log in with email/password?
When SSO is enabled for a domain, users with that email domain are automatically redirected to SSO. Org owners and admins can still use email/password as a backup if needed.
How does Just-in-Time (JIT) provisioning work?
When a user signs in via SSO for the first time, KyberAccess automatically creates their account with the role mapped from their IdP groups. No pre-registration or manual setup needed.
Is MFA enforced through SSO?
Yes! When users authenticate through your IdP, all MFA policies configured in Okta, Azure AD, or your chosen provider are enforced. KyberAccess respects whatever authentication strength you require.
What happens when an employee leaves?
When you deactivate a user in your IdP, they can no longer authenticate via SSO. Their KyberAccess session will expire and they won't be able to sign in again. For immediate revocation, you can also remove them from the KyberAccess team settings.
Can different organizations use different identity providers?
Absolutely. Each organization in KyberAccess has its own SSO configuration. One org can use Okta while another uses Azure AD. Perfect for multi-tenant deployments and managed service providers.
Ready to Connect Okta SSO?
Start your free trial and integrate Okta SSO with KyberAccess today.