Identity & Access Management

Okta SSO + KyberAccess

Enterprise single sign-on for visitor management.

Connect Okta, Azure AD, Google Workspace, or any SAML 2.0 identity provider to KyberAccess. Give your team seamless, secure access with single sign-on — no separate passwords needed.

Features

What You Get with Okta SSO

SAML 2.0 Single Sign-On

Industry-standard SAML 2.0 integration works with Okta, Azure AD, Google Workspace, OneLogin, PingFederate, and any compatible identity provider.

Just-in-Time Provisioning

New users are automatically created in KyberAccess on first SSO login. No manual account setup required — they sign in and they're ready to go.

Group-Based Role Mapping

Map your IdP groups directly to KyberAccess roles. Okta Admins become KyberAccess Admins, front-desk groups get front-desk access — automatically.

Domain-Based Authentication

Configure SSO domains so users with matching email addresses are automatically redirected to your identity provider. No friction, no confusion.

Real-Time Deprovisioning

When a user is removed from your identity provider, their KyberAccess access is immediately revoked. No orphaned accounts, no security gaps.

Multi-Provider Support

Running multiple identity providers? No problem. Configure different SSO providers for different organizations — perfect for multi-tenant deployments.

Why Use Okta SSO with KyberAccess?

Eliminate password fatigue — one login for everything
Enforce MFA through your existing identity provider
Automatic user provisioning saves hours of admin work
Centralized access control meets SOC 2 requirements
Group-based role mapping keeps permissions in sync
Domain-based routing sends users to the right IdP
Works with Okta, Azure AD, Google Workspace, OneLogin, and more
Five-minute setup with copy-paste configuration

Setup

Get Started in Minutes

Setting up the Okta SSO integration is quick and easy.

1

Create SAML App in Your IdP

In Okta (or your IdP), create a new SAML 2.0 application. Copy the Entity ID and ACS URL from KyberAccess settings into the IdP configuration.

2

Enter IdP Details in KyberAccess

Paste your IdP's SSO URL, Entity ID, and X.509 certificate into the KyberAccess SSO settings page. Select your provider type.

3

Map Domains & Roles

Add your email domains (e.g., company.com) and map IdP groups to KyberAccess roles — admin, staff, front-desk, guard, or read-only.

4

Test & Activate

Use the built-in connection test to verify everything works. Enable SSO and your team can start signing in with their corporate credentials.

Use Cases

How Organizations Use This

Enterprise Headquarters

Large organizations with hundreds of employees use Okta SSO to provide seamless access to KyberAccess visitor management without managing separate credentials.

Multi-Campus Schools

School districts configure Google Workspace SSO so teachers and staff across multiple campuses can access the visitor management system with their school email.

Healthcare Facilities

Hospitals with strict compliance requirements use Azure AD SSO to enforce MFA and audit trail requirements while providing frictionless access to front-desk staff.

Managed Security Services

Security companies managing multiple client sites configure SSO per organization, letting each client use their own identity provider for access control.

FAQ

Frequently Asked Questions

Which identity providers are supported?

KyberAccess supports any SAML 2.0 compliant identity provider including Okta, Microsoft Azure AD (Entra ID), Google Workspace, OneLogin, PingFederate, JumpCloud, Auth0, and Duo. We provide pre-configured templates for Okta, Azure AD, and Google Workspace.

Can SSO users still log in with email/password?

When SSO is enabled for a domain, users with that email domain are automatically redirected to SSO. Org owners and admins can still use email/password as a backup if needed.

How does Just-in-Time (JIT) provisioning work?

When a user signs in via SSO for the first time, KyberAccess automatically creates their account with the role mapped from their IdP groups. No pre-registration or manual setup needed.

Is MFA enforced through SSO?

Yes! When users authenticate through your IdP, all MFA policies configured in Okta, Azure AD, or your chosen provider are enforced. KyberAccess respects whatever authentication strength you require.

What happens when an employee leaves?

When you deactivate a user in your IdP, they can no longer authenticate via SSO. Their KyberAccess session will expire and they won't be able to sign in again. For immediate revocation, you can also remove them from the KyberAccess team settings.

Can different organizations use different identity providers?

Absolutely. Each organization in KyberAccess has its own SSO configuration. One org can use Okta while another uses Azure AD. Perfect for multi-tenant deployments and managed service providers.

Ready to Connect Okta SSO?

Start your free trial and integrate Okta SSO with KyberAccess today.