Features

The following Okta provisioning features are supported by Elements:

  • Create Users – Users in Okta who are assigned to the LenelS2 Elements app integration in Okta are automatically created or updated as externally managed people in Elements.

  • Update User Attributes – Changes to Okta user attributes (first name, last name, email) are automatically synchronized to Elements.

  • Deactivate Users – Users that are deactivated or deleted in Okta are automatically marked inactive in Elements, which revokes both physical (credential) and logical (login) access. Deleting people (as opposed to marking them inactive) is supported by Elements, but not by Okta.

  • Group Push – Groups and their members in Okta can be pushed to Elements (as Elements people groups). Groups in Okta can be linked to existing Elements people groups. Okta will be source of truth.

Requirements 

SCIM provisioning is an optional feature available via the Elements marketplace. Contact your integrator to subscribe.

Configuration

  1. Subscribe to SCIM provisioning from the Elements marketplace.

  2. On the Marketplace page, under SCIM Provisioning, select Manage.

  3. Select Generate Keys. API keys are generated and may be copied to the clipboard to be pasted when configuring Okta.

  4. Sign in to your Okta account as an administrator.

  5. From the Applications page, select Browse App Catalog.

  6. Search for LenelS2 Elements and select Add Integration.

  7. From the application Provisioning tab, select Configure API Integration.

  8. Select the Enable API Integration checkbox and paste either the primary or secondary API key retrieved from the Elements marketplace. Select Save.

  9. Next to Provision to App, select Edit, and select Enabled for Create Users, Update User Attributes, and Deactivate Users.

  10. Select Save.

SCIM provisioning has now been enabled. Assign users to the application to create or link to people in Elements. Optionally push groups from Okta to Elements.

Create Users

Users assigned in Okta will be synchronized with Elements based on their email address or username. If a matching email address or username is found, the user present in Elements will be updated as an externally managed user. If no match is found, a new user will be created in Elements as an externally managed user.

  1. From the Okta Admin Console, navigate to the Applications > Applications page. Then select LenelS2 Elements app integration.

  2. Select the Assignments tab. Select Assign and then select Assign to People.

  3. In the Assign LenelS2 Elements to People dialog, select Assign in the row for the user you want to assign to the LenelS2 Elements app integration.

  4. Select Save and Go Back.

  5. Select Done. This assigns the LenelS2 Elements app integration to the user as an Individual assignment, which is shown in the Type column of the assignments table.

  6. To confirm that the user was created or updated in Elements, sign in and navigate to the People page. Then search for the user using their First Name, Last Name, Email, or Username. The matching user record should be displayed in the people list.

Update User Attributes

  1. From the Okta Admin Console, navigate to the Directory > People page.

  2. To find the user, enter their username in the Search field. Select the user.

  3. Under the Applications tab, the LenelS2 Elements app will be displayed inside the Assigned Applications section.

  4. Go to the Profile tab and select Edit. Update the user attributes, such as First Name, Last Name, Primary Email or Username, and then select Save.

  5. To confirm that the user was updated in Elements, sign in and navigate to the People page. Then search for the user using their modified First Name, Last Name, Email, or Username. The updated user record should be displayed in the people list.

Deactivate Users

  1. From the Okta Admin Console, navigate to the Directory > People page.

  2. To find the user, enter their username in the Search field. Select the user.

  3. Under the Applications tab, the LenelS2 Elements app will be displayed inside the Assigned Applications section.

  4. Select More Actions > Deactivate.

  5. In the Deactivate Person dialog box, select Deactivate.

  6. To confirm that the user was deactivated in Elements, sign in and navigate to the People page. Then, search for the user using their First Name, Last Name, Email, or Username. The matching user record should be displayed in the people list. The user status should be inactive.

Group Push

Pushed groups are managed from Okta. Any changes to the Group name and People mapping made in Elements will be overridden by subsequent pushes from Okta. However, other changes made in Elements related to group Authorizations and Access Control will remain unaffected. This applies to both pushing a new group and linking an existing Elements group.

Group Push Prerequisites

Before pushing a group, both the group and its members must be assigned to the LenelS2 Elements app by following these steps.

  1. From the Okta Admin Console, navigate to the Applications > Applications page. Then select LenelS2 Elements app integration.

  2. Select the Assignments tab. Select Assign and then select Assign to Groups.

  3. In the Assign LenelS2 Elements to Groups dialog, select Assign in the row for the group you want to assign to the LenelS2 Elements app integration.

  4. Select Done. This assigns the LenelS2 Elements app integration to the group. The group members will be assigned as a Group assignment, which is shown in the Type column of the assignments table.

Create a Group

  1. From the Okta Admin Console, navigate to the Applications > Applications page. Then select LenelS2 Elements app integration.

  2. Select the Push Groups tab.

  3. Select Push Groups and select one of these options:

    • Find groups by name: Select this option to find groups by name. Enter the group name to select from the list. Select Save. The group name is shown when you select By name in the Pushed Groups list.

    • Find groups by rule: Select this option to create a search rule that pushes matching groups to the app. Define the rule and select Create Rule. The rule name is shown when you select By rule in the Pushed Groups list.

  4. To confirm that the group was created in Elements, sign in and navigate to the People Groups page. The matching people group with assigned people should be displayed on the People Groups page.

Add/Delete People from a Group

  1. From the Okta Admin Console, navigate to the Directory > Groups page.

  2. To find the group, enter the group name in the Search field. Select the group.

  3. Select the People tab. Assign new people or delete existing people from the group.

  4. Select the Applications tab, then select LenelS2 Elements app.

  5. Select the Push Groups tab and find the group name you want to push under the Pushed Groups list. Select Active and then select Push now.

  6. To confirm that the group was updated in Elements, sign in and navigate to the People Groups page. The matching people group with the updated people mapping should be displayed on the People Groups page.

Group Linking

  1. From the Okta Admin Console, navigate to the Applications > Applications page. Then select LenelS2 Elements app integration.

  2. Select the Push Groups tab.

  3. Select Refresh App Groups. This ensures that all groups from the Elements are represented in Okta.

  4. Select the Action button, action button (Group Push Settings) and select the check box, Rename app groups to match group name in Okta.

  5. Select Push Groups and then select Find groups by name. Enter a keyword in the Search field.

  6. When the group appears in the table, view the Match results & push action column. You will see a Link Group option and with a match of the group name present in Elements.

  7. Select Save. The selected group will be displayed under Pushed Groups.

  8. To confirm that the group was update in Elements, sign in and navigate to the People Groups page. The existing Elements group will be converted to an externally managed group and any existing member mappings will be overridden by the next group push made from Okta. However, other changes made in Elements related to Authorizations and Access Control will remain unaffected.

Unlink Pushed Groups

  1. From the Okta Admin Console, navigate to the Applications > Applications page. Then select LenelS2 Elements app integration.

  2. Select the Push Groups tab.

  3. To deactivate a group push, unlink pushed groups, or push group memberships immediately, select Active/Inactive for a group and select one of these options:

    • Deactivate group push: Select this option to pause group synchronization. The group is retained in the Elements. You can continue to keep adding new members to the group in Okta, but the members won't appear in the Elements.

    • Unlink pushed group: Select one of these options in the Unlink Pushed Group dialog:

      • Delete the group in the target app: Select this option to delete the group and all its associated memberships in Elements.

      • Leave the group in the target app: Select this option to stop pushing memberships and keep the group in Elements.

      • Then select Unlink.

Troubleshooting

If you have questions or difficulties with your Elements/Okta SCIM integration, please contact Elements Technical Support at elements_support@carrier.com.

Related Topic

Okta and Elements Solution




© Honeywell International Inc. All Rights Reserved.