Skip to main content

Okta: How to Onboard to Cloud Portal

Gwen Martin
Updated

Applies to: Okta

Summary

This article explains how to manage the initial onboarding and account migration on your selected integration option for Okta to Cloud Portal.

Onboarding Okta

There are a few methods for onboarding. This section explains each one and the subsequent steps for using it. 

Manual Management (Auth (SSO) only)

This method involves the Cloud Portal Administrator manually adding or converting users. There are two primary paths within this option.

Creating a New SSO Account (New account)

Use this to add a user who is not yet registered in the organization directly as an SSO user. 

To create a new SSO account: 

  1. Log in to Cloud Portal
     
  2. Navigate to the Users page and click Add user.


     
  3. In the Option section, select SSO account.


     
  4. Confirm the New account tab is selected and enter the First name / Last name / Email address.

  5. Select the role.
     

  6. Click OK.

    The account is initially Pending

    NOTE: The user must be assigned to the Hanwha Vision Cloud app in Okta to log 
    in successfully.

     

    NOTE: You cannot add a user as a New account if the email address meets any of 
    the following conditions: 

    The email already exists in your current organization.
    The email is already registered as an SSO account in your organization or any 
    other organization.

Converting Existing Accounts to SSO (Existing account)

Use this process to migrate current Hanwha account users to SSO without losing their data or permissions.

To convert existing accounts: 

  1. Log in to Cloud Portal
     
  2. Navigate to the Users page and click Add user.


     
  3. In the Option section, select SSO account.
     
  4. Click the Existing account tab.


     
  5. Click the User list drop-down, and select the accounts to convert. Multiple selections are supported.


     

  6. Review the policy and click OK.

    Notifications appear at the bottom of the screen:

    Converting multiple accounts simultaneously may take some time. Please stay on the page until the process is finalized.

    Bulk Handling: If you have more than 50 accounts to migrate, please process them in separate batches of 50 or fewer to ensure system stability.

    The conversion is only complete when the following notification appears at the bottom of the screen: Account conversion completed successfully.
     

    NOTE: Even after creating or converting an account in Cloud Portal, the user 
    must be assigned to the Hanwha Vision Cloud app within your corporate Okta 
    dashboard to log in.
    NOTE: A converted SSO account remains in a Pending state until the user 
    successfully completes their first login via the Okta authentication path.

Automated Management (Auth & Provisioning)

This method uses System for Cross-domain Identity Management (SCIM) to automatically synchronize your Okta directory with Cloud Portal. It eliminates the need for manual user creation and ensures your user list is always up-to-date. 

To assign users/groups in Otka: 

  1. Log in to your Okta Admin Dashboard.
     
  2. Navigate to Applications .
     
  3. Select the Hanwha Vision Cloud app.


     
  4. Click the Assignments tab.
     
  5. Click Assign and select either Assign to People or Assign to Groups.


     
  6. Select the desired users/groups and click Assign.


     

  7. Verify the user attributes (Email, First Name, Last Name) and click Save and Go Back.

    Once assigned in Okta, the following actions occur automatically in Cloud Portal via SCIM:

    If the user does not exist in Cloud Portal, a new SSO account is created instantly.

    If a Hanwha account with the same email already exists in the organization, it is automatically converted to an SSO account. The user's existing role is preserved during this transition.
     

  8. Navigate to the Users page in Cloud Portal.

    The SSO label appears next to the synchronized users.


     

    NOTE: It may take some time for the synchronization to complete. If you do not 
    see the updated user list or the 'SSO' labels immediately, please refresh the 
    Users page.

     

    NOTE: Once a user is managed via Provisioning, their profile details (First 
    Name, Last Name, and Phone number) are mastered by Okta. These fields become 
    Read-only in Cloud Portal to ensure data integrity. All profile updates must be 
    made within Okta.

     

    NOTE: When a user is Unassigned or Deactivated in Okta, their access to Cloud 
    Portal is automatically revoked or the account is removed based on your SCIM 
    settings.

     

  9. Verify that Create Users, Update User Attributes, and Deactivate Users are enabled in the Okta Provisioning > To App menu. 

Common Migration Rules (Permissions & Login)

Permission Inheritance

  • Role Continuity: All existing Cloud Portal (CP) and OnCloud (OC) roles held by the previous Hanwha Vision account are inherited by the new Okta account.
     
  • No Data Loss: Position, activity logs, and assigned device permissions remain unchanged.

Role Assignment and Account Distinction

  • Role Matching: When a regular account is transitioned to an SSO account (either through manual conversion or automatic SCIM matching), the new SSO account will be automatically assigned the same Cloud Portal (CP) and OnCloud (OC) roles that were held by the previous regular account.
     
  • Distinct Account Entities: Although the roles are inherited, an SSO account is a technically separate and distinct entity from the previous regular account.
     
  • Data Reconfiguration (No Data Inheritance): Because the SSO account is a new entity, it does not inherit the history or detailed data of the previous regular account.

Hybrid Login Policy (Important)

  • For Integrated Org: Users must use the [Sign in with Okta] (SSO) button. Hanwha Vision passwords will no longer work for this organization.
     
  • For Non-integrated Orgs: If the user belongs to other organizations not linked to Okta, they continue to log in via their Hanwha Vision account (Email/Password) to access those specific orgs.

Exceptions and Restrictions

Certain scenarios and account types have specific rules regarding Okta account conversion:

  • The following accounts cannot be converted to Okta accounts:
     
    • Super Admins: Must remain as regular accounts to ensure emergency access.
       
    • LDAP Accounts: Users managed via LDAP are not eligible for migration.
       
    • Installers/Technicians: External accounts invited to an organization cannot be converted by that organization's Okta integration.
       
  • Partner Account Logic:
     
    • Dependency: A Partner account converts to an Okta account only if their own Partner ORG enables Okta integration.
       
    • Role Inheritance: Partner users who migrate to Okta (within their Partner ORG) retain all existing access and roles in the Customer ORGs they belong to.

 

Related to

Related articles

Comments

0 comments

Please sign in to leave a comment.

العربية Deutsch Español Français 日本語 한국어
Explore official resources, documentation, and insights for solutions
© 2026 Co., Ltd. All rights Reserved.
6, Pangyo-ro 319beon-gil, Bundang-gu, Seongnam-si, Gyeonggi-do, 13488, KOREA
Cookie Policy | Privacy Policy