Applies to: Okta
Summary
This article explains what changes when you migrate to an Okta (SSO) account.
Permission Inheritance
- Role Continuity: All existing Cloud Portal and OnCloud roles held by the previous Hanwha Vision account are inherited by the new Okta account.
- No Data Loss: Position, activity logs, and assigned device permissions remain unchanged.
Role Assignment and Account Distinction
- Role Matching: When a regular account is transitioned to an SSO account (either through manual conversion or automatic SCIM matching), the new SSO account will be automatically assigned the same Cloud Portal and OnCloud roles that were held by the previous regular account.
- Distinct Account Entities: Although the roles are inherited, an SSO account is a technically separate and distinct entity from the previous regular account.
- Data Reconfiguration (No Data Inheritance): Because the SSO account is a new entity, it does not inherit the history or detailed data of the previous regular account.
Hybrid Login Policy (Important)
- For Integrated Org: Users must use the [Sign in with Okta] (SSO) button. Hanwha Vision passwords will no longer work for this organization.
- For Non-integrated Orgs: If the user belongs to other organizations not linked to Okta, they continue to log in via their Hanwha Vision account (Email/Password) to access those specific orgs.
Exceptions and Restrictions
Certain scenarios and account types have specific rules regarding Okta account conversion:
The following accounts cannot be converted to Okta accounts:
Super Admins: Must remain as regular accounts to ensure emergency access.
LDAP Accounts: Users managed via LDAP are not eligible for migration.
Installers/Technicians: External accounts invited to an organization cannot be converted by that organization's Okta integration.
Partner Account Logic:
Dependency: A Partner account converts to an Okta account only if their own Partner ORG enables Okta integration.
Role Inheritance: Partner users who migrate to Okta (within their Partner ORG) retain all existing access and roles in the Customer ORGs they belong to.
Comments
0 comments
Please sign in to leave a comment.