Better Security. Less effort. Easy access.

Milestone logo
Product compatibility
Version 2022 R1 and later

Support for external IDP is available for Smart and Management clients in the 2022 R1 version of XProtect. Support for the Mobile and Web clients is planned for later this year.

Sign into XProtect with your corporate credentials using
Single Sign On (SSO).

Everyone wants resilient and secure products, but doing that without compromising the user experience is a challenge. Security policies and business systems are as diverse as the organizations that use them. It has not been easy to find a login process that supports them all – until now.

Milestone XProtect® is all about flexibility, allowing you to choose the servers, cameras, and solutions that work best for your business. Now, you can also choose your preferred Identity and Access Management (IAM) and use your corporate credentials to sign into XProtect. This means more secure authentication and a streamlined authorization process.

Streamlining the authorization process

Defining roles and user rights to control unauthorized access to the VMS could be a time-consuming manual process prone to human error for those who don’t use Microsoft Active Directory. By supporting the Open ID Connect (OIDC) protocol, XProtect 2022 R1 automates this process also for those who use OIDC, enhancing security and authorization control.

Single Sign On simplifies username and password management for both users and administrators. Users no longer need to keep track of different sets of credentials, and administrators can quickly assign and relinquish login privileges based on users authorized in the IAM system. This results in less manual work, stronger authentication, and a smoother user experience. SSO support is available for the Smart and Management clients in all XProtect products, version 2022 R1 or later.

How does it work?

XProtect 2022 R1 implements the open ID Connect (OIDC) protocol, an identity layer built on the commonly used Oauth 2.0 framework. This allows end-users to use almost any IAM that uses this protocol.

The system administrator sets up user groups in the IAM associated with VMS roles during the initial configuration. These are then mirrored in the VMS, allowing users to log into XProtect with their corporate credentials and access the user rights allocated to them.

If a user leaves the organization or is removed from the corporate IAM, their access to the VMS is automatically revoked. This mirrored and automated process minimizes manual work and lowers the risk of human errors and unauthorized access to the VMS.


Stronger security

New protocols and multi-factor authentication modernize authorization processes.

Reduced unauthorized access risk

Access to the VMS is automatically removed when an employee leaves the organization.

Less manual work

Automatic access is given to the VMS based on the user’s defined groups in the IDP.

Who can benefit from this?

From stronger security and a lower risk of unauthorized access to the VMS, benefits the entire organization. From the automated process and ease of ongoing use after the initial configuration benefits the system administrator and the end-user.

SSO support is available for Okta, AWS Cognito, Azure AD, Authentik, Cyberark, and similar services using the OIDC protocol. This feature is currently supported for the Smart and Management clients in all XProtect products version 2022 R1 or later. Support for the Mobile and Web clients is planned for later this year.


Download  the content of this page in ready-to-use slides

Milestone logo

You may also be interested in: