OpenPath (Avigilon Alta) Setup
This guide walks you through connecting your OpenPath / Avigilon Alta account to MakerVera. Once connected, MakerVera can automatically grant and revoke member access to your Alta-managed doors, gates, and areas.
Before you begin
Section titled “Before you begin”You’ll need the following before starting the setup:
- Access to your Avigilon Alta admin portal to create and configure a service account
- A dedicated API service account in Alta (not your personal login—see below)
- Your Alta Organization ID
- MFA (multi-factor authentication) disabled on the service account
Why a dedicated service account?
Section titled “Why a dedicated service account?”MakerVera authenticates to the Alta API using an email and password. Using your personal admin login is a security risk—if you ever change your password or leave the organisation, the integration breaks. A purpose-built service account (like api-bot@yourmakerspace.org) keeps the integration independent of any individual person.
Create the service account
Section titled “Create the service account”- Log in to the Avigilon Alta admin portal.
- Create a new user for API access with an address like
api-bot@yourmakerspace.org.- The account must be an Avigilon Alta-native account. Accounts linked to Google, Azure AD, or another identity provider cannot authenticate via the API.
- Assign the required permission scopes: User Management and Group Management.
- Disable MFA / TOTP on this account. MakerVera cannot provide one-time codes; if MFA is enabled, the connection will fail with a clear error.
- Keep the email address and password handy—you’ll enter them in MakerVera.
Find your Organization ID
Section titled “Find your Organization ID”Your Organisation ID appears in the URL while you’re logged into the Alta portal (for example, …/orgs/12345/…) or in your organisation’s settings page. Write it down before continuing.
Connect the provider
Section titled “Connect the provider”- Go to Settings → Integrations in your MakerVera admin panel.
- Click Add Provider.
- Select OpenPath as the provider type.
- Fill in the form:
| Field | What to enter |
|---|---|
| Display name | A label for this connection, e.g. “Main building – OpenPath” |
| Service account email | The email address of the API service account |
| Service account password | The password for the API service account |
| Organization ID | The numeric ID from the Alta portal |
| API Base URL | Leave as the default (https://api.openpath.com) unless your Alta administrator has directed you to use a different URL |
- Click Save. MakerVera tests the credentials immediately. If they’re correct, the provider is saved and appears in your Integrations list with an Active badge.
Sync your access zones
Section titled “Sync your access zones”After saving, the provider card shows a Sync Zones button. Click it to import your Alta access groups as MakerVera zones. Each Alta group becomes a zone you can attach to authorizations or event access policies.
Zone types default to Area after a sync. You can recategorise individual zones as Door or Equipment in MakerVera’s zone list if you want more specific labels.
Test the connection
Section titled “Test the connection”Use the Test Connection button on the provider card to verify that MakerVera can still reach your Alta account. This is useful after a password change, a permission update on the service account, or whenever you suspect the integration may have degraded.
Troubleshooting
Section titled “Troubleshooting””Authentication failed — check the email and password for your API service account”
Section titled “”Authentication failed — check the email and password for your API service account””The credentials entered don’t match what Alta has on file. Check:
- You’re using the service account email, not your personal admin login.
- The password is correct (watch for trailing spaces if you’re copy-pasting).
- The service account exists and is active in the Alta portal.
”MFA/TOTP must be disabled on the API service account”
Section titled “”MFA/TOTP must be disabled on the API service account””The service account has multi-factor authentication turned on. Go to the Alta portal, open the service account settings, and disable MFA. MakerVera cannot supply one-time codes during automated API calls.
”Organization not found — check your Organization ID”
Section titled “”Organization not found — check your Organization ID””The Organization ID you entered is incorrect. Check the URL bar while logged into the Alta portal, or visit your organisation’s settings page to confirm the correct numeric ID.
”The API user doesn’t have the required permissions”
Section titled “”The API user doesn’t have the required permissions””The service account is missing User Management and/or Group Management scopes. Go to the Alta portal, open the service account, and assign those permission scopes before trying again.
”Could not reach the OpenPath API”
Section titled “”Could not reach the OpenPath API””A network or timeout issue is preventing MakerVera from contacting Alta. Confirm the Base URL is correct and try again in a few minutes. If the issue persists, check the Alta status page to see if the API service is experiencing an outage.
Zones appear greyed out or marked “inactive” after a sync
Section titled “Zones appear greyed out or marked “inactive” after a sync”A zone marked inactive was removed or deactivated in the Alta portal. Re-sync to confirm the latest state. Any access policies referencing an inactive zone will display a warning badge; grants will not fire for that zone until it’s reactivated in Alta and re-synced.