Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated to Smart ID names

This article describes how to install and configure the iSecure Service, to enable integration between Smart ID Identity Manager (PRIME) PACS Backend and Physical Access and iSecure. 

iSecure is an Access Control System provided by Security Shells and managed by a GUI and the service interacts with iSecure through the web-based iSecure API. iSecure is used to integrate with all versions of the HID access controllers VertX and EDGE. 

After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Nexus PRIMEIdentity Manager, never in iSecure.

For details on which data can be imported and exported from iSecure, see About import and export to Physical Access.


Prerequisites

Expand
titlePrerequisites

The following prerequisites apply:

  • PRIME PACS Backend Physical Access is installed. See here.
  • iSecure S/W Version-E-A2.4-Unlimited CI - 60 is required. 
  • The message queue server must be running.

Limitations & constraints

Expand
titleLimitations & constraints

The following limitations apply: 

  • In iSecure, only one card can be assigned per employee. If the PACS Backend Physical Access service finds more than one card to one employee which matches the configuration, then the old assigned card will be replaced with the new. 
  • Before a card can be assigned to an employee, it must be available in the iSecure system and must match the card format.
    → See the section Create Card in iSecure below.
  • The following employee fields in iSecure are required: Emp Code, Company, Location and Department. Emp Code shall contain any unique data from user records, other fields can either be static in the configuration or mapped as user additional fields.

Configure iSecure Service

The service is configured in the configuration table in the PACS Backend Physical Access database and in the configuration file. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.

Expand
titleSet parameters in the configuration file

The configuration file is named ISecureService.exe.config.

Insert excerpt
Set parameters in PACS connector configuration file
Set parameters in PACS connector configuration file
nopaneltrue


Expand
titleApply configuration

Insert excerpt
Apply configuration changes in PACS connector service
Apply configuration changes in PACS connector service
nopaneltrue


Expand
titleConfigure database

Insert excerpt
Configure database in PACS admin panel
Configure database in PACS admin panel
nopaneltrue

Insert excerpt
Physical Access database - messagingqueue common parameters
Physical Access database - messagingqueue common parameters
nopaneltrue

group: general

keyData typeRequired or OptionalDescription
updatesPerPollintOptional

The maximum number of messages read from the message queue.

Default: 100

iSecureApistringRequiredURL of the iSecure API for import and export details.

group: export

keyData typeRequired or OptionalDescription
cardNumberIdentifierstringRequired

This setting defines which type of identifier to use for card number.

Default: “mifare”.

empCodeFieldstringRequired

This setting defines which field to use for unique identification of users. It can be configured as follows. 

Examples:

  • user.ssn
  • user.[column name of user table]
  • useradditionalfield.[Type of additional field]
companyNamestringRequired

This setting defines the name of the company, which is mapped to the iSecure field Company.

If a different value is to be used, then it can be configured as follows:

Example: useradditionalfield.company

locationNamestringRequired

This setting defines the name of the location, which is mapped to the iSecure field Location.

If a different value is to be used, then it can be configured as follows:

Example: useradditionalfield.location

departmentstringRequired

This setting defines the name of the department, which is mapped to the iSecure field Department.

If a different value is to be used, then it can be configured as follows:

Example: useradditionalfield.department

accessTypestringRequired

This setting defines the way of access using Card Readers.

The following values are available:

  • "CardOrCardAndPin" (Default)
  • "CardOrPin"
  • "PinOnly"
cardFormatstringRequired

This setting specifies the available card format in the iSecure application. To not use any formatting, select “NoFormat”.

Default: “NoFormat”.

subDeptstringOptional

This setting defines the name of the sub-department, which is mapped to the iSecure field Sub-Dept.

If a different value is to be used, then it can be configured as follows:

Example: useradditionalfield.subdepartment

Example 

Example with static settings for company, location and department: 

IdGroupIndexKeySystemValue
1general 0

iSecureApi

ISecure

http://localhost/isecureapi/

2export0

cardNumberIdentifier

ISecure

mifare

3export0

empCodeField

ISecure

user.ssn

4export0

companyName

ISecure

Nexus

5export0

locationName

ISecureStockholm
6export0

department

ISecure

IT

7export0

accessType

ISecureCardORCardAndPin
8export0

cardFormat

ISecure

NoFormat

Example with user additional fields for company, location and department: 

IdGroupIndexKeySystemValue
1general 0

iSecureApi

ISecure

http://localhost/isecureapi/

2export0

cardNumberIdentifier

ISecure

mifare

3export0

empCodeField

ISecure

user.ssn

4export0

companyName

ISecure

useradditionalfield.company

5export0

locationName

ISecureuseradditionalfield.location
6export0

department

ISecure

useradditionalfield.department

7export0

accessType

ISecureCardORCardAndPin
8export0

cardFormat

ISecure

NoFormat



Expand
titleiSecure field mapping

The service mainly transfers user data including related access tokens and entitlement assignments. The tables below show the default field mapping.

If needed, additional fields can be configured, using the SCIM API and useradditionalfield in the database configuration. 

User field mapping

By default, the following data is mapped between the USER table in the PACS Backend Physical Access and the iSecure service: 

SR NoPACS Backend Physical Access field (Web API)iSecure field (UI)
1

Value configured under setting empCodeField

Emp Code
2Combination of givenName and FamilyNameName
3Value configured under setting companyNameCompany
4Value configured under setting LocationLocation
5Value configured under setting DepartmentDepartment
6Value configured under setting subDeptSub-Dept
7Status column of user tableStatus
8Address of user from Address tableAddress

Access token field mapping

By default, the following data is mapped between the ACCESSTOKEN and ACCESSTOKENIDENTIFIER tables in the PACS Backend Physical Access and the iSecure service: 

SR NoPACS Backend Physical Access field (Web API)iSecure field (UI)
1Value configured under setting cardNumberIdentifierCard Number
2

Default Configuration for cardFormat

CardFormat

3

USER-PIN (No Direct link)

Pin column of user table

4

Default Configuration for accessType

AccessType

Entitlement assignment field mapping

By default, the following data is mapped between the ENTITLEMENTASSIGNMENT table in the PACS Backend Physical Access and the iSecure service: 

SR NoPACS Backend Physical Access field (Web API)iSecure field (UI)
1

assigneeid (assignee -value)

Emp Code
2

ExternalId (ExternalId)

Access Groups Id (Access Groups Id, not on UI)

3

DisplayName (entitlement-DisplayName)

Access Group (Namn)


Install iSecure service

Expand
titleInstall service

The installation file is named ISecureService.exe.

Insert excerpt
Install PACS connector service
Install PACS connector service
nopaneltrue

Restart iSecure service 

Expand
titleRestart service

The service SystemId is named ISecure

Insert excerpt
Restart PACS connector service
Restart PACS connector service
nopaneltrue

Create card in iSecure

Expand
titleCreate card in iSecure

Before assigning a card to an employee in PRIME PACS BackendPhysical Access, the card must be created in iSecure.

To create a card, follow these steps: 

  1. Log in to the iSecure system: 

    Code Block
    titleExample: iSecure URL
    http://localhost/isecure/Login.aspx


  2. Go to Controller Setup Data > Card Inventory. Click on the + (Plus) button.
  3. Add the card number and select a card format.
    If the desired card format not available, then create the card format or select No Format. To create a card format, follow these steps:  
    1. Go to Controller Setup Data > Card Formats. Click on the + (Plus) button.
    2. Add a name of the card format and save it.