Info |
---|
This article is valid for Smart ID 21.04 and later. |
...
iSecure is an Access Control System provided by Security Shells and managed by a GUI and the service interacts with iSecure through the web-based iSecure API. iSecure is used to integrate with all versions of the HID access controllers VertX and EDGE. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in iSecure.
For details on which data can be imported and exported from iSecure, see About import and export to Physical Access.
...
Expand |
---|
|
The following prerequisites apply: - Physical Access and the iSecure Docker container/service are installed. See Deploy Smart ID.
- iSecure S/W Version-E-A2.4-Unlimited CI - 60 is required.
- The message queue server must be running.
- If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar).
- A working network connection to the connected physical access control systems (PACS) must be in place.
|
Limitations & constraints
Expand |
---|
title | Limitations & constraints |
---|
|
The following limitations apply: - In iSecure, only one card can be assigned per employee. If the Physical Access service finds more than one card to one employee which matches the configuration, then the old assigned card will be replaced with the new.
- Before a card can be assigned to an employee, it must be available in the iSecure system and must match the card format.
→ See the section Create Card in iSecure below. - The following employee fields in iSecure are required: Emp Code, Company, Location and Department. Emp Code shall contain any unique data from user records, other fields can either be static in the configuration or mapped as user additional fields.
|
...
The iSecure data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.
Expand |
---|
|
Insert excerpt |
---|
| Connect to a PACS system in PACS admin panel |
---|
| Connect to a PACS system in PACS admin panel |
---|
nopanel | true |
---|
|
Insert excerpt |
---|
| Physical Access database - common parameters |
---|
| Physical Access database - common parameters |
---|
nopanel | true |
---|
|
group: generalkey | Data type | Required or Optional | Description |
---|
updatesPerPoll | int | Optional | The maximum number of messages read from the message queue. Default: 100 | iSecureApi | string | Required | URL of the iSecure API for import and export details. |
group: exportkey | Data type | Required or Optional | Description |
---|
cardNumberIdentifier | string | Required | This setting defines which type of identifier to use for card number. Default: “mifare”. | empCodeField | string | Required | This setting defines which field to use for unique identification of users. It can be configured as follows. Examples: - user.ssn
- user.[column name of user table]
- useradditionalfield.[Type of additional field]
| companyName | string | Required | This setting defines the name of the company, which is mapped to the iSecure field Company. If a different value is to be used, then it can be configured as follows: Example: useradditionalfield.company | locationName | string | Required | This setting defines the name of the location, which is mapped to the iSecure field Location. If a different value is to be used, then it can be configured as follows: Example: useradditionalfield.location | department | string | Required | This setting defines the name of the department, which is mapped to the iSecure field Department. If a different value is to be used, then it can be configured as follows: Example: useradditionalfield.department | accessType | string | Required | This setting defines the way of access using Card Readers. The following values are available: - "CardOrCardAndPin" (Default)
- "CardOrPin"
- "PinOnly"
| cardFormat | string | Required | This setting specifies the available card format in the iSecure application. To not use any formatting, select “NoFormat”. Default: “NoFormat”. | subDept | string | Optional | This setting defines the name of the sub-department, which is mapped to the iSecure field Sub-Dept. If a different value is to be used, then it can be configured as follows: Example: useradditionalfield.subdepartment |
Example Example with static settings for company, location and department: Id | Group | Index | Key | System | Value |
---|
1 | general | 0 | iSecureApi | ISecure | http://localhost/isecureapi/ | 2 | export | 0 | cardNumberIdentifier | ISecure | mifare | 3 | export | 0 | empCodeField | ISecure | user.ssn | 4 | export | 0 | companyName | ISecure | Nexus | 5 | export | 0 | locationName | ISecure | Stockholm | 6 | export | 0 | department | ISecure | IT | 7 | export | 0 | accessType | ISecure | CardORCardAndPin | 8 | export | 0 | cardFormat | ISecure | NoFormat |
Example with user additional fields for company, location and department: Id | Group | Index | Key | System | Value |
---|
1 | general | 0 | iSecureApi | ISecure | http://localhost/isecureapi/ | 2 | export | 0 | cardNumberIdentifier | ISecure | mifare | 3 | export | 0 | empCodeField | ISecure | user.ssn | 4 | export | 0 | companyName | ISecure | useradditionalfield.company | 5 | export | 0 | locationName | ISecure | useradditionalfield.location | 6 | export | 0 | department | ISecure | useradditionalfield.department | 7 | export | 0 | accessType | ISecure | CardORCardAndPin | 8 | export | 0 | cardFormat | ISecure | NoFormat |
|
...