- Created by Karolin Hemmingsson (Unlicensed) , last modified on Sept 26, 2019
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 2 Next »
This article describes how to install and configure the iSecure Service, to enable integration between Nexus PRIME PACS Backend and iSecure.
iSecure is an Access Control System provided by Security Shells and managed by a GUI and the service interacts with iSecure through the web-based iSecure API.
After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Nexus PRIME, never in iSecure.
For details on which data can be imported and exported from iSecure, see About import and export to PRIME PACS Backend.
Prerequisites
The following prerequisites apply:
- PRIME PACS Backend is installed. See here.
- iSecure S/W Version-E-A2.4-Unlimited CI - 60 is required.
- The message queue server must be running.
Limitations & constraints
The following limitations apply:
- In iSecure, only one card can be assigned per employee. If the PACS Backend service finds more than one card to one employee which matches the configuration, then the old assigned card will be replaced with the new.
- Before a card can be assigned to an employee, it must be available in the iSecure system and must match the card format.
→ See the section Create Card in iSecure below. - The following employee fields in iSecure are required: Emp Code, Company, Location and Department. Emp Code shall contain any unique data from user records, other fields can either be static in the configuration or mapped as user additional fields.
Configure iSecure Service
The service is configured in the configuration table in the PACS Backend database and in the configuration file. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.
The configuration file is named ISecureService.exe.config.
group: general
key | Data type | Required or Optional | Description |
---|---|---|---|
updatesPerPoll | int | Optional | The maximum number of messages read from the message queue. Default: 100 |
iSecureApi | string | Required | URL of the iSecure API for import and export details. |
group: export
key | Data type | Required or Optional | Description |
---|---|---|---|
cardNumberIdentifier | string | Required | This setting defines which type of identifier to use for card number. Default: “mifare”. |
empCodeField | string | Required | This setting defines which field to use for unique identification of users. It can be configured as follows. Examples:
|
companyName | string | Required | This setting defines the name of the company, which is mapped to the iSecure field Company. If a different value is to be used, then it can be configured as follows: Example: useradditionalfield.company |
locationName | string | Required | This setting defines the name of the location, which is mapped to the iSecure field Location. If a different value is to be used, then it can be configured as follows: Example: useradditionalfield.location |
department | string | Required | This setting defines the name of the department, which is mapped to the iSecure field Department. If a different value is to be used, then it can be configured as follows: Example: useradditionalfield.department |
accessType | string | Required | This setting defines the way of access using Card Readers. The following values are available:
|
cardFormat | string | Required | This setting specifies the available card format in the iSecure application. To not use any formatting, select “NoFormat”. Default: “NoFormat”. |
subDept | string | Optional | This setting defines the name of the sub-department, which is mapped to the iSecure field Sub-Dept. If a different value is to be used, then it can be configured as follows: Example: useradditionalfield.subdepartment |
Example
Example with static settings for company, location and department:
Id | Group | Index | Key | System | Value |
---|---|---|---|---|---|
1 | general | 0 | iSecureApi | ISecure | http://localhost/isecureapi/ |
2 | export | 0 | cardNumberIdentifier | ISecure | mifare |
3 | export | 0 | empCodeField | ISecure | user.ssn |
4 | export | 0 | companyName | ISecure | Nexus |
5 | export | 0 | locationName | ISecure | Stockholm |
6 | export | 0 | department | ISecure | IT |
7 | export | 0 | accessType | ISecure | CardORCardAndPin |
8 | export | 0 | cardFormat | ISecure | NoFormat |
Example with user additional fields for company, location and department:
Id | Group | Index | Key | System | Value |
---|---|---|---|---|---|
1 | general | 0 | iSecureApi | ISecure | http://localhost/isecureapi/ |
2 | export | 0 | cardNumberIdentifier | ISecure | mifare |
3 | export | 0 | empCodeField | ISecure | user.ssn |
4 | export | 0 | companyName | ISecure | useradditionalfield.company |
5 | export | 0 | locationName | ISecure | useradditionalfield.location |
6 | export | 0 | department | ISecure | useradditionalfield.department |
7 | export | 0 | accessType | ISecure | CardORCardAndPin |
8 | export | 0 | cardFormat | ISecure | NoFormat |
The service mainly transfers user data including related access tokens and entitlement assignments. The tables below show the default field mapping.
If needed, additional fields can be configured, using the SCIM API and useradditionalfield
in the database configuration.
User field mapping
By default, the following data is mapped between the USER table in the PACS Backend and the iSecure service:
SR No | PACS Backend field (Web API) | iSecure field (UI) |
---|---|---|
1 | Value configured under setting empCodeField | Emp Code |
2 | Combination of givenName and FamilyName | Name |
3 | Value configured under setting companyName | Company |
4 | Value configured under setting Location | Location |
5 | Value configured under setting Department | Department |
6 | Value configured under setting subDept | Sub-Dept |
7 | Status column of user table | Status |
8 | Address of user from Address table | Address |
Access token field mapping
By default, the following data is mapped between the ACCESSTOKEN and ACCESSTOKENIDENTIFIER tables in the PACS Backend and the iSecure service:
SR No | PACS Backend field (Web API) | iSecure field (UI) |
---|---|---|
1 | Value configured under setting cardNumberIdentifier | Card Number |
2 | Default Configuration for cardFormat | CardFormat |
3 | USER-PIN (No Direct link) | Pin column of user table |
4 | Default Configuration for accessType | AccessType |
Entitlement assignment field mapping
By default, the following data is mapped between the ENTITLEMENTASSIGNMENT table in the PACS Backend and the iSecure service:
SR No | PACS Backend field (Web API) | iSecure field (UI) |
---|---|---|
1 | assigneeid (assignee -value) | Emp Code |
2 | ExternalId (ExternalId) | Access Groups Id (Access Groups Id, not on UI) |
3 | DisplayName (entitlement-DisplayName) | Access Group (Namn) |
Install iSecure service
The installation file is named ISecureService.exe.
Restart iSecure service
The service SystemId is named ISecure.
Create card in iSecure
Before assigning a card to an employee in PRIME PACS Backend, the card must be created in iSecure.
To create a card, follow these steps:
Log in to the iSecure system:
Example: iSecure URLhttp://localhost/isecure/Login.aspx
- Go to Controller Setup Data > Card Inventory. Click on the + (Plus) button.
- Add the card number and select a card format.
If the desired card format not available, then create the card format or select No Format. To create a card format, follow these steps:- Go to Controller Setup Data > Card Formats. Click on the + (Plus) button.
- Add a name of the card format and save it.
Related information
- No labels