Document toolboxDocument toolbox

Set up integration with Interflex IF-6040

This article includes updates for Smart ID 23.04.2.

This article describes how to configure the Interflex Service, to enable integration between Smart ID Identity Manager, Physical Access and the Interflex Service. 

Interflex is an Access Control System provided by Interflex Datensysteme GmbH and managed by a GUI and API to interact with Interflex. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in Interflex.

For details on which data can be imported and exported from Interflex, see About import and export to Physical Access.

Prerequisites

The following prerequisites apply:

  • Physical Access and the Interflex Docker container/service are installed. See Deploy Smart ID.

  • The Interflex Service is currently using IF-6040 Open API version 12.1.1 to interact with Interflex.

  • The message queue server must be running.

  • If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar). 

  • A working network connection to the connected physical access control systems (PACS) must be in place.

Configure Interflex Service data fields

The Interflex data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.

Configure database

For information about how to connect to a PACS system, see Connect to a PACS system in PACS admin panel.

For information about group: messagingqueue, see Physical Access database - common parameters.

group: general

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

updatesPerPoll

int

Optional

The maximum number of messages read from the message queue.

Default: 100

group: interflex.system

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

systemId

string

Required

System id is a unique value which is sent with a request to identify rest client on server.

Default: “PHYSICAL-ACCESS-INTERFLEX-CLIENT”

username

string

Required

Username to login into IF-6040 Rest API

password

string

Required

Password to login into IF-6040 Rest API

group: interflex.general

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

apiUrl

string

Required

Base URL of IF-6040 rest API endpoint to import access element and export user details.

entitlementImportTypes

string

Required

EntitlementImportTypes is used to set which type of access elements Physical Access should import. See supported entitlementImportTypes listed below.

To have support for both types, add it like “AccessProfile, AccessZoneTimeProfile”.

organizationUnit

string

Required

OrganizationUnit is the name of the default organization which can be used to create User or Card.

These entitlementImportTypes are supported:

EntitlementImportTypes

Description

EntitlementImportTypes

Description

AccessProfile

If entitlementImportTypes is set to AccessProfile, only AccessProfile type access element are imported to Physical Access.

AccessZoneTimeProfile

If entitlementImportTypes is set to AccessZoneTimeProfile, AccessZone and TimeProfile type access element are imported to Physical Access.

group: interflex.export

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

cardNumberIdentifierType

string

Required

This is a type of identifier in an access token. This setting indicates which type of identifier that is used for card number.

Default: “mifare”.

userIdentifierPrefix

string

Required

A prefix which is appended before Personnel Number of Person in Interflex.

Default: “PA”.

group: export

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

userfieldmappings

string

Optional

The userfieldmappings is the combination of all additional fields that can be sent to Interflex. Currently, these fields can be configured:

  • EmailAddress

  • HomePhoneNumber

  • CellPhone

  • Country

  • Street

  • ZipCode

  • City

  • DateOfBirth

  • Sex

User column fields are sent by adding configuration like user.column_name_of_user_table, property_name_of_cardholder.

Add this configuration to export the fields to Interflex:

Id

group

index

key

system

Value

Id

group

index

key

system

Value

1

export

0

userfieldmappings

Interflex

phone.home, HomePhoneNumber

2

export

0

userfieldmappings

Interflex

phone.mobile, CellPhone

3

export

0

userfieldmappings

Interflex

email.Work, EmailAddress

4

export

0

userfieldmappings

Interflex

address.country, Country

The value in the configuration setting is a combination of table_name.value_of_type_column, property_name_of_cardholder. This configuration setting is the mapping between PA3 table field and Interflex cardholder model properties.

Interflex field mapping

The service mainly transfers user data including related access tokens and entitlement assignments. In the service, default fields can be sent and additional fields can be mapped using extra field mappings.

User field mapping

By default, the following data is mapped between the USER table in the Physical Access and the Interflex service:  

SR No

Physical Access field (Web API)

Interflex field (UI)

SR No

Physical Access field (Web API)

Interflex field (UI)

1

Id (Id) – Append with prefix as per configuration setting userIdentifierPrefix

Basic Data -> Personnel number

2

givenname (givenName)

Basic Data -> FirstName (förnamn)

3

familyname (FamilyName)

Basic Data -> lastName (efternamn)

4

Default organizationUnit defined in configuration

Basic Data -> Belongs To (Organization)

5

Check Type Configuration and then map actual email Type(emails-type-value)

Contact -> Private email address

Access token field mapping

For access token field mapping, the ACCESSTOKEN and ACCESSTOKENIDENTIFIER tables from the Physical Access database are mapped to the Interflex service fields. All details are available under Person Record.

SR No

Physical Access field (Web API)

Interflex field (UI)

SR No

Physical Access field (Web API)

Interflex field (UI)

1

CardNumber (identifiers-type-value)

Credentials ->Assigned

Credentials -> Column[Credential]

2

Card ValidFrom and ValidTo decide internally

Credentials -> Assigned

Credentials -> Column[ValidFrom , ValidTo]

3

User -> Pin

PIN Code

Entitlement assignment field mapping

For entitlement assignment field mapping, the ENTITLEMENTASSIGNMENT table from the Physical Access database is mapped to the Interflex service fields. All details are available under Person Record.

SR No

Physical Access field (Web API)

Interflex field (UI)

SR No

Physical Access field (Web API)

Interflex field (UI)

1

DisplayName (entitlement-DisplayName)

Access -> Personal Access Permission -> Access Element

2

Valid From, Valid To

Access -> Personal Access Permission -> [ValidFrom, ValidTo]



Restart service

Restart the Interflex connector service:

Restart Physical Access Interflex connector
cd <SMARTIDHOME>/compose/physicalaccess docker-compose restart smartid-pa-interflex



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions