Document toolboxDocument toolbox

Set up integration with Unison Pacom

This article is valid for Smart ID 21.04 and later.

This article describes how to configure the Unison Pacom Service, to enable integration between Smart ID Identity Manager, Physical Access and Unison Pacom. 

Unison is an Access Control System provided by Pacom and managed by a GUI and a web service on the server and the service interacts with Unison through the wcf service. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in Unison.

For details on which data can be imported and exported from Unison Pacom, see About import and export to Physical Access.

Prerequisites

The following prerequisites apply:

  • Physical Access and Unison Pacom Docker container/service are installed. See Physical Access installation and upgrade.

  • The wcf service is installed.

  • The Message Queue Server must be running.

  • If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar). 

  • A working network connection to the connected physical access control systems (PACS) must be in place.

Configure Unison Pacom Service data fields

The Unison Pacom data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.

Configure database

For information about how to connect to a PACS system, see Connect to a PACS system in PACS admin panel.

For information about group: messagingqueue, see Physical Access database - common parameters.

group: general

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

updatesPerPoll

int

Optional

The maximum number of messages read from the message queue.

Default: 100

group: unison

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

host

string

Required

The hostname and path to the Unison.AccessService. The path should always point to the .svc file for the service.

username

string

Required

The username to use when connecting to the Unison Service.

password

string

Required

The password to use when connecting to the Unison Service.

cardmaxlength

string

Required

This is maximum length of card number which we send to Unison. This is default setting in case of access profile setting is not available.

identifiertype

string

Required

This is the type of identifier of access token. This setting indicates which type of identifier we want to use for card number.

personnumberfield

string

Required

This the unique value of person which is used to send on unison side to represent person uniquely.

layoutidentifiertype

string

Required

The layoutidentifiertype is used to set identifier type of layout. This setting is required to configure access profiles.

Example

Id

Group

Index

Key

system

value

Id

Group

Index

Key

system

value

1

general

0

updatesPerPoll

Unison

100

2

unison

0

host

Unison

http://my.company.com/Unison.AccessService

3

unison

0

username

Unison

admin

4

unison

0

password

Unison

admin

group: cardformatmappings

The optional setting cardformatmappings can be used to configure access profiles. If cardformatmappings is used, then all its settings are required to be configured, otherwise the connector will throw an error. This setting directly depends on the setting layoutidentifiertype.

key

Data type

Required or Optional

Description

key

Data type

Required or Optional

Description

layout 

string

Required

This is the value of the identifierType which we have configured in setting layoutidentifiertype.

Example
The connector will fetch the value of layout from access token identifiers, for example, Standard Magnetkort, and search in the configuration group cardformatmappings for the same value of layout, that is, Standard Magnetkort. If this setting is found, then the card will be exported with this configuration.

profile

string

Required

The unison card profile to use when matching profiles to the Unison Service. For matching profile name, the profile key is assigned to the card.

identifiertypes

string

Required

A comma-separated list of identifier types to match in access token identifiers. If a complete list exists in the identifier, then the only system will transfer the data in the associated fields. Otherwise the card will be marked with errors. 

By default, the system will use the default profile from Unison with identifiertype and cardmaxlength configurations to transfer access tokens to Unison.

key

Data type

Description

key

Data type

Description

fieldnames

string

A comma-separated list of unison system fields to transfer data. System will match predefined types CardNumber, SystemNumber, VersionNumber and MiscNumber.

format

string

A comma-separated list of access token format types to validate encoding format for the associated profile. The System will match predefined types Hex, Dec and Binary.

length

string

A comma-separated list of lengths of identifier types to validate the length of access tokens identifier.

Example

The table below shows a sample configuration of an access profile called Standard Magnetkort. The access token identifiers are configured in the following way:

"Identifiers": [ {"type": "mifare","value": "999809"}, {"type": "Layout","value": "Standard Magnetkort"}, {"type": "SystemNumber","value": "100000"}, {"type": "VersionNumber","value": "01"} ]



Id

Group

Index

Key

system

value

Id

Group

Index

Key

system

value

14

cardformatmappings

0

layout

Unison

Standard Magnetkort

15

cardformatmappings

0

profile

Unison

Standard Magnetkort

16

cardformatmappings

0

identifiertypes

Unison

mifare,SystemNumber,VersionNumber

17

cardformatmappings

0

format

Unison

Dec,Dec,Dec

18

cardformatmappings

0

length

Unison

6,6,2

19

cardformatmappings

0

fieldnames

Unison

CardNumber,SystemNumber,VersionNumber



In the cardformatmappings configuration, remove extra spaces from key and value and make sure that all keys are in lowercase.

group: userfieldmappings

This mapping is used to export values of user related objects such as User, Email, Address, Phone and Useradditionalfields table fields to Unison fields. For exporting user table fields configuration settings will be combination of Table_name.column_name, field_id_of_Unison and for rest of the table it will be Table_name.value_type, field_id_of_Unison.

Id

Group

Index

Key

system

value

Id

Group

Index

Key

system

value

20

unison.export

1

userfieldmappings

Unison

phone.mobile,1

21

unison.export

1

userfieldmappings

Unison

Address.work,2

22

unison.export

1

userfieldmappings

Unison

Email.work,3

23

unison.export

1

userfieldmappings

Unison

useradditionalfield.category,4

24

unison.export

1

userfieldmappings

Unison

user.ssn,5

25

unison.export

1

userfieldmappings

Unison

user.title,6



Unison Pacom field mapping

The service mainly transfers user data including related access tokens and entitlement assignments. The tables below show the default field mapping.

If needed, additional fields can be configured, using the SCIM API and useradditionalfield in the database configuration. 

User field mapping

By default, the following data is mapped between the USER table in the Physical Access and the Unison service: 

SR No

Physical Access field (Web API)

Unison field (UI)

SR No

Physical Access field (Web API)

Unison field (UI)

1

givenname (givenName)

firstName (förnamn)

2

familyname (FamilyName)

lastName (efternamn)

3

pin (Pin)

pinCode (PIN)

4

Collection of multiple fields of User,email,address,phone and email

fields(Fields defined in UI)

Access token field mapping

By default, the following data is mapped between the ACCESSTOKEN and ACCESSTOKENIDENTIFIER tables in the Physical Access and the Unison service: 

SR No

Physical Access field (Web API)

Unison field (UI)

SR No

Physical Access field (Web API)

Unison field (UI)

1

CardNumber (identifiers-type-value)

CardNumber (Kortnummer)

2

Configuration Card Profile (identifiers-type-value)

ProfileKey (kort profil)

3

assigneeId(assignee)

UserKey(User)

4

Configuration Card Profile (identifiers-type-value)

SystemNumber (Systemnummer)

5

Configuration Card Profile (identifiers-type-value)

VersionNumber(Versionsnummer)

6

Variable “Misc-” + AccessTokenID

MiscNumber (Not on UI)

Entitlement assignment field mapping

By default, the following data is mapped between the ENTITLEMENTASSIGNMENT table in the Physical Access and the Unison service: 

SR No

Physical Access field (Web API)

Unison field (UI)

SR No

Physical Access field (Web API)

Unison field (UI)

1

assigneeid (assignee -value)

userKey (Selected User Name)

2

entitlementid (entitlement-value)

groupKey (Group Name)

3

validfrom (ValidFrom)

validFrom (giltig fr.o.m.)

4

validto (ValidTo)

validTo (giltig t.o.m.)



Restart service

Restart the Unison Pacom connector service:

Restart Physical Access Unison Pacom connector
cd <SMARTIDHOME>/compose/physicalaccess docker-compose restart smartid-pa-unison



Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions