Access Control

CONNECT -> Configuration -> Access Control: Integration with a physical access control system is configured within the Access Control sub-section. Integration provides the following functionality:

  • Access Groups (known as “Access Codes” in the Symmetry Access Control System) are imported into CONNECT.
    • The Access Groups are assigned by an administrator to specific Access Group Rules, or they can be assigned to specific ACR’s; users can request access to the Access Group and the relevant ACR can approve/deny the request.
  • Credentials (access cards etc.) are issued from CONNECT. Based on system configurations once a credentials is assigned to an identity they are automatically pushed down to or pulled up from the access control system.
  • Any changes made to the Identity, such as Access Groups assigned/removed, or a new Credential being issued, are automatically reflected in the access control system. For example, if an Identity is terminated in CONNECT, they are automatically removed from the access control system.
  • Reports in CONNECT will show where each Identity presented their card in access control system.

Access Control Integrations Screen

test

Download Access Control Services

This section allows an administrator to download the integration client for their access control system. This utility can be installed locally to facilitate integration with the Symmetry Access Control system.

Complete instructions for installing and configuring the Symmetry Access Control integration utility are provided separately in the Symmetry Client installation guide.

Access Control Integrations

This section displays information about each configured access control integration. Information available includes:

  • Web API Token: This is required when installing the integration utility.
  • Name: The name given to the integration.
  • Status: The current state of the integration. Possibilities include:
    • Waiting to Sync: The integration has been configured by not yet connected.
    • Onboarding: The integration is currently being onboarded.
    • Ready: The integration has been onboarded and is ready to be used.
    • Lost Connection: The integration has been onboarded but is not currently able to establish a connection.
  • Integration Token: This is required when installing the integration utility.
  • Integration Type: The integration client type being used for the integration.
  • Default Time Zone: The default timezone of the integration. Each access group will receive this timezone, unless directly updated.

Creating a New Access Control Integration:

  • To create a new integration to an access control system an administrator is able to create and configure a new Integration by clicking the “New” button. When the user clicks “New”, they will need to enter the details about the integration per the screen below. Test2
  • An integration has the following configurable fields:
    • Access Control System (ACS) (Required) - The type of access control system being configured.
    • Name (Required) - The name used to identify the integration
    • Company ID (Required) - The Symmetry CompanyID that identities will be sent down too
    • Default Time Zone (Required) - The timezone of the Symmetry Application Server, this value will be used as the default value of access codes added from the integration
    • Unique Identifier
      • CONNECT Field (Required) - The CONNECT field that will be used to match against the Symmetry field. Options include EmployeeNumber and Email.
      • Integration Field (Required) - The Symmetry field that will be used to match against CONNECT Identities. Options include Employee Ref and PersonalData1 - PersonalData47 Test2
    • IDM to Symmetry Mapping - This section allows you select IDM Fields that will be mapped to Symmetry Fields when updated in IDM. Test2

Typically “Employee Number” in CONNECT (visible on the IDM tab) maps to “Employee Ref” in Symmetry Access Control as the unique identifier. Click “Save”.

  • Once the integration services are running and the integration is configured correctly the Integration Status will show as “Ready”. The administrator can confirm that information is passing between the two systems by clicking on the “My Groups” tab. If Access Groups (Access Codes in Symmetry Access Control) are displayed, then information has been received from Symmetry Access Control.

Onboarding:

The onboarding process is used to map the existing Cardholders that are in Symmetry Access Control to the Identities that are located in CONNECT. This “reconciles” the data sets in each system and prevents the system from creating duplicate Cardholders in Symmetry Access Control.

If Symmetry Access Control is a new system, and/or does not have any Cardholders stored, then the onboarding process may not be necessary.

Onboarding involves to primary processes:

  • Identity to Cardholder Mapping: CONNECT identities are mapped to the records in the access control system being onboarded.
  • Access Assignment Mapping: Access groups tha are currently assigned to cardholder is the access control system are mapped to an ACRM or ACR.

Onboarding is a relatively complex process that is typically managed by AMAG Professional Services. Onboarding is covered within separate setup documentation.