General
CONNECT > Configuration > General:
The General Configuration page allows the administrator to configure a variety of different options as shown below:
ACR/ACRM Permissions
This section sets the rights that an ACR or ACRM has regarding handling Credentials. The options include:
Read Only - ACR’s and ACRM’s can view but not edit or delete an Identity's credentials.
Delete Only - ACR’s and ACRM’s can view and delete an Identity's credentials but not edit.
Add, edit, and delete - ACR’s and ACRM’s have full access to credential management. They can view, add, edit and delete credentials from an identity’s record.
This section sets the rights that an ACR or ACRM has regarding handling Access Groups that they own. The options include:
Delete Only - ACR’s and ACRM’s can view and delete an Identity's Access Groups but not add or edit. Selecting this will force access to be added using the Access Request workflow.
Add, edit, and delete - ACR’s and ACRM’s have full access to Access Groups management. They can view, add, edit and delete Access Groups from an identity’s record.
This section sets the rights that an ACR or ACRM has regarding access groups that are assigned to identities but are not directly owned by the ACRs / ACRMs. The options include:
Hide - ACR’s and ACRM’s will not be able to see access they do not own.
Read Only - ACR’s and ACRM’s will be able to see all the access groups they do not own but will not be able to assign, edit or remove them.
Delete only - ACR’s and ACRM’s will be able to see and remove all access groups they do not own but will not be able to assign or edit them.
Note
These settings affect the ACR / ACRM permissions on the CONNECT Identity page.
Default ACRMs
Grants the ability to set default ACRMs. If set to ON, then Administrator can set one or more ACRMs that will manage new access groups.
Identity Manager Permissions
This section sets the rights that the Identity Manager has regarding the Credentials associated with the identities they manage. The options include:
Read Only - The identity manager can view but not add, edit or delete an Identity's credentials
Delete Only - The identity manager can view or delete an Identity's credentials but not add or edit.
Add, edit, and delete - The identity manager has full access to credential management. They can view, add, edit and delete credentials from an identity’s record.
This section sets the rights that the Identity Manager has with the access groups assigned to the identities they manage. The options include:
Read only - The identity manager will only be able to see the access that is assigned to the identities they manage.
Delete only - The identity manager will be able to see and delete the access that is assigned to the identities they manage.
Photo ID Tech Credential Rights
This section sets the rights that a Photo ID technician has regarding the credentials associated with an identity. The options include:
Read Only - Photo ID technicians can view but not add, edit or delete an Identity's credentials.
Delete Only - Photo ID technicians can view and delete but not add or edit an Identity's credentials.
Add, edit, and delete - Photo ID technicians have full access to credential management. They can view, add, edit and delete credentials from an identity’s record.
Banner Message
An administrator can configure the Banner Message which is seen by all users when they log into CONNECT for the first time.
Once the banner message has been edited, click on the tick icon to confirm the banner message. Set text to empty to disable.
Role Actions
This section allows the administrator to configure whether or not ACR/ACRM or Photo ID Tech roles can have access to the New button on the CONNECT Identities screen. If enabled, the specified role will be able to add new Identities into the system. Can be toggled between On or Off to enable or disable the option.
Credentials
This section allows the administrator to specify if multiple active credentials can be assigned to a single identity. If toggling from ON to OFF, the functionality for Limit by Card Type (Allow for multiple active credentials to be assigned to a single identity but only one per card type) and Identity Credential Polling will be disabled.
The Administrator can also set the Credentials Expiry Time. Default is 'End of day (23:59) but that can be amended to any specified hour between 1AM and 11PM
Non-Employee
This section allows the administrators to configure whether non-employee (identity) Access Groups or Credentials should have an expiration date set automatically when they are added to the record. Can be toggled between On or Off to enable or disable the option. The days to expiration can be edited. Once the edits have been made, click on the tick icon to confirm.
The image above shows a configuration whereby all non-employee Identities that are created on the CONNECT tab of the system will have their access and credential expiration dates automatically set to 30 days from date of creation.
When a new credential is issued to a non-employee, or an access right is manually assigned to them, an expiration date will be set automatically by the system.
Identity Credentials Pin
This section allows administrators to enable identity credential pin editing in the identity details page. A Pin Code is a number used by the Identity at specific keypad readers in the Symmetry Access Control System to verify that they are the owner of the card (someone who found/stole the card would not normally know the Pin Code). The Identity presents their card, enters their pin on the keypad and is then allowed access through the door. If any edits have been made, click on the tick icon to confirm. Options include:
Enable credential pin management - Enables the configuration of an identity pin code. Can be toggled between On or Off to enable or disable the option.
Automatically generate Pin Code - When enabled a pin code will be automatically generated when an identity is added. Can be toggled between On or Off to enable or disable the option.
Pin Length - Specifies the number of digits the PIN code must be. Pin length can be set between 4-8 digits. Need to ensure that PIN Code length in CONNECT matches PIN Code length in your PACS system.
Role Options
This section allows for administrators to configure if PIN and IDS code management should be controlled by ACRs and ACRMs or require a separate role to manage. Can be toggled between On or Off to enable or disable the option.
When this setting is set to:
Off - ACRs and ACRMs will automatically be able to edit the PIN and IDS codes if enabled.
On - New roles for Pin code Manager and IDS Code Manager will be selectable via the roles management page and allow this permission to be set at a per identity basis.
Enables the ability to assign a separate role for access audits. When enabled, only identities with the auditor role can action on audits. Can be toggled between On or Off to enable or disable the option. For further information refer to the Auditor Role section.
Use Hotstamp
This section allows for administrators to configure if credentials should be assigned a card number (Off), or hotstamp (On). If set to ON, credential number for new and existing Legacy Cards will be labelled Hotstamp Number. If set to OFF, credential number will be labelled Card Number.
IDS Code
This section allows administrators to enable IDS code editing in the identity details page. An IDS (Intruder Detection System) Code is typically a unique code that an Identity uses to arm/disarm an IDS “Alarm” zone. The Symmetry Access Control System includes some IDS functionality, which requires the Identity to have an IDS Code assigned. Your Symmetry system will need a license to be able to use IDS functionality. Options include:
Enable IDS code - Enables the configuration of an identity IDS (intrusion detection system) code. Can be toggled between On or Off to enable or disable the option.
IDS code Length - Specifies the number of digits the IDS code must be. IDS code length can be set between 4-8 digits. Need to ensure CONNECT IDS Code length matches Symmetry IDS Code length.
Auto - assign credential
This section allows administrators to configure if and how credentials should be auto assigned. Can be toggled between On or Off to enable or disable the option.
Enable Auto - Assign - Enables credentials to be auto assigned. If set to ON then the Credential Range with Order set to 1 will be used to select the Credential Number. Once that Range is exhausted, system will allocate from the next range in the Order list.
Type - Defines how the credentials should be assigned. Options include Random or Sequential.
Grant to New Identity - Enables credentials to be automatically granted when a new Identity is added.
Access Control Rules
This section allows for an administrator to configure how identities will be handled in the ACS (Access Control System). The Default Configuration is for the Identity Expiration, Suspension and Termination options to all be switched ON. Switching those options OFF will require the Symmetry Integration client to be updated to version 3.2.0 or higher.
Identity Expiration - This setting addresses expired identities. When enabled, an expired identity will be removed from both CONNECT and the ACS. When disabled, the expired identity will be marked as expired in CONNECT and inactive in the ACS. In addition, in both CONNECT and the ACS, all Access Groups will be removed but all Credentials will remain.
Identity Suspension - This setting address suspended identities. When enabled, a suspended identity will be removed from both CONNECT and the ACS. When disabled, the suspended identity will be marked as suspended in CONNECT and inactive in the ACS. In addition, in both CONNECT and the ACS, all Access Groups and all Credentials will remain.
Identity Termination - This setting address terminated identities. When enabled, a terminated identity will be removed from both CONNECT and the ACS. When disabled, the terminated identity will be marked as terminated in CONNECT and inactive in the ACS. In addition, in both CONNECT and the ACS, all Access Groups will be removed but all Credentials will remain.
Notes Synchronization - This setting enables or disables the syncing of notes entered in the CONNECT Identities Notes section with the Card Holder Notes in the Symmetry Access Control system.
Access Control Synchronization
This section allows the administrator to enable or disable Polling to sync data between CONNECT and PACS. Enabling polling allows the user to create Credentials in your PACS and have them sync upwards to CONNECT. Can be toggled between On or Off to enable or disable the option.
Set Identity Credential Polling - This setting will allow CONNECT to poll for credentials added to an identity in the access control system. This setting can be set to:
On - Will poll for new credentials that have been added to an identity in the access control system. The user can configure the Interval (in minutes) between each polling iteration.
Off - Credentials added / amended in PACS will not sync to CONNECT. Note that PACS record will remain out of sync with CONNECT until an amendment is made to CONNECT at which point all values in PACS will be overwritten by the values in CONNECT.
Set Identity Hand Geometry Template Polling - Where a HGU Enrolment Reader has been configured for your PACS system, Identity is able to scan the palm of their hand. This setting will allow CONNECT to poll for Hand Geometry Templates added to an Identity in the access control system. This setting can be set to:
On - Will poll for the interval for syncing of Hand Geometry Templates for credentials that have had Hand Geometry Templates added to them in the access control system. The user can configure the Interval (in minutes) between each polling iteration.
Off - Hand Geometry Templates added / amended in PACS will not sync to CONNECT. Note that PACS record will remain out of sync with CONNECT until this configuration is switched ON, as Hand Geometry Templates cannot be added / amended directly to CONNECT.
Set PDF Polling - Where a Integration has been configured for your PACS system to match Cardholder Titles in PACS to Identity fields in CONNECT / IDM, user can make amendments to these fields in PACS. This setting will allow CONNECT to poll for Identities where PDFs (Card Holder Titles) have been altered for an Identity in the access control system. This setting can be set to:
On - Will poll for the interval for syncing of PDFs for identities that have had PDFs (Cardholder Titles) altered in the access control system. The user can configure the Interval (in minutes) between each polling iteration.
Off - Identity PDFs (Card Holder Titles) added / amended in PACS will not sync to CONNECT. Note that PACS record will remain out of sync with CONNECT until an amendment is made to CONNECT at which point all values in PACS will be overwritten by the values in CONNECT.
Access Control Identity Sync
This section allows for administrators to configure settings for when identities will be sent down to the access control system. Options include:
Credential Only - Sends an identity record to all access control systems once a credential is provisioned.
Access Group Only - Sends an identity record to an access control system once an access group is provisioned.
Access and Credential - Sends an identity record when both a credential and an access group is provisioned.
Identity Only - Sends an identity record to all integrations on identity creation.
Badge Templates
Warning
The badge template names entered in this setting must be an exact match for them to sync correctly with the Symmetry Access Control system.
This section allows for an administrator to define a list of badge templates that can be selected and associated with an identity. This badge template will sync to the badge template field in the Symmetry Access Control system. This allows for the badge template to be set in CONNECT, while allowing the badge printing/encoding to be done in Symmetry Access Control.
Identity Matching
This section allows for a administrator to enable or disable the ability for CONNECT to attempt to match identities in the access control system via the unique identifier defined in the integrations configuration when it is unable to match via its identity Id. This can help prevent duplicate identities being added to the access control system when an identity is directly added to the access control system before it is added to CONNECT. Can be toggled between On or Off to enable or disable the option.
Access Group Activation/Expiration Time Settings
When toggled to ON, grants the ability to set and view Activation and Expiration Time values in the Access Group section on Identities screen. User can amend Hours and Minutes and whether time is AM or PM. Defaults are 12:00 AM for Activation and 11:59 PM for Expiration.
Restrict Access Groups by Company
When toggled to ON, this setting will restrict Access Groups that a user can add or request or approve. Changing the configuration will trigger reconciliation of approvers for all access requests currently in progress.
