Skip to main content

Lenel OnGuard Integration Setup

Updated

Prerequisites

Identity Server supports integration with OnGuard via the OpenAccess service. In order to use this integration, additional licenses may be required from your vendor.

You will need one of the following SKU for the OnGuard Software Subscription License:

  • For OnGuard version 7.3, 7.4, 7.5: IPC-091-PRIDEN01
  • For OnGuard version 7.6, 8.0, 8.1, 8.2, 8.3: IPC-094-PRNID01-B

Please consult the OpenAccess User Guide before attempting to set up this integration. Once you have confirmed OpenAccess is properly configured and licensed, make sure that port 8080 (the default port for OpenAccess) is open on your OnGuard server's firewall. Follow the instructions below to configure the integration with IDS.

Setup

NOTE:  with the release of Identity Server version 2.21.18, Princeton Identity introduced a feature which would allow Identity Server to store the password for OnGuard in an encrypted form so that the password no longer needs to be re-entered on the Sync setup page whenever a system restart is executed.  To implement this feature, please see Appendix B - Create a Persisting Password for the IDS Integration with OnGuard.  before proceeding with sync setup.

1. Login to the IDS from a web browser using a user with the admin role and click Settings.blobid0.png

2. On the Settings page, select Sync from the left-hand menu.blobid1.png

3. Click the SETUP SYNC button.mceclip0.png

4. Select "OnGuard" from the drop-down menu and click the CONTINUE button.mceclip1.png

5. On the OnGuard screen, the default settings will appear. Click Edit Settings.

6. Make the following selections:

  • Check for updates (Note: regardless of the option selected, an incremental sync will run every 30 to 60 seconds to check for changes)
    • Manual – don't check for changes
    • Incremental Scan - check for changes
    • Full scan every 12 hours
    • Full scan every 24 hours
  • API Address: should be of the form https://<onguard-ip-or-hostname>:8080/
  • Username: the username for OnGuard
  • Password: the password for OnGuard
  • Sync People with: This setting facilitates the synchronization of specific user groups to Identity Server based on the specified cardholder property in OnGuard. For example, entering “OPHONE!=null,ssno!=null” in the “Sync People with” field will sync only those users having values for “ophone” and “ssno” in their profile in OnGuard. Other options include Floor (ex: Floor=1), Extension (ex: EXT=1), Zip Code (ex: ZIP=12345), & Phone Number (ex: Phone=1234567890).

  • Properties to Persist:  This feature will allow an administrator to search for individuals in Identity Server based on any OnGuard cardholder property defined in the “Properties to Persist” field.  In the “Properties to Persist” field enter the OnGuard user properties that you would like to be able to search for in Identity Server.  For example, to enable a search of users having the values in the “ext!=null” and “ophone” fields in OnGuard enter the following with each field separated by a comma.

See Appendix A - Using Custom Search Properties ("Properties to Persist" from Step 6. above) for instructions on using these search terms.

  • Sync active people: if this box is checked, Identity Server will only sync those profiles tagged as "Active" in OnGuard.
  • Sync Visitors: if this box is checked, those users in OnGuard that are tagged as "Vistors" will also be synchronized to Identity Server
  • Delete Missing People: if this box is checked, any profiles no longer present in OnGuard will be deleted from Identity Server.
  • Import Portrait Images: if this box is checked, any portraits associated with profiles in OnGuard will be included in the sync. 
  • Enroll Portrait Images: if this box is checked, portraits will be used for enrolling the face and iris biometrics.  This box must be check in order to use Princeton Identity’s Automatic Enrollment feature.
  • Send Alerts: if this box is checked, alerts will be sent to OnGuard when a device goes down.
  • Subscription ID: starting with versions 8.2+, this is used for incremental syncing and can be set to any value. If incremental syncing stops working, you can reset this value to 0 to reconnect to OnGuard.

Additionally, users may opt to sync multiple badge types by doing the following

  •  

1.  Click Add Badges to enter the relevant information:  Badge Type, Facility Code, Badge Offset

2.  Click Add Badges for each badge type to be synchronized. 

3.  Click Apply once all sync settings been entered.

 

7. The IDS will attempt to connect to OnGuard and begin the synchronization process. If you have chosen Manual under Check for updates, you will need to click Run Now.mceclip4.png

8. Click HOME on the navigation bar at the top of the screen. Here you will now see a notification that the IDS is due to synchronize with OnGuard as well as the current progress of the synchronization process.
mceclip5.png

 

Appendix A - Using Custom Search Properties ("Properties to Persist" from Step 6. above)

To utilize the search values entered in the Properties to Persist field during synchronization setup, do the following:

1. Go to People page in Identity Server and click “Add Filter” (top right).

2.  In the drop-down menu select the “By field value” filter.

3.  Enter the value you wish to search for.  For example, if you want to search for an individual with phone extension 905, enter “905” in the text field that appears and click OK.

 

 

The following settings were introduced with the release of Identity Server 2.21.18.  

Appendix B - Create a Persisting Password for the IDS Integration with OnGuard

This feature allows Identity Server to store the integration password in an encrypted form such that the password is not cleared whenever a system restart is executed.  Synchronizations with OnGuard will continue as scheduled after a restart without the need to reenter the integration password on Sync settings page.  The following steps will need to be carried out to enable this feature.

 

1.  After installing Identity Server 2.21.18.xxxx, or installing the update to 2.21.18.xxxx, log out of Identity Server.

2.  Open the Windows Services app.  Scroll to the line named PI Identity Server and stop the service.

3.  Open Windows Explorer and find the Identity Server root directory (ex. c:/identity-server).

4.  Find and delete the file named “lenel.json”.

5.  Open the Windows System Properties app by typing “environment” in the Windows search bar and selecting “Edit the system environment variables.”

6.  Click Environmental Variables.

7.  In the System variables section at the bottom of the window, click “New…”. 

8. Create a new System Environment Variable named IDS_LENEL_PROPERTIES. Set the Variable value to a decryption key of your choice.

9. Click OK, OK, and OK again to close out of the System Properties app.
10. Return to the Windows Services app and start the PI Identity Server service.
11. Login to Identity Server. Click Settings>Sync
12. Set up the password from the OnGuard configuration page. When you hit Apply, it will encrypt the password using the IDS_LENEL_PROPERTIES and save it to the lenel.json file.

NOTE:  For security purposes, the sync with OnGuard will fail if the key is changed after setting up the password using the encryption key as it will not be able to decrypt the password using the new key. To reenable the sync you must change the encryption key to the original value and restart the PI Identity Server service, or remove the lenel.json file and configure the OnGuard sync again.

 

 

Related articles

Powered by Zendesk