Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Expand/Collapse All

Description

Use this task to assign an entitlement to a person.

The task works on three different core objects:

  • The 'Person'. This is the identity which gets an entitlement assigned.
  • The 'Entitlement'. This is an entity in Identity Manager which represents an entitlement (or 'access profile') at the PACS system.
  • The 'Assignment'. This is an entity that stores properties of the assignment request and attributes returned from the PACS system (like the external id). Usually an 'Assignment' will be stored as Request.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsAssignEntitlementParametrizedTask}

The following parameters can be configured in Identity Manager Admin: 

 ParameterMandatoryDefault valueDescription
pacsName


The name of the PACS system to communicate with.
entitlementAssignmentDataPoolName

falseThe name of the data pool for core objects, that stores the assignment, for example, 'Request'.
entitlementAssignmentExternalIdFieldName


The field name of the above data pool, where the external id of the assignment is stored, for example, 'ExternalId'.

targetEntity


The assignment is done on either a person or an access rule. By providing values such as 'person' or 'PERSON' (all letter are handled as lower case) the assignment is done on the person entity. By providing any other values, the assignment is done on the access rule.

relatedEntitlementsCoreObjectDescriptorList



Contains a list of entitlements related to the entitlement to be assigned. Mostly used to associate a room with a time zone.

Description

Use this task to create a group membership in Smart ID Physical Access component. Group membership means, assigning an existing person to an existing group.

The task works on three different core objects:

  • The 'Person'. This is the identity which gets a group assigned.
  • The 'Group'. This is an entity in Identity Manager which represents an group at the PACS system.
  • The 'Membership'. This is an entity that stores properties of the membership request and attributes returned from the PACS system (like the external id).

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsCreateGroupMembershipParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatorySample ValueDescription
pacsName


The name of the PACS system to communicate with.

groupMembershipDataPoolName


The name of the data pool for core objects, that stores the group membership, for example, 'Request'.
groupMembershipExternalIdFieldName


The field name of the above data pool, where the external id of the membership is stored, for example, 'ExternalId'.

Description 

Use this task to send a request to PACS to create (if non existent) or to update (if exists) a card.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsCreateOrUpdateCardParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryDefault valueDescription

pacsName


The name of the PACS system to communicate with.

cardStateFieldName


The card data pool field name where Identity Manager stores the state of the person, for example, 'Meta_CoreObjectState_PcmDpEmployeeCard'.

cardActiveStates


A comma separated list of supported active card states in Identity Manager, for example, 'active,enabled'.
cardType-
Optional. The type of a card. Physical Access component accepts two types: 'mifare' and 'em'.

Description

Use this action to send a request to PACS to create (if non existent) or to update (if exists) a person.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsCreateOrUpdatePersonParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryDefault valueDescription

pacsName


The name of the PACS system to communicate with.

personStateFieldName


The person data pool field name where Identity Manager stores the state of the person, for example, 'Meta_CoreObjectState_BaseDpEmployee'.

personStates


A comma separated list of supported active person states in Identity Manager, for example, 'active,enabled'.

Description

Use this action to fetch entitlements of a given type or several types from a PACS system. Currently supported: Physical Access component. The fetched entitlements are stored as core objects.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsFetchEntitlementsParametrizedTask}

 The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryDefault valueDescription
coreTemplateName


The name of the core template in which the entitlements shall be stored.
entitlementTypesField-

The name of the data pool for core objects, that store the assignment with the external id, for example, 'Request'.

listOfEntitlementTypes-

The field name of the above data pool, where the external id of the assignment is stored, for example, 'ExternalId'.

coreObjectDescriptorOutputField-

Description

Use this task to send a request to PACS to create (if non existent), update (if exists) and delete (if exists) a group.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsDealWithGroupParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatorySample ValueDescription
pacsName


The name of the core template in which the entitlements shall be stored.
deleteFlag

falseFlag for indicating whether the group should be created/updated (false) or if the group should be deleted (true).

Description

Use this task to send a request to PACS to create (if non existent), update (if exists) and delete (if exists) an access rule.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsDealWithAccessRuleParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatorySample ValueDescription
pacsName


The name of the PACS system to communicate with.
deleteFlag

falseFlag for indicating whether the access rule should be created/updated (false) or if the access rule should be deleted (true).

Description

Use this task to withdraw an entitlement from a person.

  • For Physical Access component there has to be a Request with the entitlement assignment id in the process map.

The task works only on the core object 'Assignment'. This is an entity that stores the external id of the EntitlementAssignment within Physical Access component. Usually a Request is used to hold this information.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsWithdrawEntitlementParametrizedTask}

The following parameters can be configured in Identity Manager Admin: 

 ParameterMandatoryDefault valueDescription
pacsName


The name of the PACS system to communicate with.
entitlementAssignmentDataPoolName


The name of the data pool for core objects, that store the assignment with the external id, for example, 'Request'.
entitlementAssignmentExternalIdFieldName


The field name of the above data pool, where the external id of the assignment is stored, for example, 'ExternalId'.

targetEntity


The withdrawal is done on either a person or an access rule. By providing values such as 'person' or 'PERSON' (all letter are handled as lower case) the withdrawal is done on the person entity. By providing any other values, the withdrawal is done on the access rule.

Description

Use this task to withdraw a group membership in Physical Access component.

Configuration

To use this task, configure the following delegate expression in your service task. There has to be a Request with the group membership id in the process map.

${pacsWithdrawGroupMembershipParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatorySample ValueDescription
pacsName


The name of the PACS system to communicate with.

groupMembershipDataPoolName


The name of the data pool for core objects, that stores the group membership, for example, 'Request'.
groupMembershipExternalIdFieldName


The field name of the above data pool, where the external id of the membership is stored, for example, 'ExternalId'.