Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.


Description

Use this task to assign an entitlement to a person.

The task works on three different core objects:

  • The 'Person'. This is the identity which gets an entitlement assigned.
  • The 'Entitlement'. This is an entity in Identity Manager which represents an entitlement (or 'access profile') at the PACS system.
  • The 'Assignment'. This is an entity that stores properties of the assignment request and attributes returned from the PACS system (like the external id). Usually an 'Assignment' will be stored as Request.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsAssignEntitlementParametrizedTask}

The following parameters can be configured in Identity Manager Admin: 

 ParameterMandatoryValueDescription
pacsName


The name of the PACS system to communicate with.
entitlementAssignmentDataPoolName

Example value:

  • Request
The name of the data pool for core objects, that stores the assignment, for example, 'Request'.
entitlementAssignmentExternalIdFieldName

Example value:

  • ExternalId

The field name of the above data pool, where the external id of the assignment is stored, for example, 'ExternalId'.

targetEntity

Example values:

  • 'person' or 'PERSON' (for a person)
  • other values (for an access rule)

The assignment is done on either a person or an access rule. By providing values such as 'person' or 'PERSON' (all letter are handled as lower case) the assignment is done on the person entity. By providing any other values, the assignment is done on the access rule.

relatedEntitlementsCoreObjectDescriptorList



Contains a list of entitlements related to the entitlement to be assigned. Mostly used to associate a room with a time zone.

Description

Use this task to create a group membership in Smart ID Physical Access component. Group membership means, assigning an existing person to an existing group.

The task works on three different core objects:

  • The 'Person'. This is the identity which gets a group assigned.
  • The 'Group'. This is an entity in Identity Manager which represents an group at the PACS system.
  • The 'Membership'. This is an entity that stores properties of the membership request and attributes returned from the PACS system (like the external id).

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsCreateGroupMembershipParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryValueDescription
pacsName


The name of the PACS system to communicate with.

groupMembershipDataPoolName

Example value:

  • Request
The name of the data pool for core objects, that stores the group membership.
groupMembershipExternalIdFieldName

Example value:

  • ExternalId

The field name of the above data pool, where the external id of the membership is stored.

Description 

Use this task to send a request to PACS to create (if non existent) or to update (if exists) a card.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsCreateOrUpdateCardParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryValueDescription

pacsName


The name of the PACS system to communicate with.

cardStateFieldName

Example value:

  • Meta_CoreObjectState_PcmDpEmployeeCard
The card data pool field name where Identity Manager stores the state of the person.

cardActiveStates

Example value:

  • 'active,enabled'
A comma separated list of supported active card states in Identity Manager.
cardType-

Valid values:

  • 'mifare'
  • 'em'
Optional. The type of a card. Physical Access component accepts two types: 'mifare' and 'em'.

Description

Use this action to send a request to PACS to create (if non existent) or to update (if exists) a person.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsCreateOrUpdatePersonParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryValueDescription

pacsName


The name of the PACS system to communicate with.

personStateFieldName

Example value:

  • Meta_CoreObjectState_BaseDpEmployee
The person data pool field name where Identity Manager stores the state of the person.

personStates

Example value:

  • 'active,enabled'
A comma separated list of supported active person states in Identity Manager.

Description

Use this action to fetch entitlements of a given type or several types from a PACS system. Currently supported: Physical Access component. The fetched entitlements are stored as core objects.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsFetchEntitlementsParametrizedTask}

 The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryValueDescription
coreTemplateName


The name of the core template in which the entitlements shall be stored.
entitlementTypesField-

Example value:

  • Request

The name of the data pool for core objects, that store the assignment with the external id.

listOfEntitlementTypes-

Valid values:

  • DEFAULT
  • ZP
  • ZPC
  • RZ_TZ
  • DG_TZ
  • D_TZ

Zero or more comma separated values from the list: DEFAULT, ZP, ZPC, RZ_TZ, DG_TZ, D_TZ

coreObjectDescriptorOutputField-
List of the core objects that were saved into the database. In this service task, the list contains entitlement objects, since the task saves entitlements into the database.

Description

Use this task to send a request to PACS to create (if non existent), update (if exists) and delete (if exists) a group.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsDealWithGroupParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryValueDescription
pacsName


The name of the core template in which the entitlements shall be stored.
deleteFlag

Valid values:

  • true
  • false
Flag for indicating whether the group should be created/updated (false) or if the group should be deleted (true).

Description

Use this task to send a request to PACS to create (if non existent), update (if exists) and delete (if exists) an access rule.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsDealWithAccessRuleParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryValueDescription
pacsName


The name of the PACS system to communicate with.
deleteFlag

Valid values:

  • true
  • false
Flag for indicating whether the access rule should be created/updated (false) or if the access rule should be deleted (true).

Description

Use this task to withdraw an entitlement from a person.

  • For Physical Access component there has to be a Request with the entitlement assignment id in the process map.

The task works only on the core object 'Assignment'. This is an entity that stores the external id of the EntitlementAssignment within Physical Access component. Usually a Request is used to hold this information.

Configuration

To use this task, configure the following delegate expression in your service task:

${pacsWithdrawEntitlementParametrizedTask}

The following parameters can be configured in Identity Manager Admin: 

 ParameterMandatoryValueDescription
pacsName


The name of the PACS system to communicate with.
entitlementAssignmentDataPoolName

Example value:

  • Request
The name of the data pool for core objects, that store the assignment with the external id.
entitlementAssignmentExternalIdFieldName

Example value:

  • ExternalId

The field name of the above data pool, where the external id of the assignment is stored.

targetEntity

Example values:

  • 'person' or 'PERSON' (for a person)
  • other values (for an access rule)

The withdrawal is done on either a person or an access rule. By providing values such as 'person' or 'PERSON' (all letter are handled as lower case) the withdrawal is done on the person entity. By providing any other values, the withdrawal is done on the access rule.

Description

Use this task to withdraw a group membership in Physical Access component.

Configuration

To use this task, configure the following delegate expression in your service task. There has to be a Request with the group membership id in the process map.

${pacsWithdrawGroupMembershipParametrizedTask}

The following parameters can be configured in Identity Manager Admin:

ParameterMandatoryValueDescription
pacsName


The name of the PACS system to communicate with.

groupMembershipDataPoolName

Example value:

  • Request
The name of the data pool for core objects, that stores the group membership.
groupMembershipExternalIdFieldName

Example value:

  • ExternalId

The field name of the above data pool, where the external id of the membership is stored.