Nexus Documentation

Space shortcuts

Page tree

Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.

This article describes how to configure the Bewator Omnis Service, to enable integration between Smart ID Identity Manager, Physical Access and Bewator Omnis. 

Bewator Omnis is an Access Control System provided by Vanderbilt and managed by a GUI and API to interact with Bewator Omnis through the OmnisAPI.DLL. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in Bewator. 

For details on which data can be imported and exported from Bewator, see About import and export to Physical Access.


Expand/Collapse All

Prerequisites

The following prerequisites apply:

  • Physical Access and the Bewator Omnis Docker container/service are installed. See Deploy Smart ID.
  • Bewator Omnis server version 6.2.110 or newer is required. The Omnis API (DLL) version 2.2 is required to interact with Bewator Omnis.
  • The message queue server must be running.
  • If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar). 
  • A working network connection to the connected physical access control systems (PACS) must be in place. 

Install IIS web server

To host the Bewator Omnis Web Service on the Omnis Server, an IIS server must be installed. 

  1. If an IIS server is not installed, then follow Step 1 in https://docs.microsoft.com/en-us/iis/manage/creating-websites/scenario-build-a-static-website-on-iis. to install it. 
  2. Host the web service /BewatorOmnisWebService/, according to Step 2 in the lsam article.

  3. Verify that the web service is hosted correctly, by browsing to the URL: 

    Example: Bewator Omnis web service URL
    http://localhost:<port>/BewatorOmnisWebService.asmx
  4. Configure the following parameters in the web service configuration file \BewatorOmnisWebService\Web.Config
keyData typeRequired or OptionalDescription
omnisipstringRequired

The omnisip is the IP address of Omnis Bewator server where application has been installed.

omnisport intRequired

The port number where Omnis Bewator server is listening. You can find this in the Omnis application at File > Setting > System Setting in the tab connection TCP/IP-port for the BAPSI-protocols.

Omnisidentifier stringRequired

The Omnis Identifier is a unique identifier which is generated when we install Bewator Omnis and add license key. This identifier is required to connect API to the Omnis Server. You find this identifier at File > Person Registry > Administration tab > External Connection. Double click on the external connection and a popup will appear. In this popup we will get the Identifier.

Configure Bewator Omnis Service data fields

The Bewator Omnis data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.

To connect to a PACS system:

  1. Log in to Physical Access admin panel as an admin user.
    All configured PACS connector services are listed, as well as Generic configurations to define the messaging queue. 
  2. Click on a system to do updates.
    All database entries are listed. 
  3. To update an entry, click on the icon. Edit as needed and then click Update
  4. To create an entry, click on +Create. Select Group, enter Key, Value and Index, and then click Create

group: messagingqueue

keyData typeRequired or OptionalDescription
serverstringRequired

IP Address of Message Queue Server. If it is installed on the local server then we can use localhost. If we are accessing this server remotely then need to mention IP address.

usernamestringRequired

Username of message queue server.

Default value: “guest”

passwordstringRequired

Password of message queue server.

Default value: “guest”

systemstringRequired

Defines which messaging queue to be used, either "rabbitmq" or "azureservicebus".

Default value: "rabbitmq"

group: general

keyData typeRequired or OptionalDescription
deleteUserOnNoEntitlementstringOptional

Defines if the user shall be deleted if no active entitlement assignment are present for that user.

Valid values: true or false.

Default: true

deleteUserOnNoAccessTokenstringOptional

Defines if the user shall be deleted if no active access tokens are present for that user.

Valid values: true or false.

Default: true 

heartbeatInterval

intOptional

Heartbeat interval is the time difference between two successive heartbeats, and it is used to know if the system is in active (running) or in inactive (stopped) state.

Default value and minimum value: 60 seconds. If it is set less than 60 seconds, it will be considered as 60 seconds to update the status.

group: general

keyData typeRequired or OptionalDescription
updatesPerPollintOptional

The maximum number of messages read from the message queue.

Default: 100

group: BewatorOmnis

keyData typeRequired or OptionalDescription
OmnisWebServiceUrlstringRequired

This is the URL of the OmnisWebService hosted on the Omnis Server.

Example: http://localhost:/BewatorOmnisWebService.asmx

cardnumberpaddinglength intRequired

This is a default setting which indicates max length of Access Token number and if number is less than 16 then prepend 0 (zero) to that number. For example, If access token is 1234567 and cardnumberpaddinglength is 10 then access token number will look like this 0001234567.

identifiertypestringRequired

Identifier type is the type of identifier which decides which identifier of access token use for access token number.

accessgroupdelimiterstringRequired

Access group delimiter is used to concatenate organization id and department id and same for name of entitlements like 1-2 and My organization – Department.

homeorganization stringRequiredHome Organization is the organization in Bewator Omnis. Home organization is used while creating users.
entitlementimporttype stringRequired

This type is use to set structure of import and export. Possible values are listed in the following table:

import typeDescription
Department

Used to manage entitlements as a combination of Organization and Department, while ignoring import of access groups.

During export, only the Department entitlement type will be exported. If the entitlement type is not Department, and the entitlement exists in Omnis, then it will be removed from that user.

Organization

Used to manage entitlements by Organization only, while ignoring import of access groups and departments.

During export, only the Organization entitlement type will be exported. If the entitlement type is not Organization, and the entitlement exists in Omnis, then it will be removed from that user.

AccessGroup

Used to manage entitlements by AccessGroup only, while ignoring import of organizations and departments.

During export, only the AccessGroup entitlement type will be exported. If the entitlement type is not Accessgroup, end the entitlement exists in Omnis, then it will be removed from that user.

AccessGroupDepartment

Used to manage entitlements as a combination of AccessGroup and Department, while ignoring import of organizations.

During export, both the AccessGroup and Department entitlement type will be exported. If the entitlement type is not AccessGroup or Department, and the entitlement exists in Omnis, then it will be removed from that user.

AccessGroupOrganization

Used to manage entitlements as a combination of AccessGroup and Organization, while ignoring import of departments.

During export, both the AccessGroup and Organization entitlement type will be exported. If the entitlement type is not AccessGroup or Organization, and the entitlement exists in Omnis, then it will be removed from that user.

Example

IdGroupIndexKeysystemvalue
1general0updatesperpollBewatorOmnis100
2BewatorOmnis0deletepersononnoaccess BewatorOmnisfalse
3BewatorOmnis0cardnumberpaddinglength BewatorOmnis16
4BewatorOmnis0identifiertypeBewatorOmnismifare
5BewatorOmnis0accessgroupdelimiterBewatorOmnis-
6BewatorOmnis0homeorganization BewatorOmnis

Home Organization


group: omnis.export

keyData typeRequired or OptionalDescription
userfieldmappingsstringOptional

The userfieldmappings is the combination of all additional fields which we can send to Bewator Omnis. Currently, we can configure fields (Address, Email, PhoneHome, PhoneMobile, PhoneOffice and Remark) of Omnis. To export these fields to Omnis, we need to do the following configuration.

The value in configuration setting is a combination of table_name.value_of_type_column,field_name_of_omnis. This configuration setting is the mapping between the Physical Access table field and the Omnis field. We can send user column fields by adding configuration like user.column_name,omnis_field_name.

Example

The following is an example of userfieldmapping:

IdGroupIndexKeysystemvalue
14omnis.export1userfieldmappingsBewatorOmnisphone.mobile,PhoneMobile
15omnis.export1userfieldmappingsBewatorOmnisAddress.work,Address
16omnis.export1userfieldmappingsBewatorOmnisEmail.work,Email
20omnis.export1userfieldmappingsBewatorOmnisphone.home,PhoneHome
21omnis.export1userfieldmappingsBewatorOmnisphone.office,PhoneOffice
22omnis.export1userfieldmappingsBewatorOmnisuseradditionalfield.remark,Remark

The service mainly transfers user data including related access tokens and entitlement assignments. The tables below show the default field mapping.

If needed, additional fields can be configured, using the SCIM API and useradditionalfield in the database configuration. 

User field mapping

By default, the following data is mapped between the USER table in the Physical Access and the Bewator Omnis service: 

SR NoPhysical Access field (Web API)Bewator Omnis field (UI)
1Service Configuration (homeorganization)Organization (Organization directory on UI)
2givenname (givenName)givenname (givenName)
3familyname (FamilyName)LastName (Sirname)
4pin (Pin)PIN (PIN)
5validto (ValidTo)validTo (Time limit access To)

Access token field mapping

By default, the following data is mapped between the ACCESSTOKEN and ACCESSTOKENIDENTIFIER tables in the Physical Access and the Bewator Omnis service: 

SR NoPhysical Access field (Web API)Bewator Omnis field (UI)
1CardNumber (identifiers-type-value)CardCode (Kortnummer)
2assigneeId(assignee)AssignedPersonId (User)
3As per ValidTo and Status of CardStatus (Status)

Entitlement assignment field mapping

By default, the following data is mapped between the ENTITLEMENTASSIGNMENT table in the Physical Access and the Bewator Omnis service: 

SR NoPhysical Access field (Web API)Bewator Omnis field (UI)
1assigneeid (assignee -value)ExternalId (Selected User Name)
2Entitlement.ExternalId (First part before Group delimitator)Organization (Organization)
3Entitlement.ExternalId (Second part after Group delimitator)Department (Department)
4Entitlement.EntitlementTypeUsed to set type of structure we want to use to import and export entitlement assignment.

Restart service

  1. Restart the Bewator Omnis connector service:

    Restart Physical Access Bewator Omnis connector
    cd <SMARTIDHOME>/compose/physicalaccess
docker-compose restart smartid-pa-omnis

This article is valid for Smart ID 21.04 and later.

Related information

Contact Nexus

For feedback on product documentation, select Reason for contact: Feedback on documentation.

© 2023 Technology Nexus Secured Business Solutions AB. All rights reserved.
Disclaimer | Terms & Conditions.