Nexus Documentation

Space shortcuts

Page tree

Visit Nexus to get an overview of Nexus' solutions, read customer cases, access the latest news, and more.

This article describes how to configure the SiPort Service, to enable integration between Smart ID Identity Manager, Physical Access and SiPort. 

SiPort is an Access Control System provided by Siemens Software and ODBC Connectivity to interact with SiPort through the ODBC connectivity. After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in SiPort.

For details on which data can be imported and exported from SiPort, see About import and export to Physical Access.


Expand/Collapse All

Prerequisites

The following prerequisites apply:

  • Physical Access and SiPort Docker container/service are installed. See Deploy Smart ID.
  • ODBC Connectivity is required to interact with SiPort.
  • The message queue server must be running.
  • If MIFARE card technology is used, the PACS MIFARE number must be available as raw data (not encrypted, truncated, or similar). 
  • A working network connection to the connected physical access control systems (PACS) must be in place. 

Configure SiPort Service data fields

The SiPort data is configured in the configuration table in the Physical Access database. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.

To connect to a PACS system:

  1. Log in to Physical Access admin panel as an admin user.
    All configured PACS connector services are listed, as well as Generic configurations to define the messaging queue. 
  2. Click on a system to do updates.
    All database entries are listed. 
  3. To update an entry, click on the icon. Edit as needed and then click Update
  4. To create an entry, click on +Create. Select Group, enter Key, Value and Index, and then click Create

group: messagingqueue

keyData typeRequired or OptionalDescription
serverstringRequired

IP Address of Message Queue Server. If it is installed on the local server then we can use localhost. If we are accessing this server remotely then need to mention IP address.

usernamestringRequired

Username of message queue server.

Default value: “guest”

passwordstringRequired

Password of message queue server.

Default value: “guest”

systemstringRequired

Defines which messaging queue to be used, either "rabbitmq" or "azureservicebus".

Default value: "rabbitmq"

group: general

keyData typeRequired or OptionalDescription
deleteUserOnNoEntitlementstringOptional

Defines if the user shall be deleted if no active entitlement assignment are present for that user.

Valid values: true or false.

Default: true

deleteUserOnNoAccessTokenstringOptional

Defines if the user shall be deleted if no active access tokens are present for that user.

Valid values: true or false.

Default: true 

heartbeatInterval

intOptional

Heartbeat interval is the time difference between two successive heartbeats, and it is used to know if the system is in active (running) or in inactive (stopped) state.

Default value and minimum value: 60 seconds. If it is set less than 60 seconds, it will be considered as 60 seconds to update the status.

group: general

keyData typeRequired or OptionalDescription
updatesPerPollintOptional

The maximum number of messages read from the message queue.

Default: 100

group: siport.general

keyData typeRequired or OptionalDescription
connectionstring stringRequiredConnection string to connect to SiPort using ODBC connectivity.

Example

IdGroupIndexKeysystemvalue
1siport.general0connectionstringSIPORTData Source=server; Initial Catalog=dbname;User ID=sa;Password=changeme
2general0updatesperpollSIPORT100
3messagingqueue0serverSIPORTLocalhost
4messagingqueue0usernameSIPORTGuest
5messagingqueue0passwordSIPORTGuest

group: export

keyData typeRequired or OptionalDescription
TenantIdintRequired

Id of tenant which we want to use. We can find id of tenant in the Tenant table of the SiPort database.

cardNumberIdentifierTypesstringRequired

This is the type of identifier which we want to use for card number.

siPortImportTimeintRequired

SiPortImportTime is the time required to SiPort import process to import record send by SiPort connector. This time is in seconds. Default value is 10 seconds.

siPortDataValidationboolRequired

siPortDataValidation is a flag which defines if the export process shall include an additional validation on each request to check if the data (users, access tokens and entitlements) is processed to Siport or if the data fails to sync. If data fails to sync, then the system tries to resync the data ten times. If it still fails, then the failure is logged in the synchronizationstatus table.

If siPortDataValidation is set to false, then the system will sync data to Siport import process and skip the additional validation. If there is any error while syncing the data into Siport import process, then the system tries to resync the data ten times. If it still fails, then the failure is logged in the synchronizationstatus table.

Default: false

userfieldmappingsstringOptional

userfieldmappings is the combination of all additional fields which can be sent to SiPort.

Bold fields in the table below are standard columns which can be sent for each request. Other columns can be configured as additional fields. User column fields can be sent by adding the configuration user.column_name_of_user_table, column, as described in the table below. 

The value in Column Name is the name of the column in the table SIST_Pers_Import. This column name can be used for extra field configuration like ManagerEmail, DATA_BirthDate, DATA_20_Version_VN, DATA_20_Sex_GS, etc.

For more information, see the SiPort import document.

Before starting to configure or export additional fields, the number of exported columns must be configured with the help of SIPORT Personnel Data Import.

Columns in userfieldmappings

Click here to for descriptions of the columns of userfieldmappings:

Bold fields in the table below are standard columns which can be sent for each request. Don’t use standard columns to configure additional fields. They will not be exported. 

Column NameTypeSizeDescription
DATA_20_Ident_no_CNNVARCHAR6Card number
DATA_20_Person_no_PNNVARCHAR14Personnel number
DATA_20_Version_VNSMALLINT
Version
DATA_20_Name_NANVARCHAR30First name
DATA_20_Surname_NANVARCHAR30Surname
DATA_20_Sex_GSNVARCHAR1Gender
DATA_20_OperatorCode_BCNVARCHAR1Branch code
DATA_20_OnlineProfil_P1INT
Online profile ID
DATA_20_Validfor_D1DATETIME
Valid from (date/time)
DATA_20_Validto_D2DATETIME
Valid to (date/time)
DATA_20_Pincode_CONVARCHAR6PIN code
DATA_20_Stresscode_SCBYTE
Stress code
DATA_20_Lockflag_OFNVARCHAR1Block flag (empty = not locked)
DATA_20_Group1_G1BYTE
Active pers. limiting
DATA_20_Group2_G2BYTE
Visitor / guard card
DATA_20_Group3_G3BYTE
Time enable
DATA_20_Group4_G4BYTE
Terminal enabling
DATA_20_SpecialFlags_FLBYTE
Special flags
DATA_20_DateLastBook_DODATETIME
Date of last card transaction
DATA_20_PortLastBook_POBYTE
Port of last booking
DATA_20_ReaderLastBook_RDBYTE
Last booking at reader
DATA_20_Room_RNSMALLINT
Room number
DATA_20_ErrorCount_ZCSMALLINT
Error counter
DATA_20_Parking_no_PASMALLINT
Parking space number
DATA_30_Keygroup_TGNVARCHAR1Group of keys
DATA_30_Accessright_TBNVARCHAR1Keypad authorization
DATA_30_Fktkeyright_FBNVARCHAR1Function key authorization
DATA_30_Mailbox_Text_MTSMALLINT
Mailbox text
DATA_30_Free_Display_Text_FTNVARCHAR20Free display text
DATA_130_Date_D4DATUM
Date
DATA_130_Date_D5DATUM
Date
DATA_130_Info1_I1_Balance_S1NVARCHAR10Balance 1/ Information field 1
DATA_130_Info2_I2_Balance_S2NVARCHAR10Balance 2 / Information field 2
DATA_130_Info3_I3_Balance_S3NVARCHAR10Balance 3 / Information field 3
DATA_130_Info4_I4_Balance_S4NVARCHAR10Balance 4 / Information field 4
DATA_130_Info5_I5_Balance_S5NVARCHAR10Balance 5 / Information field 5
DATA_130_Info6_I6_Balance_S6NVARCHAR10Vacation balance 1 / Info field 6
DATA_130_Info7_I7_Balance_S7NVARCHAR10Vacation balance 2 / Info field 7
DATA_130_InfoA_IA_Balance_SANVARCHAR10Balance (flextime balance) / Info field 10
DELETEDINT
0 = Normal, -1 = deleted
TSDATETIME
Date of last modification (updated by SIPORT when data is imported)
DATA_TitleNVARCHAR30Title
DATA_RankNVARCHAR30Position
DATA_BirthDateDATETIME
Birth date
DATA_EntryDateDATETIME
Start date
DATA_LeaveDateDATETIME
End date
DATA_CodeNVARCHAR30Code
DATA_GazSMALLINT
Gaz
DATA_StatusNVARCHAR30Status
DATA_PictogrammINT
Pictogram
DATA_LayoutIDINT
Layout ID
DATA_PrintDataDATETIME
Printer data
DATA_PrintVersionSMALLINT
Printer version
DATA_PrintUserNVARCHAR20Printer user
DATA_PrintStatusINT
Printer status
Card_TypeNVARCHAR2Card type
Orig_Keyfield_CN_PNNVARCHAR14Original key field personnel number
Orig_OnlineProfil_P1INT
Original online profile P1
Orig_Validfor_D1DATETIME
Originally valid from
Orig_Validto_D2DATETIME
Originally valid to
MIFCodingDefinitionIDINT
Mifare coding definition ID
LocationNVARCHAR255Place
DATA_NOT_SYNCINT
Do not load to kernel
CompanyIDINT
ID of the company
AW146_CardNumber_1NVARCHAR1414-digit card number 1
AW146_CardNumber_2NVARCHAR1414-digit card number 2
AW146_CardNumber_3NVARCHAR1414-digit card number 3
AW146_CardNumber_4NVARCHAR1414-digit card number
AW146_Mode_1SMALLINT
Operation mode
AW146_Mode_2SMALLINT
Operation mode
AW146_Mode_3SMALLINT
Operation mode
AW146_Mode_4SMALLINT
Operation mode
AW146_Flag_1SMALLINT
0 = Only for SIPORT 256 = Use for ELD
AW146_Flag_2SMALLINT
0 = Only for SIPORT 256 = Use for ELD
AW146_Flag_3SMALLINT
0 = Only for SIPORT 256 = Use for ELD
AW146_Flag_4SMALLINT
0 = Only for SIPORT 256 = Use for ELD
AW146_Data_Not_Sync_SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Data_Not_Sync_SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Data_Not_Sync_SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Data_Not_Sync_SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Deleted_1SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Deleted_2SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Deleted_3SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Deleted_4SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
DATA_FreeDef1-60NVARCHAR255User-defined field 1-60
Prof_DeleteAllNumber (long)1All existing profiles are deleted before import.
Prof_ActionNVARCHAR1Action performed with the profile I = Insert
D = Delete U = Update
Prof_NameNVARCHAR400Name of profile to be imported. More than one profile can be indicated. Separator: comma.
Prof_ValidFromNVARCHAR16

Start of profile validity dd.mm.yyyy)
NULL = Always valid
Applies to all profiles Prof_Name

Prof_ValidToNVARCHAR16End of profile validity (format: dd.mm.yyyy)
NULL = Always valid
Applies to all profiles from Prof_Name
DATA_30_ASBYTE
Attendance status
DATA_20_FreeDef_FDNVARCHAR10Freely definable field
TenantIDINT
ID of the tenant
CardStatusINT
Status of the card
DATA_30_Company_FANVARCHAR32Company
DATA_30_Firm_BTNVARCHAR6Branch
DATA_30_Department_ABNVARCHAR8Department
DATA_30_Cost_KSNVARCHAR8Cost center

Example

IdGroupIndexKeysystemvalue
17export0userfieldmappingsSIPORTemail.ManagerEmail,ManagerEmail
18export0userfieldmappingsSIPORTemail.Work,Email
19export0userfieldmappingsSIPORTuseradditionalfield.Gender, DATA_20_Sex_GS
20export0userfieldmappingsSIPORTuseradditionalfield.Version, DATA_20_Version_VN
21export0userfieldmappingsSIPORTuseradditionalfield.BirthDate, DATA_BirthDate
22export0cardNumberIdentifierTypesSIPORTMifare
23export0TenantIdSIPORT65
24export0siPortImportTimeSIPORT10

The service mainly transfers user data including related access tokens and entitlement assignments. The tables below show the default field mapping.

If needed, additional fields can be configured, using the SCIM API and useradditionalfield in the database configuration. 

User field mapping

By default, the following data is mapped between the USER table in the Physical Access and the SiPort service: 

SR NoPhysical Access field (Web API)SiPort field (UI)
1givenname (givenName)FirstName
2familyname (FamilyName)Surname
3Check userfieldmappings Configuration and then map actual “Email” Type(emails-type-value)Email
4Check userfieldmappings Configuration and then map actual ManagerEmail TypeManagerEmail
5Ssn (SSN Birthdate Part)Personnel no
6TitleTitle

Access token field mapping

By default, the following data is mapped between the ACCESSTOKEN and ACCESSTOKENIDENTIFIER tables in the Physical Access and the SiPort service: 

SR NoPhysical Access field (Web API)SiPort field (UI)
1Value of Access Token Identifier which is configured in configuration setting cardNumberIdentifierTypes14-digit badge No

Entitlement assignment field mapping

By default, the following data is mapped between the ENTITLEMENTASSIGNMENT table in the Physical Access and the SiPort service: 

SR NoPhysical Access field (Web API)SiPort field (UI)
1ExternalId (ExternalId)ProfileID of table SIST_Prof2_XYProf
2DisplayName (entitlement-DisplayName)Tenant-ProfileId-Short Text

Restart service

  1. Restart the SiPort connector service:

    Restart Physical Access SiPort connector
    cd <SMARTIDHOME>/compose/physicalaccess
docker-compose restart smartid-pa-siport

This article is valid for Smart ID 21.04 and later.

Related information

Contact Nexus

For feedback on product documentation, select Reason for contact: Feedback on documentation.

© 2023 Technology Nexus Secured Business Solutions AB. All rights reserved.
Disclaimer | Terms & Conditions.