Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Skip to end of metadata
Go to start of metadata

This article describes how to install and configure the SiPort Service, to enable integration between Smart ID Identity Manager (PRIME) Physical Access and SiPort. 

SiPort is an Access Control System provided by Siemens Software and ODBC Connectivity to interact with SiPort through the ODBC connectivity.

After integration, all administration of Users, Access Token and Entitlements (besides defining them) should be done in Identity Manager, never in SiPort.

For details on which data can be imported and exported from SiPort, see About import and export to Physical Access.


Expand/Collapse All

Prerequisites

 Prerequisites

The following prerequisites apply:

  • Physical Access is installed. See here.
  • ODBC Connectivity is required to interact with SiPort.
  • The message queue server must be running.

Configure SiPort Service

The service is configured in the configuration table in the Physical Access database and in the configuration file. All configuration is cached when the service starts so any configuration changes will require the service to be restarted in order to take effect.

 Set parameters in the configuration file

The configuration file is named SiPortService.exe.config.

To set parameters in the PACS connector service configuration file:

  1. Open the .exe.config file for editing. The file must be located in the same folder as the .exe file.
  2. Edit any parameters in the appSettings section. For more information, see the table below.
  3. Save and exit the file.
ParameterRequired or OptionalDescription

appSettings >
SystemId

Required

The ID of the service. This ID is used when retrieving configuration from the database and must be unique. If running several instances of the service each instance must have a unique ID which means they must also have their own configuration in the database.

This parameter must be configured before installing the service.

appSettings >
PollInterval

Required

The number of seconds between each poll. Note that this is not the number of seconds to wait between polls, the wait time will be adjusted depending on how long each poll takes. 

Default value: 30 seconds.

appSettings >
DBType
Optional

Indicates which database will be used. This database type can be MYSQL or MSSQL.

Default value: MSSQL.

appSettings >
ConnectionString

Required

A connection string to the Physical Access database, as configured in Install Physical Access in Identity Manager. The connection string pattern depends on DBType.

Example connection string for DbType MYSQL
server=localhost;userid=user;password=password;database=pascard
Example connection string for DbType MSSQL
Data Source=localhost SQLEXPRESS;Initial Catalog=Prime_Backend;Integrated Security=True;

Client >
endpoint address

Required for RCO and Integra

The endpoint address needs to be changed to point to the service.

Example: endpoint address for RCO
http://localhost/AdminService/M5AdminService.asmx

 Apply configuration

To apply the configuration in the PACS connector service:

  1. Insert the default configuration in the database, by running the service with the config parameter, for example:

    Example: Run Integra service with config parameter
    IntegraService.exe config
  2. If the service is already installed, it must be restarted for the configuration to be applied. See Restart PACS connector service.

 Configure database

To change the database configuration:

  1. Open the PACS admin panel:
    1. Go to the folder \PACS_Backend.
    2. Doubleclick on the shortcut pacs_adminpanel.
      The admin panel opens in a browser. 
  2. Log in as an admin user.
    All configured PACS connector services are listed, as well as Generic configurations to define the messaging queue. 
  3. Click on a system to do updates.
    All database entries are listed. 
  4. To update an entry, click on the icon. Edit as needed and then click Update
  5. To create an entry, click on +Create. Select Group, enter Key, Value and Index, and then click Create

group: messagingqueue

keyData typeRequired or OptionalDescription
serverstringRequired

IP Address of Message Queue Server. If it is installed on the local server then we can use localhost. If we are accessing this server remotely then need to mention IP address.

usernamestringRequired

Username of message queue server.

Default value: “guest”

passwordstringRequired

Password of message queue server.

Default value: “guest”

systemstringRequired

Defines which messaging queue to be used, either "rabbitmq" or "azureservicebus".

Default value: "rabbitmq"

group: general

keyData typeRequired or OptionalDescription
updatesPerPollintOptional

The maximum number of messages read from the message queue.

Default: 100

group: siport.general

keyData typeRequired or OptionalDescription
connectionstring stringRequiredConnection string to connect to SiPort using ODBC connectivity.

Example

IdGroupIndexKeysystemvalue
1siport.general0connectionstringSIPORTData Source=server; Initial Catalog=dbname;User ID=sa;Password=changeme
2general0updatesperpollSIPORT100
3messagingqueue0serverSIPORTLocalhost
4messagingqueue0usernameSIPORTGuest
5messagingqueue0passwordSIPORTGuest

group: export

keyData typeRequired or OptionalDescription
TenantIdintRequired

Id of tenant which we want to use. We can find id of tenant in the Tenant table of the SiPort database.

cardNumberIdentifierTypesstringRequired

This is the type of identifier which we want to use for card number.

siPortImportTimeintRequired

SiPortImportTime is the time required to SiPort import process to import record send by SiPort connector. This time is in seconds. Default value is 10 seconds.

userfieldmappingsstringOptional

userfieldmappings is the combination of all additional fields which can be sent to SiPort.

Bold fields in the table below are standard columns which can be sent for each request. Other columns can be configured as additional fields. User column fields can be sent by adding the configuration user.column_name_of_user_table, column, as described in the table below. 

The value in Column Name is the name of the column in the table SIST_Pers_Import. This column name can be used for extra field configuration like ManagerEmail, DATA_BirthDate, DATA_20_Version_VN, DATA_20_Sex_GS, etc.

For more information, see the SiPort import document.

Before starting to configure or export additional fields, the number of exported columns must be configured with the help of SIPORT Personnel Data Import.

Columns in userfieldmappings

Click here to for descriptions of the columns of userfieldmappings:

 Columns in userfieldmappings

Bold fields in the table below are standard columns which can be sent for each request. Don’t use standard columns to configure additional fields. They will not be exported. 

Column NameTypeSizeDescription
DATA_20_Ident_no_CNNVARCHAR6Card number
DATA_20_Person_no_PNNVARCHAR14Personnel number
DATA_20_Version_VNSMALLINT
Version
DATA_20_Name_NANVARCHAR30First name
DATA_20_Surname_NANVARCHAR30Surname
DATA_20_Sex_GSNVARCHAR1Gender
DATA_20_OperatorCode_BCNVARCHAR1Branch code
DATA_20_OnlineProfil_P1INT
Online profile ID
DATA_20_Validfor_D1DATETIME
Valid from (date/time)
DATA_20_Validto_D2DATETIME
Valid to (date/time)
DATA_20_Pincode_CONVARCHAR6PIN code
DATA_20_Stresscode_SCBYTE
Stress code
DATA_20_Lockflag_OFNVARCHAR1Block flag (empty = not locked)
DATA_20_Group1_G1BYTE
Active pers. limiting
DATA_20_Group2_G2BYTE
Visitor / guard card
DATA_20_Group3_G3BYTE
Time enable
DATA_20_Group4_G4BYTE
Terminal enabling
DATA_20_SpecialFlags_FLBYTE
Special flags
DATA_20_DateLastBook_DODATETIME
Date of last card transaction
DATA_20_PortLastBook_POBYTE
Port of last booking
DATA_20_ReaderLastBook_RDBYTE
Last booking at reader
DATA_20_Room_RNSMALLINT
Room number
DATA_20_ErrorCount_ZCSMALLINT
Error counter
DATA_20_Parking_no_PASMALLINT
Parking space number
DATA_30_Keygroup_TGNVARCHAR1Group of keys
DATA_30_Accessright_TBNVARCHAR1Keypad authorization
DATA_30_Fktkeyright_FBNVARCHAR1Function key authorization
DATA_30_Mailbox_Text_MTSMALLINT
Mailbox text
DATA_30_Free_Display_Text_FTNVARCHAR20Free display text
DATA_130_Date_D4DATUM
Date
DATA_130_Date_D5DATUM
Date
DATA_130_Info1_I1_Balance_S1NVARCHAR10Balance 1/ Information field 1
DATA_130_Info2_I2_Balance_S2NVARCHAR10Balance 2 / Information field 2
DATA_130_Info3_I3_Balance_S3NVARCHAR10Balance 3 / Information field 3
DATA_130_Info4_I4_Balance_S4NVARCHAR10Balance 4 / Information field 4
DATA_130_Info5_I5_Balance_S5NVARCHAR10Balance 5 / Information field 5
DATA_130_Info6_I6_Balance_S6NVARCHAR10Vacation balance 1 / Info field 6
DATA_130_Info7_I7_Balance_S7NVARCHAR10Vacation balance 2 / Info field 7
DATA_130_InfoA_IA_Balance_SANVARCHAR10Balance (flextime balance) / Info field 10
DELETEDINT
0 = Normal, -1 = deleted
TSDATETIME
Date of last modification (updated by SIPORT when data is imported)
DATA_TitleNVARCHAR30Title
DATA_RankNVARCHAR30Position
DATA_BirthDateDATETIME
Birth date
DATA_EntryDateDATETIME
Start date
DATA_LeaveDateDATETIME
End date
DATA_CodeNVARCHAR30Code
DATA_GazSMALLINT
Gaz
DATA_StatusNVARCHAR30Status
DATA_PictogrammINT
Pictogram
DATA_LayoutIDINT
Layout ID
DATA_PrintDataDATETIME
Printer data
DATA_PrintVersionSMALLINT
Printer version
DATA_PrintUserNVARCHAR20Printer user
DATA_PrintStatusINT
Printer status
Card_TypeNVARCHAR2Card type
Orig_Keyfield_CN_PNNVARCHAR14Original key field personnel number
Orig_OnlineProfil_P1INT
Original online profile P1
Orig_Validfor_D1DATETIME
Originally valid from
Orig_Validto_D2DATETIME
Originally valid to
MIFCodingDefinitionIDINT
Mifare coding definition ID
LocationNVARCHAR255Place
DATA_NOT_SYNCINT
Do not load to kernel
CompanyIDINT
ID of the company
AW146_CardNumber_1NVARCHAR1414-digit card number 1
AW146_CardNumber_2NVARCHAR1414-digit card number 2
AW146_CardNumber_3NVARCHAR1414-digit card number 3
AW146_CardNumber_4NVARCHAR1414-digit card number
AW146_Mode_1SMALLINT
Operation mode
AW146_Mode_2SMALLINT
Operation mode
AW146_Mode_3SMALLINT
Operation mode
AW146_Mode_4SMALLINT
Operation mode
AW146_Flag_1SMALLINT
0 = Only for SIPORT 256 = Use for ELD
AW146_Flag_2SMALLINT
0 = Only for SIPORT 256 = Use for ELD
AW146_Flag_3SMALLINT
0 = Only for SIPORT 256 = Use for ELD
AW146_Flag_4SMALLINT
0 = Only for SIPORT 256 = Use for ELD
AW146_Data_Not_Sync_SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Data_Not_Sync_SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Data_Not_Sync_SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Data_Not_Sync_SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Deleted_1SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Deleted_2SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Deleted_3SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
AW146_Deleted_4SMALLINT
Load 14-digit card number into kernel
0 = Do not delete
-1 = Delete
DATA_FreeDef1-60NVARCHAR255User-defined field 1-60
Prof_DeleteAllNumber (long)1All existing profiles are deleted before import.
Prof_ActionNVARCHAR1Action performed with the profile I = Insert
D = Delete U = Update
Prof_NameNVARCHAR400Name of profile to be imported. More than one profile can be indicated. Separator: comma.
Prof_ValidFromNVARCHAR16

Start of profile validity dd.mm.yyyy)
NULL = Always valid
Applies to all profiles Prof_Name

Prof_ValidToNVARCHAR16End of profile validity (format: dd.mm.yyyy)
NULL = Always valid
Applies to all profiles from Prof_Name
DATA_30_ASBYTE
Attendance status
DATA_20_FreeDef_FDNVARCHAR10Freely definable field
TenantIDINT
ID of the tenant
CardStatusINT
Status of the card
DATA_30_Company_FANVARCHAR32Company
DATA_30_Firm_BTNVARCHAR6Branch
DATA_30_Department_ABNVARCHAR8Department
DATA_30_Cost_KSNVARCHAR8Cost center

Example

IdGroupIndexKeysystemvalue
17export0userfieldmappingsSIPORTemail.ManagerEmail,ManagerEmail
18export0userfieldmappingsSIPORTemail.Work,Email
19export0userfieldmappingsSIPORTuseradditionalfield.Gender, DATA_20_Sex_GS
20export0userfieldmappingsSIPORTuseradditionalfield.Version, DATA_20_Version_VN
21export0userfieldmappingsSIPORTuseradditionalfield.BirthDate, DATA_BirthDate
22export0cardNumberIdentifierTypesSIPORTMifare
23export0TenantIdSIPORT65
24export0siPortImportTimeSIPORT10
 SiPort field mapping

The service mainly transfers user data including related access tokens and entitlement assignments. The tables below show the default field mapping.

If needed, additional fields can be configured, using the SCIM API and useradditionalfield in the database configuration. 

User field mapping

By default, the following data is mapped between the USER table in the Physical Access and the SiPort service: 

SR NoPhysical Access field (Web API)SiPort field (UI)
1givenname (givenName)FirstName
2familyname (FamilyName)Surname
3Check userfieldmappings Configuration and then map actual “Email” Type(emails-type-value)Email
4Check userfieldmappings Configuration and then map actual ManagerEmail TypeManagerEmail
5Ssn (SSN Birthdate Part)Personnel no
6TitleTitle

Access token field mapping

By default, the following data is mapped between the ACCESSTOKEN and ACCESSTOKENIDENTIFIER tables in the Physical Access and the SiPort service: 

SR NoPhysical Access field (Web API)SiPort field (UI)
1Value of Access Token Identifier which is configured in configuration setting cardNumberIdentifierTypes14-digit badge No

Entitlement assignment field mapping

By default, the following data is mapped between the ENTITLEMENTASSIGNMENT table in the Physical Access and the SiPort service: 

SR NoPhysical Access field (Web API)SiPort field (UI)
1ExternalId (ExternalId)ProfileID of table SIST_Prof2_XYProf
2DisplayName (entitlement-DisplayName)Tenant-ProfileId-Short Text

Install SiPort service

 Install service

The installation file is named SiPortService.exe.

Before installing the PACS connector service, make sure that the configuration is done and inserted in the database, to avoid errors. 

To install the PACS connector service:

  1. Run the .exe file with the install argument from a command prompt with administrator privileges, for example:

    Example: Install Bravida Integra service
    IntegraService.exe install

If you wish to do any changes in the configuration file or database configuration after installing the service, then you must uninstall the service first using the uninstall flag, then change the configuration and then install the service again. 

Restart SiPort service 

 Restart service

The service SystemId is named SIPORT

To restart the PACS connector service, do either of the following ways:

  1. On Windows, restart using Microsoft Services:
    1. Open Services by search or by using Run and typing services.msc.

    2. Search for the service, right-click on it and select Restart.

  2. Restart using command line:
    1. Open a command-line interface with administrator privileges.
    2. Stop the service with the following command: 

      Net stop <SystemId>
    3. Start the service with the following command:

      Net start <SystemId>

Example: Restart in command-line interface