| Expand |
|---|
| title | PACS: Assign Entitlement |
|---|
| DescriptionUse this task to assign an entitlement to a person. The task works on three different core objects: - The 'Person'. This is the identity which gets an entitlement assigned.
- The 'Entitlement'. This is an entity in Identity Manager which represents an entitlement (or 'access profile') at the PACS system.
- The 'Assignment'. This is an entity that stores properties of the assignment request and attributes returned from the PACS system (like the external id). Usually an 'Assignment' will be stored as Request.
ConfigurationTo use this task, configure the following delegate expression in your service task: | Code Block |
|---|
${pacsAssignEntitlementParametrizedTask} |
The following parameters can be configured in Identity Manager Admin:
| Parameter | Mandatory | Default value | Description |
|---|
| pacsName | |
| The name of the PACS system to communicate with. | | entitlementAssignmentDataPoolName | | false | The name of the data pool for core objects, that stores the assignment, for example, 'Request'. | | entitlementAssignmentExternalIdFieldName | |
| The field name of the above data pool, where the external id of the assignment is stored, for example, 'ExternalId'. For Exos there is no assignment object or id, therefore a fake id will be generated, which contains the ids of the person and of the entitlement (<personnelnumber>_<entitlementRefId>). | | targetEntity | |
| The assignment is done on either a person or an access rule. By providing values such as 'person' or 'PERSON' (all letter are handled as lower case) the assignment is done on the person entity. By providing any other values, the assignment is done on the access rule. |
|
| Expand |
|---|
| title | PACS: Create Group Membership |
|---|
| DescriptionUse this task to create a group membership in Smart ID Physical Access component. Group membership means, assigning an existing person to an existing group. The task works on three different core objects: - The 'Person'. This is the identity which gets a group assigned.
- The 'Group'. This is an entity in Identity Manager which represents an group at the PACS system.
- The 'Membership'. This is an entity that stores properties of the membership request and attributes returned from the PACS system (like the external id).
ConfigurationTo use this task, configure the following delegate expression in your service task: | Code Block |
|---|
${pacsCreateGroupMembershipParametrizedTask} |
The following parameters can be configured in Identity Manager Admin: | Parameter | Mandatory | Sample Value | Description |
|---|
| pacsName | |
| The name of the PACS system to communicate with. | groupMembershipDataPoolName | |
| The name of the data pool for core objects, that stores the group membership, for example, 'Request'. | | groupMembershipExternalIdFieldName | |
| The field name of the above data pool, where the external id of the membership is stored, for example, 'ExternalId'. |
|
| Expand |
|---|
| title | PACS: Create or Update Card |
|---|
| Description Use this task to send a request to PACS to create (if non existent) or to update (if exists) a card. For Exos, the external id field is used to identify if the card is new. If this field is empty the create method is called, otherwise the update method is called. While creating, the id field is set to the cardNumbers value.
ConfigurationTo use this task, configure the following delegate expression in your service task: | Code Block |
|---|
${pacsCreateOrUpdateCardParametrizedTask} |
The following parameters can be configured in Identity Manager Admin: | Parameter | Mandatory | Default value | Description |
|---|
pacsName | |
| The name of the PACS system to communicate with. | cardStateFieldName | |
| The card data pool field name where Identity Manager stores the state of the person, for example, 'Meta_CoreObjectState_PcmDpEmployeeCard'. | cardActiveStates | |
| A comma separated list of supported active card states in Identity Manager, for example, 'active,enabled'. | | cardType | - |
| Optional. The type of a card. Physical Access component accepts two types: 'mifare' and 'em'. |
|
| Expand |
|---|
| title | PACS: Create or Update Person |
|---|
| DescriptionUse this action to send a request to PACS to create (if non existent) or to update (if exists) a person. ConfigurationTo use this task, configure the following delegate expression in your service task: | Code Block |
|---|
${pacsCreateOrUpdatePersonParametrizedTask} |
The following parameters can be configured in Identity Manager Admin: | Parameter | Mandatory | Default value | Description |
|---|
pacsName | |
| The name of the PACS system to communicate with. | personStateFieldName | |
| The person data pool field name where Identity Manager stores the state of the person, for example, 'Meta_CoreObjectState_BaseDpEmployee'. | personStates | |
| A comma separated list of supported active person states in Identity Manager, for example, 'active,enabled'. |
|
| Expand |
|---|
| title | PACS: Fetch Entitlements |
|---|
| DescriptionUse this action to fetch entitlements of a given type or several types from a PACS system. Currently supported: KABA Exos and Physical Access component. The fetched entitlements are stored as core objects. ConfigurationTo use this task, configure the following delegate expression in your service task: | Code Block |
|---|
${pacsFetchEntitlementsParametrizedTask} |
The following parameters can be configured in Identity Manager Admin: | Parameter | Mandatory | Default value | Description |
|---|
| coreTemplateName | |
| The name of the core template in which the entitlements shall be stored. | | entitlementTypesField | - |
| The name of the data pool for core objects, that store the assignment with the external id, for example, 'Request'. | | listOfEntitlementTypes | - |
| The field name of the above data pool, where the external id of the assignment is stored, for example, 'ExternalId'. | | coreObjectDescriptorOutputField | - |
|
|
|
| Expand |
|---|
| title | PACS: Manage Access Groups |
|---|
| DescriptionUse this task to send a request to PACS to create (if non existent), update (if exists) and delete (if exists) a group. ConfigurationTo use this task, configure the following delegate expression in your service task: | Code Block |
|---|
${pacsDealWithGroupParametrizedTask} |
The following parameters can be configured in Identity Manager Admin: | Parameter | Mandatory | Sample Value | Description |
|---|
| pacsName | |
| The name of the core template in which the entitlements shall be stored. | | deleteFlag | | false | Flag for indicating whether the group should be created/updated (false) or if the group should be deleted (true). |
|
| Expand |
|---|
| title | PACS: Manage Access Rules |
|---|
| DescriptionUse this task to send a request to PACS to create (if non existent), update (if exists) and delete (if exists) an access rule. ConfigurationTo use this task, configure the following delegate expression in your service task: | Code Block |
|---|
${pacsDealWithAccessRuleParametrizedTask} |
The following parameters can be configured in Identity Manager Admin: | Parameter | Mandatory | Sample Value | Description |
|---|
| pacsName | |
| The name of the PACS system to communicate with. | | deleteFlag | | false | Flag for indicating whether the access rule should be created/updated (false) or if the access rule should be deleted (true). |
|
| Expand |
|---|
| title | PACS: Withdraw Entitlement |
|---|
| DescriptionUse this task to withdraw an entitlement from a person. - For Physical Access component there has to be a Request with the entitlement assignment id in the process map.For KABA Exos there has to be a Person with the PersonnelNumber and an Entitlement with the EntitlementRefId in the process map.
The task works only on the core object 'Assignment'. This is an entity that stores the external id of the EntitlementAssignment within Physical Access component. Usually a Request is used to hold this information. ConfigurationTo use this task, configure the following delegate expression in your service task: | Code Block |
|---|
${pacsWithdrawEntitlementParametrizedTask} |
The following parameters can be configured in Identity Manager Admin:
| Parameter | Mandatory | Default value | Description |
|---|
| pacsName | |
| The name of the PACS system to communicate with. | | entitlementAssignmentDataPoolName | |
| The name of the data pool for core objects, that store the assignment with the external id, for example, 'Request'. | | entitlementAssignmentExternalIdFieldName | |
| The field name of the above data pool, where the external id of the assignment is stored, for example, 'ExternalId'. | | targetEntity | |
| The withdrawal is done on either a person or an access rule. By providing values such as 'person' or 'PERSON' (all letter are handled as lower case) the withdrawal is done on the person entity. By providing any other values, the withdrawal is done on the access rule. |
|
| Expand |
|---|
| title | PACS: Withdraw Group Membership |
|---|
| DescriptionUse this task to withdraw a group membership in Physical Access component. ConfigurationTo use this task, configure the following delegate expression in your service task. There has to be a Request with the group membership id in the process map. | Code Block |
|---|
${pacsWithdrawGroupMembershipParametrizedTask} |
The following parameters can be configured in Identity Manager Admin: | Parameter | Mandatory | Sample Value | Description |
|---|
| pacsName | |
| The name of the PACS system to communicate with. | groupMembershipDataPoolName | |
| The name of the data pool for core objects, that stores the group membership, for example, 'Request'. | | groupMembershipExternalIdFieldName | |
| The field name of the above data pool, where the external id of the membership is stored, for example, 'ExternalId'. |
|
|
