Introduction
| Table of Contents | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
...
Click on the Access navigation tab.
Click on the User Access Groups, Floor Access Groups or Guest Access Groups link.
In the Actions bar, click on Add Access Group. The following screen is displayed:
Enter a Name and a Description.
Select the Risk Levels during which this group will have access: Low, Guarded, Elevated, High or Severe (the current risk level is always displayed at the top of the Primis screen)
For more information on Risk Levels see the Alert Level Managementsection.Select a Controlled Area for this group.
Select a Schedule for the Controlled Area. If that controlled area is not going to be accessed by that User Access Group, leave the schedule as Always Off.
If you need an additional line for extra Controlled Areas and/or Schedules, click the + button beside the current line. To delete a line, click the x button.
Click Save.
Global User Access Groups
...
Create a new Controlled Area with the elevator reader.
In the new Controlled Area’s Floor tab, select all the associated Floor Areas; specify the desired activation time and click +.
...
Create a Floor Access Group
...
On the LDAP Connection page, click the Import Users button.
Click the AD Users Import/Sync tab.
On the Import Users page: To import all users, check the Import All Users box. To import users from Groups and OUs, click the entry in the Available box to move it to the Selected box. To search users in nested Active Directory groups, select the Nested Group Search checkbox.
...
On the Import Users page, click the User Attributes Mapping tab.
Automatically Mapped Fields
...
On the Import Users page, click the AD Users Import Filters tab.
There are two ways to specify the user import filter. By selecting the Attribute Exclusion Filter option, you can define filters to exclude certain users from importing to Primis. Alternatively, you can select the Advanced LDAP Filter option to specify the actual import filter query for importing users to Primis.
Define Attribute Exclusion Filter
Define LDAP filter query
Click Save button to save the configuration.
...
Status Proxy Update Frequency – this specifies the frequency in hours that Primis should update the status of cardholders’ certificates. The cached status will be used when real-time OCSP validation is failing fails due to network errors.
Deny Access upon OCSP timeout/network error – when enabled, this prevents Primis from granting access when a network error occurs during OCSP query.
Falls back to cache upon network error – when enabled, Primis will look up cached status for a cardholder’s validity when there is an OCSP-related network error. Note that even when this feature is disabled, Primis will always revert to CRL information when no real-time OCSP information is available.
...
Go to System -> PIV -> Certificate Policies.
Click the tab that represents the certificate type of interest.
Enter the OID string (e.g. 2.16.840.1.101.3.2.1.48.11), enter the description text (optional), and click the + button.
To remove a Certificate Policy OID:
Click theX button next to the OID.
...
Extended Key Usage Extensions
...
Go to System -> PIV -> Ext. Key Usage.
Click the tab that represents the certificate type of interest.
Enter the OID string (e.g. 2.16.840.1.101.3.2.1.48.13), enter the description (optional) and click the + button.
To remove an extended key usage extension constraint:
Click the X button next to the OID.
...
PKI Fault Options
...