Versions Compared

Version Old Version 10 New Version Current
Changes made by

Vinodhraj DP

Steven Lewis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

Table of Contents
7
minLevel1
maxLevel6
outlinefalse
typelist
printablefalse

About This Guide

This guide is intended to be used as a standard guide for the Primis Access Control System. General Linux knowledge and Primis Certification Training Knowledge are expected.

...

To find documentation available for all products, go to https://www.identiv.com/Primis.

To find related vendor documentation on Cisco Switches, go to www.cisco.com.

...

Below is a screenshot of the Primis Administration software. It shows the optional Alert Level bar. Below the Alert Level bar, is the Navigation Tabs. It allows you to access the main areas of the Primis software – the current tab is underlined (i.e. the System tab below). To the right of the Navigation Tabs is the Site dropdown box where you can select the site to view or configure. The Log Out button is located beside the Site drop-down menu. The Actions Bar near the bottom of the screen contains buttons to add, delete, edit, and save. The Quick Links at the bottom of the page reveal company, service, contact, and version information. The manual can also be downloaded from the quick links bar.

...

Each Navigation Tab contains Navigation Links on the left-hand side. If a navigation link contains a blue arrow at the end of the line, it can be opened to reveal its own sub-links. The current link is highlighted, and its selected sub-link is indicated by a black arrow.

...

The first Administrator account created should be given full permissions permission to manage all aspects of a Primis installation.  Additional accounts can be given less control over the installation depending on the role that each user plays in managing or supporting the installation. Users with an Administrator Account for the installation cannot create, modify or delete other accounts that have more privileges than their own. The extent to which one can create, modify, or delete accounts is limited to users with fewer privileges than the account under which one is currently logged in.

...

  1. Log in to Primis using the instructions in Login and Log Out above.

  2. Click on the System navigation tab at the top of the screen.

  3. On the left, click the Administration link.

  4. Click the Admin Users sub-link.

  5. In the Actions bar, click on Add Admin User. The following screen is displayed:

  6. Enter the User ID, Last Name, and First Name.

  7. Enter a Password that is different than the one provided.

  8. Verify the Password.

  9. Beside Business, select All.

  10. Beside Sites, select ALL.

  11. Select Full Access for all of the parameters from Suites to Active Directory.

  12. For Mustering, select the required level.

  13. Select the Language that this full administrator would like to use.

  14. Select the View Suite/User Page Size 10, 25, or 50 to set the default number of suites/users per page this admin user sees when viewing the listing.

  15. Click Save to save the full access admin user.

  16. Click the [Log Out]buttonto log off and test the new user ID.

  17. Log in with the user ID and password that was created in the previous steps.

  18. Verify that you can log in successfully and that your new user has full privileges.

  19. Log out once more and log in using the default user account name.

  20. Click on the System tab, Administration, Admin Users and select the default “Primis” user account.

  21. Change one of its privileges and click Save.

  22. Log out and log in again as your newly created user.

  23. Go to Admin Users again and select the default “Primis” user account.

  24. Click on Delete and OK.

...

You will be able to assign Admin Users to the sites that they are allowed to administer (i.e. The user hoffjenn01 is limited to the control of the sites Distribution Centre, Huston Office, and Sales Office - Vancouver). Once the admin user logs in to the system, the sites that they have access to will appear in a dropdown list on the top-right corner of the screen. By selecting a Site from the dropdown list, the Admin User will only see data corresponding to that Site. Also, any data added (i.e. adding a controlled area) will be added to the Site that is currently selected.

...

You can also find the Primis Bridge Utility at the bottom of the Devices - Main page, and clicking click on the Primis Bridge Discovery Tool check box.

...

Using the Web-Based Primis Bridge Utility

  1. Click on the System navigation tab.

  2. On the left, click the Utilities link.

  3. Click the Bridge Utility sub link.

  4. Click the [Scan Devices] button.This process might take a minute or two.

  5. Click on the MAC address of the device you wish to provision.

  6. Assign the appropriate IP information to the device or choose DHCP. You may need to contact your system admin for this information. If the DHCP checkbox is checked, the IP, Netmask and Gateway fields are automatically populated once the bridge receives the DHCP information.

  7. To update Bridge Configuration only, click on Save. Note that it might take up to two minutes to save.

  8. To update and add the Bridge to Primis, check Save & Add Device To Primis checkbox and click Save.

  9. Enter the name by which you’d like to refer to the device and click the Save button.

...

Once the utility starts, click on the [Scan Devices] button and all the bridges on the local network will be displayed by MAC and IP addresses.

...

The last bridge displayed has an asterisk next to the IP address. This indicates that there are multiple bridges configured with the same IP address.

6. Double-click on the MAC address of the bridge that needs to be configured. 

...

The settings may be changed and updated as needed. When done hit the Save button

...

Each Primis Bridge model displays a different properties section. For example, a single port Primis Bridge will only have one reader, input and output properties section; two ports will have two, and so on.

...

The following tables describe the properties of Primis bridges.

Reader Properties

Options

Description

Description

Reader description identifies the reader.

Default Card Format

This field specifies the card that is being used with this bridge device. Auto card format will try to match the best fitting card format. The auto card format behavior can be managed by going to System, Devices and then Manage Card Format. For more information see the section on Managing Card Formats.

Input Properties

Options

Description

Description

This field identifies what input signal is being monitored.

Activate Relay Output

This option configures the Primis Bridge to activate the specified relay when the input is shorted.  Note: This feature is executed in the Primis Bridge hardware level and it does not require a connection to a Primis server. Thus, this is generally used as a “Request to Exit” function (e.g. via a push button).

Activate Relay Output: Relay:

This drop-down list specifies which relay is to be activated as input event occurs. This drop-down menu is only active if the above Active Relay Output checkbox is checked.

Default Activation Time

This drop-down list specifies the number of seconds that the relay activates as input event occurs.

Supervised Input Ready:

This checkbox is for Primis Bridge Devices that are equipped with supervised inputs. This field should be left uncheck, unless the optional Supervised Input Board is connected. For specific instructions on how to connect the supervised input board, please see the appropriate instructions.

LED Properties

Description: Identifies the LED when adding to Port Trigger Actions or viewing in Activity Logs.

...

Description: Identifies the Buzzer output when adding to Port Trigger Actions or viewing in Activity Logs.

Relay Properties

Options

Description

Description

Description of the relay output. Identifies the relay in the Controlled Areas and Port Triggered Actions.

Default Relay Position

Default power up position of the relay.

Schedules

Schedule Management

...

The administrator needs to first "link" a Door Area to its associated Floor Area(s). That means all floors that are accessible by the elevator needs need to be linked to the Door; in this particular case, the Door is simply the in-cab reader.

Floor Controlled Area is an Access Control Object that represents a floor. It contains the Primis Bridge output ports that are typically connecting to elevator control modules in the building. Floor areas can be linked to door areas in such a way that when Primis server grants access to a door, its associated floor area outputs can be activated. The card holder’s cardholder’s floor access rights then determines determine which floor area should be activated.

...

The Advanced tab on the Controlled Areas screen contains additional configuration flags:

Options

Description

Toggle

Sets the Controlled area to Secure or Unsecure based upon an event other than a schedule.  For example, an Authorized Card can change the state.  Check the box for this function. Also provides ability to Disable the Door Monitor Event.  Alarms are now enabled by default. This will not generate the alarm unless the Generate Alarm box is checked.

Multi-Factor

Sets the number of Authorized Card Reads necessary to allow entry to the Area. Allows ability to implement 2-Factor or 3-Factor identification.

Auth Mode

Relates to Multi-Factor. Sets the number of Users required for entry to the Area. Two Factor authentications for the number of factors to be used to activate an access granted: Single User, Multi-User, Guard Group.

Guard Access Group

Defines the access group required for two-authentication.

Auth Timeout

Relates to Multi-Factor. Set the number of seconds allowed between card reads. Note: a device that has Multi-Factor set can only reside in one Controlled Area. 

Exit Reader

Defines the exit reader. Required for counting for zone groups for Anti-passback and/or Muster reporting.

 

...

Multi Card Swipe Tab

The multiple swipe action is intended to place multiple actions to change the state of a single Controlled Area, or an entire zone group on a pre-set number of card scans, in a defined window of seconds.

...

  1. Select a Floor Controlled Area from the Linked Floor Area dropdown box to link to this controlled area.
    NOTE: More details on Floor Controlled Areas can be found in Chapter Elevator Configuration.

  2. Enter a Delay time (a pause before the relay fires, default is 0 secondseconds) and an Activation Time (the duration that the relay activates, default is 5 seconds).

  3. Click the Show Accessibility box to enter an Accessibility Delay time and an Accessibility Activation time. This is a separate set of delays and activation times for users with special needs (e.g. wheelchair, crutches) that are used if the Accessibility check box is selected on that user’s setup page. See Chapter Users for more information on setting up a User.

  4. To link another floor to this controlled area, click the add button +

  5. Click Save.

...

  1. Click on the Controlled Areas navigation tab.

  2. On the left, click the Zone Groups link.

  3. In the Actions bar, click on Add Zone Group.

  4. Enter a Name for the zone group.

  5. Enter an optional Description of the group.

  6. Check the Anti Passback Enabled box to enforce anti-passback for this zone group.

  7. In the Anti Passback Forgiveness dropdown box select from the following options:

Options

Description

Never

User cannot re-enter the perimeter until they pass through an exit reader or enter an area that is outside of the zone group. Otherwise Primis administrators have to manually reset the user’s anti-passback lock.

Midnight

Anti-passback lock will be forgiven at midnight.

Every 12 hours

This forgives anti-passback locks twice a day: at noon and midnight.

Every 6 hours

This forgives anti-passback locks every 4 hours (e.g. midnight, 6am, noon, 6pm).

Every 2 hours

This forgives anti-passback locks every 2 hours (e.g. midnight, 2am, 4am, etc.)

Every hour

This forgives anti-passback at the top of every hour.

Every 30 minutes

This forgives anti-passback at the top and 30 minutes of the hour.

8. Check the APB Enforced on Exit Readers box to enable this feature; anti-passback is imposed on exit readers also. You must set EnforceExitAccessRight to Yes in siteEngine.ini – go to the System tab, Administration, System Parameters page to edit this file.
9. Select a group of users in the Exempt Access Groups if you want them to be exempt from anti-pass back rules.
10. Click Save.

...

  1. Click on the Access navigation tab.

  2. Click on the User Access Groups, Floor Access Groups or Guest Access Groups link.

  3. In the Actions bar, click on Add Access Group. The following screen is displayed:

  4. Enter a Name and a Description.

  5. Select the Risk Levels during which this group will have access: Low, Guarded, Elevated, High or Severe (the current risk level is always displayed at the top of the Primis screen)
    For more information on Risk Levels see the Alert Level Managementsection.

  6. Select a Controlled Area for this group.

  7. Select a Schedule for the Controlled Area. If that controlled area is not going to be accessed by that User Access Group, leave the schedule as Always Off.

  8. If you need an additional line for extra Controlled Areas and/or Schedules, click the + button beside the current line. To delete a line, click the button.

  9. Click Save.

Global User Access Groups

...

A User’s right to access through a door or to a floor is set up by entering a person into an Access Group. This Access Group is set to have rights the right to gain access to certain areas (controlled areas) of a facility at certain times (schedules).  The following chart is a guide to setting up a person’s access rights.

...

Once you have created all of your User Categories you can assign them to your Admin Users in order to filter the users they have access to. Please refer to the Admin Users section to assign the categories.

Elevator Configuration

Elevator Management

...

Badge Printer Setup

Facility Friend is an easy-to-use, web-based, Enterprise-class, visitor and parcel management system. A receptionist, concierge, or security officer can register and sign in visitors to track who, and where they are visiting within a facility.

Facility Friend now ships as a Primis module; Facility Friend logins sync with Primis. Hosts are integrated from Primis into Facility Friend to sync the cardholder database as your list of hosts with Site Support. You can sync Visitors within Facility Friend to a Default Access Group within Primis.

Currently Supported Printers:

  • HID Fargo DTC4500

  • HID Fargo DTC4500e

  • Evolis Tattoo

  • Evolis  Pebble

Badge Printer Service Setup

Primis Setup with Facility Friend

The Primis system must have some basic configuration completed before you can use the Facility Friend module. Please refer to Appendix A – Basic Primis Setup with Facility Friend to ensure you have set up the Primis system for using Facility Friend.

Printer Setup

Some printer and driver configurations must be done before you can proceed with printing Facility Friend Badge Cards. However, no special licensing is required.

To download the Facility Friend Print Utility installer:

  1. Log into Primis.

  2. Click on the System navigation tab.

  3. On the left, click the Utilities link.

  4. Click the Download sub link.

    Image Added

  5. You will find the Print Utility installer (PrintUtilSetup92b.exe) under Downloads. If not there please contact technical support. Save it to a Windows folder such as c:\tmp.

Note that the following instructions use Windows 10; the instructions should be very similar if you are currently running Windows 8.1 or slightly different in Windows 7. Windows XP and Windows Vista are no longer supported.

  1. Download the printer driver from the Internet for the printer you’ll be using to print your badges. E.g. for the HID

Fargo DTC 4500 or 4500e  go to http://www.hidglobal.com/drivers) and install the driver.

...

 

After installing the driver install the printer:

  1. Click on the Search button at the bottom left of your computer and look for “Printers & Scanners”.

    Image Added

  2. Click on Add Printers & Scanners.

    Image Added

  3. Choose Add a local printer or network printer with manual settings

    Image Added

  4. Select Create a new port and select DTC… in the Type of port dropdown box. Click Next.

    Image Added

  5. Enter the TCP/IP Printer Port address of the printer you will be using to print the badge cards and click Next.

    Image Added

  6. Click Next again.

    Image Added

  7. Click Finish.

    Image Added

  8. If you installed the printer driver successfully it will be listed under Manufacturer.
    Note: If installing a DTC4500 choose Fargo (not HID) and the desired printer model. In this case DTC4500e. Click Next.

    Image Added

  9. Select Use the driver that is currently installed (recommended) and click Next.

    Image Added

  10. Enter a name for the printer or keep the default. Make a note of the printer name – you will need to add this name to the Facility Friend Printer Utility later. Click Next.

    Image Added

  11. Select Share this printer so that others on your network can find and use it and enter its Share name. Click Next.

    Image Added

  12. Go back to the folder where you downloaded the Facility Friend Print Utility installer (ffPrintUtilSetup.exe), e.g. c:\tmp, and double-click on it.

    Image Added

  13. Click on Next when you see the Welcome screen.

    Image Added

  14. Choose an installation folder or stay with the program files default and click Next.

    Image Added

     

  15. Click Install.

    Image Added

  16. Once you see the final screen click Finish.

    Image Added

  17. Click on the Show Hidden Icon that is located in the bottom right-hand corner of your screen. It looks something like this:

    Image Added

     

  18. Right-click on the taskbar and click Taskbar settings and click on Select Which Icons appear on the taskbar.

    Image Added

     

  19. Locate the (Identiv) ffPrintUtil.exe print utility and toggle the radio button to ON

    Image Added

  20. Its icon will now appear on the bottom right where the other notification icons are displayed.

    Image Added

     

  21. Right-click on it and choose Open.

    Image Added

     

  22. In the Select Printer dropdown box, select the name of the printer you entered in Step 10 of these instructions.

    Image Added

  23. Click on the Configuration tab and note the port number (1024 is the default).

    Image Added

  24. Click the white x to close the Facility Friend Print Utility.

Primis Badging

Primis Badging Configuration

Please make sure that you have completed the basic Primis configuration as outlined in Appendix A so that you have a Primis device, a controlled area, a schedule, two user access groups, and two user categories called 0050C2CC37F2, ControlArea1, 24x7, HostUAG and VisitorUAG, and Visitors and Hosts respectively.

Badging Template

The Primis Badging tool is similar to other Vector drawing tools such as Illustrator and CorelDraw.

To create a Badging Template:

  1. Log into Primis.

  2. Click on the Users tab.

  3. On the left, click on the Badging link.

  4. In the Actions bar, click the Add Badging Template.

  5. Enter the Name MainBadgeTemplate and the Description as Double-sided template.

    Image Added

     

  6. Click on Save.

    Image Added

     

  7. A default template is created with the site name (Main is the default), first name, last name, and card expiry date, all of which are defined when creating a user. Click on Edit Badge. The following screen is displayed:

    Image Added
Tip

It is recommended that you use a full screen in your browser while editing a badging template.

  1. Just like other vector drawing tools, in order to edit the template you must first click on one of the icons on the left and then execute the desired action. I.e. To enter text, click on the A icon on the left of the screen, click anywhere on the template you are editing, and add the text:

    Image Added

  2. In the same manner you can add a standard Primis user data field. To enter a data field click on the A icon again, click anywhere on the template you are editing, and select a data field from its drop-down near the top of the screen:

...

The following data fields are supported:

  • First Name

  • Last Name

  • Primis Site (the default site is Main)

  • Photograph

  • User Category

  • Telephone

  • Start Date

  • Expiry Date

E.g. you can add a user’s telephone number:

...

…as well as the category and an image (Import Image):

...

10. Click on the save icon at the top:

...

11. Click the Save button:

...

The following screen is displayed. Note how the preview changed with the enhancements made while editing the badge.

...

 12. Click on the Badging link and then the Add Badging Template button to create another template for the back of the double-sided card i.e. BackTemplate. Click Save.

...

13. Click on Edit Badge and enter the information for the back of the badge card. E.g.:

...

 14. Click on the save icon at the top: 

...

 15. Click the Save button. The following screen is displayed. Note again how the preview changes with the enhancements made to this second template.

...

16. Click on the Badging link to display the two templates that you have created.

...

17. Click on the MainBadgeTemplate and select the second template, BackTemplate, from the Back Side dropdown box to create a double-sided badge template.

...

 

18. Click Save.

Adding and Printing Badges for Users

We will now create a Host user with some of the data fields used to create the badges we defined.

  1. Click on the Users link from within the Users tab.

  2. In the Actions bar, click Add User.

  3. Enter the Name of the user, as well as a Wiegand Card Number anda Telephone number.

  4. Click the HostUAG  User Access Group to move it to selected.
    Note how Badge lists the templates (MainBadgetemplate and BackTemplate) we created before.  

    Image Added

  5. Click Save.

  6. Stay on the same screen and note how its title has changed to View/Edit. Confirm that the Badge is set to MainBadgeTemplate and the Category is set to (the previously created) Hosts (see Appendix A for more details on Categories.)

    Image Added

  7. Click on Upload Photo to upload a photograph of the user.

    Image Added

  8. Enter an Expire Date.

    Image Added

  9. Click Save.

10. The options at the bottom of the screen change when the badge is saved. Click on Print Badge.

...

A preview is shown of the front (MainBadgetemplate) and back (BackTemplate) of the card with the actual user data fields completed.

...

11. Click on the Config button. The following screen is displayed:

...

12. Enter the IP Address of your Windows workstation (not the one for the printer unless they are the same) where you installed the Facility Friend Print Utility.

13. Enter the Port number used by the printer whose name you noted during configuration of the Facility Friend Print Utility (Step 23 in Printer Setup).

14. Click on the Test button.

...

If you don’t get a Connection Test Successful! message, double-check the IP address and the port number, and make sure that you can access the Windows workstation from the Primis Linux server or from another computer. If you believe that the IP address and the port number are correct and the Test button fails, double-check the Firewall on your Windows workstation.

15. If the Test above is successful click on Save.

16. Click on Back.

17. Click on Print Badge.

...

 

18. Go back to your Windows workstation and you will notice a blinking print utility icon and two consecutive message bubbles: 

...

19. If you click on the blinking (yellow) print utility icon you will see a preview of the information sent to the printer.

...

Even though the default ribbon type on your printer driver is Full Color/Resin Black/Overlay it might print green on one side and black on the other as opposed to green on both sides as expected above.

...

We will now create a Visitor User:

  1. Click on the Users link.

  2. In the Actions bar, click on Add User.

  3. Enter a Name for the user as well as Wiegand Card Number and a Telephone number.

  4. Select MainBadgeTemplate in the Badge dropdown box.

  5. Select VisitorUAG as its User Access Group.

    Image Added

  6. Click Save.

  7. Edit the User and select Visitor from the Category dropdown box.

    Image Added

     

  8. Set the Expire date to 26, August 2023.

    Image Added

     

  9. Click Save.

  10. Click on the Users link. Note how we’ve created two users each with different card #s and different access groups

    Image Added

Elevator Configuration

Elevator Management

In Primis each reader can only be assigned to one Door Area only. In order for Primis to activate floor relays upon a card swipe, it now has a new Floor Controlled Area type that can link to a Door Area where the elevator reader resides. Each Floor Area contains outputs that would activate its corresponding elevator controls. In order for users to obtain access to floors, they would need to have both User Access Groups (for card access) and Floor Access Groups (for elevator/floor access).

...

  1. Create a new Controlled Area with the elevator reader.

  2. In the new Controlled Area’s Floor tab, select all the associated Floor Areas; specify the desired activation time and click +.

...

Create a Floor Access Group

...

All events fall into one of the following groups and categories. In addition, every event in the system has an event id associated for searching.

Event Groups

Category

Description

Access Control Activity

User

Cardholder activity on the system.

 

Port

Identifier to what device the activity occurred.

 

Door

The controlled area that the activity occurred.

System

System

The system that the activity occurred.

 

Device

The bridge or device the activity occurred.

 

Port

The port the system data occurred.

 

Database

The database the system data occurred.

 

Credential

The credential data or error information.

 

LDAP

Active Directory sync data and errors.

 

Network

Data errors and other critical network data.

Admin

Login/Logoff

Administrator authentication log.

 

Operator Action

Action done by the operator using AMS-Lite.

External System

Video

Video activity events and errors.

Searching Events

You can search events to track access or errors over several days. When searching events, it is possible to filter results by particular devices or events and it is also possible to generate a PDF or a CSV document from your search results.

...

Primis now has the ability to display why a user was denied in the system with all of the possible complex options.  This data will also display in the activity details.

Event ID

Description

10202

Denied - CA Locked Down

10203

Denied - Invalid License

10204

Denied - Anti Passback

10205

Denied - Card Disabled

10206

Denied - User Deactivated

10207

Denied - User Expired

10208

Denied - Access Expired

10209

Denied - Risk Level

10210

Denied - Start Date Error

10211

Denied - Certificate Revoked

10212

Denied - Certificate Chain Invalid

10213

Denied - Certificate Signature Invalid

10214

Denied - Certificate Timestamp Invalid

10215

Denied – SSL Validation Error

Reports

Reporting Management

...

 Reports Available By Page

Page

Report Name

Description

Users

Users Report

Creates a list of all of the users in the database for review.

Access

User Access

Creates a list of all of the user access groups in the list.

 

Guest Access

Creates a list of all of the guest access groups in the list.

Controlled Area

Controlled Areas

Creates a list of all of the controlled areas.

 

Port Triggers

Creates a list of all port triggered actions currently in the system.

Schedules

Schedule

Creates a list of all schedules and their respective periods.

 

Special Days

Creates a list of all of the special days currently in the system.

Events

Attendance

Working in accordance with anti-pass back for in-out readers to determine if someone was in the building.

 

Alarm Monitor

Reports all alarms that occurred on the system between the requested date and time.

 

Alarm Activity

Reports all alarms that occurred on the system between the activity and the real system.

Suites

Suites

Provides a list of all the suites in the system.

 

Businesses

Provides a list of all of the Business units in the system.

Time and Attendance Reports

...

The instructions below are to setup database replication between 2 or more Primis servers.  Before starting, verify that the full version numbers between the master Primary and the slave Secondary nodes are identical.  

Configuring the

...

Primary Server

  1. Configure the firewall to allow incoming connections on port 31415.

  2. Login to the Primis administration software using the system user.  Call Identiv Support if you need the system password.  

  3. Click on the System navigation tab.

  4. On the left, click on the Administration link.

  5. Click on the System Parameters sub link.

  6. Click on the siteEngine.ini file to edit it.

  7. Edit the line that reads DBMode=single and change it to DBMode=master

  8. Click Save.

  9. Select and edit a different System Parameters file called start.ini

  10. Edit the line that reads #sds.service=no and change it to sds.service=yes

  11. Click Save and Reboot the server.

  12. Once the system is rebooted, log back in with the system user and go to the System tab.

  13. In the scope pane on the left, click on Utilities.

  14. Click DB Replication.

  15. Fill in the text boxes on the screen. 

    1. Host Name: This is the IP address of the master server.

    2. Sync Name: Name for the configuration. Enter something that will identify the master server. This field must be alpha-numeric.

    3. Sync Protocol: Select http or https. In order to use https, additional configurations are required to install SSL certificate on the master and slave server.

    4. Sync Port Number: Select the TCP port number that slave servers will be connecting to.  The TCP port number selected must be configured in the firewall to allow incoming connection. The Primis server is preconfigured to support port 31415, additional configurations on the server are required if other port number is used.

  16. Click the Save button.  The master node configuration will be displayed in the Master Node section. The Delete button of the master node allows users to remove the master configuration from the server. It will be disabled if there are slave nodes attached to the master. The Stop Replication button allows users to stop the database replication process. The Restart Replication button allows users to restart the database replication process. The Refresh Server Cache button allows users to refresh the Primis server cache to the slave nodes.

...

  1. Login to Primis with the system account.

  2. Click on the System navigation tab.

  3. On the left, click on the Active Directory link.

Options

Description

Connection Timeout

The connection timeout in seconds to the active directory.

Audit Data Enabled

When this is enabled all changes made through the active directory integrations will be logged in the Audit logs. Enabling this option will dramatically increase the number of logs. The minimum hard disk space recommended is 500 GB when this feature is enabled.

Web Login Enabled

Groups of administrators can be assigned to an administrator account. That account will link the admin profile to that permission for administration. It is recommended that for these types of accounts you name them differently than your standard user base to support the integration.
To allow the login from this group, you must have the Web Login Enabled box checked.

User Sync Start Time

The start time of the synchronization on users, organizational units, and groups from LDAP connections. Multiple synchronization can be scheduled to run at different time of the day.

User Sync Read Timeout

The timeout in seconds before the query issued by user sync is aborted.

Force Update Enabled

This will force user updates from the active directory structure.

Live Update Enabled

This feature enables an OU, Group, and Access Group attribute check against active directory on every card scan. If disabled it will rely on the data from the scheduled synchronization.

Live Update Read Timeout

The timeout in seconds before the query issued by live update is aborted.

Live Update On Imported LDAP Connection

This setting is only applicable when multiple LDAP connections are configured. When enabled, if the PIN/carddata is already imported to Primis, Live Update will be first performed on the LDAP connection where the PIN/carddata is imported from in order to speed up the Live Update process.

4. Click Save button to save the configuration

...

  1. On the Active Directory Configuration page, click the Add LDAP Connection button.


  2. On the LDAP Connection page, enter the connection information of the LDAP Server. 

Options

Description

Name

The name of the LDAP connection.

Server URL

The URL of the LDAP server.

Search Base

Using the query structure, this is the search base for all queries.

Domain

The DNS name of the domain that you would like to connect to.

Username (User ID)

This is a user that has permissions to query the active directory domain defined.

Password

Password of the active directory user.

3. Click the Test Connection button to confirm Primis can connect to the LDAP server.

...

  1. On the LDAP Connection page, click the Import Users button.

  2. Click the AD Users Import/Sync tab.

  3. On the Import Users page: To import all users, check the Import All Users box. To import users from Groups and OUs, click the entry in the Available box to move it to the Selected box. To search users in nested Active Directory groups, select the Nested Group Search checkbox.

Options

Description

Import All Users From Groups

Imports all users who are part of the selected AD groups.

Import All Users From OUs

Imports all users found in the OU, and all sub OUs.

4. Click Save button to save the import user configuration.

...

These fields are defined and statically mapped to AD attributes.

Primis User Attribute

Active Directory Name

Username (User ID)

objectSID

First Name

givenName

Last Name

Sn

Display Name

displayName

Email

Mail

Telephone

telephone number

 Primis Selected Mapped Fields

Primis User Attribute

Mapping Behaviour and Features

Start Date

The date must be a properly formatted date. If specified, it will be the start date of the user access.

Expiry Date

The date must be a properly formatted date, and will disable the user credentials after the defined expiry date.

Card Data

Map to multiple AD attributes. When a card is deleted from active directory, it will be deleted in Primis. Likewise, when a new card number is added to an user in active directory, it will be added to Primis.

Pin

Select mapping to a single AD attribute. This attribute will be mapped to the User PIN in Primis.  The value in this AD attribute must be unique.

Access Linked AD Attributes

Map to multiple AD attributes.  It will show up in a list of all possible assigned values across all users to assign to an access group.  So assigning of values to users can be mapped to access groups. If the user has this attribute, they will be granted access.

User Category

Select mapping to multiple AD attributes. The first value found in the mapped AD attributes will be used as the user’s category.

Custom Fields

Select mapping to a single AD attribute. If an attribute is a multiple value string, attribute is chosen in active directory.  Supporting a Custom Mapping Name.

 Users Import Exclusion Filters

...

 To remove a Certificate Policy OID:

Click theX button next to the OID.

...

Extended Key Usage Extensions

...

To remove an extended key usage extension constraint:

Click the button next to the OID.

...

PKI Fault Options

...

  1. Go to System.

  2. Click Mobile to expand its sub-menus.

  3. Click Beacon Config.

  4. Enter the following information:

Options

Description

Server

URL for the Beacon Server Portal

API Key

Key to access portal’s API.

API Version

Version of the portal’s API.

UUID

UUID for the Beacon count.

5. Click Sync checkbox to enable periodic updates to Beacon status information. The default behavior is every two hours.

...

  1. Click on the Administration link from the System navigation tab.

  2. Click on the System Parameters sub link.

  3. Click on the file you would like to edit.

  4. Make any changes necessary to the text presented in the text area.

  5. If you would like a backup of the existing file, choose Write Backup.

  6. Check the Reboot after save box if a reboot is required. Keep in mind that for the changes to take effect a full system reboot is required.

  7. Click Save.

To Backup Parameter Files

  1. Click on the Administration link from the System navigation tab.

  2. Click on the System Parameters link.

  3. Select the file you would like to back up.

  4. To back up, click the Download link next to the file.

  5. Select a location to back up the file.

  6. Name the file with the extension *.ini.full system reboot is required.

  7. Click Save.

Main and Peer Configuration (Sync Enterphone Units)

...

Parameters in the sitePanel.ini file are:

Options

Description

serverName

localhost or the IP address of the panel

panelId

The panel ID. This field should not be changed.

screensaverTimeOut

The number of seconds before the screensaver becomes active (0 deactivates the screensaver).

codeprefix

Filters suites codes based on this digit so that only suites with codes beginning with this number (or range of numbers) are displayed on this panel.

switchDigit

Calling suites with codes beginning with this digit or range of digits (ex. ”1-5” or ”1,3,6”) will trigger the Call Redirector Board to use a second line.

 

ringAltCount

The number of rings the dialer will wait before calling a suite’s alternate number.

hbCode

If set, a button will be displayed at the top of the directory and when it is pressed, the suite whose code is entered will be dialed.

activateOnDialPanelId

The Panel ID of a panel that is in a Controlled Area whose devices should activate whenever a panel is in use.  This requires that a second panel be added to the local panel and that second ID used in the aforementioned Controlled Area.

directoryRows

The number of rows of suites displayed in the directory listing.

 

directoryColumns

The number of columns of suites displayed in the directory listing.

SSButtonHeight

Vertical placement of language buttons expressed in pixels from the top.

listBusTextCenter

Yes or No option to centre business names.

 

directoryFont

Resize the directory font. 0 is the default, +1 will increase the size, -1 will decrease.

businessFont

Resize the business listing font.  0 is the default, +1 will increase the size, -1 will decrease.

displaySuiteCode

Yes or No option to display each suite’s code in the directory.

rightAlignSuiteCode

Yes or No option to place suite codes on the left or right side of the display.

Display Call Button 

Yes or No option that allows for removal of the call button beside a tenant’s name.

Search Only

Yes or No option that allows a user to use the panel only for searching for a tenant, no calling.

listTextColor

An RGB triplet that sets the colour of the suites listed in the directory.

listBusTextColor

An RGB triplet that sets the colour of the businesses listed in the directory.

listBGColor

An RGB triplet that sets the background colour of listings in the directory.

alternateBGColor

An RGB triplet that sets the alternating colour of listings in the directory.

cancelButtonColor

An RGB triplet of the color applied to the cancel button.

cancelButtonTextColor

An RGB triplet of the color applied to the text of the cancel button.

logoColor

An RGB triplet that sets the colour of the logo area.

buttonSelect

An RGB triplet of the colour applied to a button when it’s selected.

sbTrackColor

An RGB triplet of the colour applied to the back of the scroll bar.

keyColor

An RGB triplet that sets the colour of the touch keypad.

sbThumbColor

An RGB triplet that sets the color of the directory scroll button.

sbTrackColor

An RGB triplet that sets the colour of the directory scroll bar.

Business Administrator Management

...

It is important to note that if AMS is configured under the System tab, all monitoring features on a server are disabled.

Add a Map to AMS Lite

There are many web file formats supported.  Prior to trying to upload one of the files edit map files to support all web image formats:

  • JPG

  • JPEG 2000

  • JPEG / JIIF

  • GIF

  • PNG

  • TIFF

To add a map of a floor plan or other system (any web file format supported):

...

are disabled.

Add a Map to AMS Lite

There are many web file formats supported.  Prior to trying to upload one of the files edit map files to support all web image formats:

  • JPG

  • JPEG 2000

  • JPEG / JIIF

  • GIF

  • PNG

  • TIFF

To add a map of a floor plan or other system (any web file format supported):

  1. In the Controlled Areas navigation tab, click on the Maps link. The following screen is displayed:

    Image Added

  2. Current maps are listed on the left and the controlled areas are listed on the right. Click on a map to view it; click on the edit button to change the file associated with this map.

    Image Added

  3. To add a new map, click on the +Add Map button. The following screen is displayed:

    Image Added

  4. Enter Name and a Description for the map.

  5. Click the [Choose file] button beside Map Image to import the map file image.

  6. Click the [SAVE] button.

Place Controlled Area Icon On Map

Maps have been placed in the Controlled area tabs.  You can simply drag and drop all controlled areas from the right to the map.  Only one controlled area is supported per system.  The controlled area may only exist in one location at a time.

To configure controlled area maps:

  1. Click on the Controlled Areas navigation tab.

  2. On the left, click on the Maps link. The following screen is displayedappears:

    Image Removed

  3. Current maps are listed on the left and the controlled areas are listed on the right. Click on a map to view it; click on the edit button to change the file associated with this map.

    Image Removed

  4. To add a new map, click on the +Add Map button. The following screen is displayed:

    Image Removed

  5. Enter Name and a Description for the map.

  6. Click the [Choose file] button beside Map Image to import the map file image.

  7. Click the [SAVE] button.

Place Controlled Area Icon On Map

Maps have been placed in the Controlled area tabs.  You can simply drag and drop all controlled areas from the right to the map.  Only one controlled area is supported per system.  The controlled area may only exist in one location at a time.

To configure controlled area maps:

  1. Click on the Controlled Areas navigation tab.

  2. On the left, click on the Maps link. The following screen appears:

    Image Removed

  3. Drag and drop controlled areas onto the point.

Place Video Icon On Map

To set up the video portion of the system with video you must login as the system administrator account and ensure that the video is enabled.  If the video is not enabled, after turning this setting on, then you may need to check your server activation and ensure you have NVR Video licensing enabled.

...

This will allow the mapping of the camera as an individual device.  To attach a video feed to a controlled area, you must navigate to Controlled Area, select the controlled area, and select the Cameras tab.  This will then show the video icon attached to the controlled area:

Mapping Icons

Scrolling over an icon will show the name and a trash can icon. Click on the trash can icon to remove the controlled area or camera from the map:

Remove Icon From Map

Scrolling over an icon will show the name and a trash can icon. Click on the trash can icon to remove the controlled area or camera from the map:

...

 

Icons can be added to a map to indicate whether a controlled are is Closed, Open or in Lockdown. Primis comes with three standard icons. Images of these icons can be changed in the Icons page.

 

...

Configure Custom Map Icons

Icons can be added to a map to indicate whether a controlled area is Closed, Open, or in Lockdown. Primis comes with three standard icons. Images of these icons can be changed on the Icons page.

To change a controlled area map icon:

  1. In the Controlled Areas navigation tab, click on the Icons link. The following screen is displayed:

    Image Removed

  2. Click the [Choose file] button beside the icon to change and navigate to the new icon image and click Open.

  3. The selected file name is displayed. Click the [Update] button to replace the icon image with this new image.

...

  1. Image Added

  2. Drag and drop controlled areas onto the point.

Place Video Icon On Map

To set up the video portion of the system with video you must login as the system administrator account and ensure that the video is enabled.  If the video is not enabled, after turning this setting on, then you may need to check your server activation and ensure you have NVR Video licensing enabled.

...

This will allow the mapping of the camera as an individual device.  To attach a video feed to a controlled area, you must navigate to Controlled Area, select the controlled area, and select the Cameras tab.  This will then show the video icon attached to the controlled area:

Mapping Icons

Scrolling over an icon will show the name and a trash can icon. Click on the trash can icon to remove the controlled area or camera from the map:

Remove Icon From Map

Scrolling over an icon will show the name and a trash can icon. Click on the trash can icon to remove the controlled area or camera from the map:

...

 

Icons can be added to a map to indicate whether a controlled are is Closed, Open or in Lockdown. Primis comes with three standard icons. Images of these icons can be changed in the Icons page.

 

...

Configure Custom Map Icons

Icons can be added to a map to indicate whether a controlled area is Closed, Open, or in Lockdown. Primis comes with three standard icons. Images of these icons can be changed on the Icons page.

To change a controlled area map icon:

  1. In the Controlled Areas navigation tab, click on the Icons link. The following screen is displayed:

    Image Added

  2. Click the [Choose file] button beside the icon to change and navigate to the new icon image and click Open.

  3. The selected file name is displayed. Click the [Update] button to replace the icon image with this new image.

...

Alert Levels

Alert Level Management

Alert Levels allow the Primis server to adjust its access control behaviour globally. Controlled Area Schedules and Access Groups can be restricted by alert levels. As a security level escalates, the Primis server can restrict access accordingly. For example, a front entrance of a building is open during office hours. However, when the alert level is escalated to HIGH, the system can automatically lockdown the front entrance by overriding the open schedule.

Alerts Levels

...

When enabled in the license file Primis Admin, the current alert level is always shown at the top of the page.

...

In this example, Access Groups Standard Employees have no access when the alert level is “High” or “Severe”.

...

Controlled Area Configuration of Alert Levels

In this example, the Controlled Area is set to open during office hours only when the alert level is Low or Guarded. To configure alert levels for controlled areas, go to the Unlock Schedule tab on the View/Edit Controlled Area page.

...

Info

Please refer to Chapter Controlled Areas for more information. 

Change of Alert Level

Primis Administrators can set the current Alert Level by going to the System tab under Administration and clicking Risk Level.

...