Overview

The Velocity Web Services Client (VWSC) allows you to use several key features of the Velocity application through a web browser with network or internet access to the Velocity Server or Workstation. VWSC provides much of the Velocity client functionality without the need to install any software.

The VWSC Features and Functions are based on Role permissions configured on the Velocity application. Before you can install the Velocity Web Services Client, you must first install Microsoft’s Internet Information Services (IIS). IIS can either reside on the same computer where the Velocity Server is installed or a dedicated server.

For more details on System Requirements and Installing the Velocity Web Services Client refer to; VWSC System Requirements and Installation and navigate to Velocity Release 3.8.6 -> Installation -> Installing IIS to Support the Velocity Web Services Client (VWSC).

End User License Agreement (EULA)

The End-User License Agreement (EULA) screen includes a scrollable pane where the terms of the agreement are displayed.

Before an Operator can login to the Web Client for the first time, they will be required to accept the END-USER LICENSE AGREEMENT before they can proceed to use the product. In order to accept the EULA, the operator has to scroll down to the end of the document in order for the “I agree to ….” radio button to become active. Once the EULA is accepted for the first time, it will not prompt again on future logins for the same operator. All operators who need to access the Web Client will need to accept the EULA.

To print the EULA, click the Print button.

After you've read the license agreement, select one of these two options:

I agree to the terms in the License Agreement	Selecting this radio button means you have read and agreed to the terms in the EULA. Clicking OK will allow you to continue with the login process.
I do not accept the License Agreement	Selecting this radio button means you have read and DO NOT agree to the terms in the EULA. Clicking OK will NOT allow you to proceed into the Web Client and return back to the login screen.

System Use Notification

The System Use Notification is an optional feature intended for organizations that want to display a banner before accessing the Web Client. This banner is typically used to inform the operator they are accessing a restricted system.

A Velocity Administrator needs to enable this optional feature within Velocity (Preferences → Miscellaneous) if required to be used. Once the option is enabled and the customer selects their defined “HTM” or “HTML” file a banner like the example below will appear every time an operator attempts to login. The banner will need to be accepted before they can login to the Web Client.

The banner below is a sample only of the System Use Notification:

After you've read the System Use Notification banner, select one of these two options:

Accept

Clicking Accept means you have read and agreed to the terms in the System Use Notification banner and will allow you to continue with the login process.

Cancel

Clicking Cancel means you have read and DO NOT agree to the terms specified in the System Use Notification banner. Hence the system will not allow you to login to the Web Client and returns back to the login screen without the Login button being visible. Clicking the refresh icon on the address bar will bring the System Use Notification banner back and will have to be accepted before you can proceed to login.

Menu Settings

After you successfully login to the Web Client, there is an Operator drop-down menu (below the Identiv logo) as shown below:

The menu options are explained below.

About ()	This dialog shows version information for the Velocity Web, Velocity Web Services Client, and Velocity DB.
Help ()	This link opens the Velocity Web Services Client User’s Guide in PDF format.
Settings ()	Here, you can configure operator specific and global settings for the various web client tabs. Settings that contain an asterisk () are global settings that apply to all operators and therefore only operators who are members of the Administrator Role within Velocity have the ability to change them. In the Settings* () -> General tab: You can choose your Landing Page, which will be the default page displayed when you login. The default page is Enrollment. You can choose your Region from the drop-down, which will determine the date and time format. You can choose the Badge Printing Method range from the up and down toggle button. This determines the quality of the Badge image that will affect the full system. The range is between 1-5. Session Timeout Allowed: Is the time your web session will be active after being idle, between 1 - 240 minutes (4 hours). Once the timeout is reached and you attempt to perform an action the system will take you back to the login page. This setting is per operator. The default value is 15 minutes. In the Settings () -> Enrollment tab You can set the *Query Size, which will determine the Enrollment Manager Search results (between 5 - 50). The default value is 10. You can disable the *Display Photo in Enrollment by unchecking this option. The default is checked. In the Settings () -> Alarm Viewer tab: You can set the *System Wide Settings by checking the available options. The settings with an asterisk () are only available to Operators who are members of the Administrator Role. When you make changes to the "Report Return to Normal Alarms" option you will need to restart the Velocity client for the changes to take effect on the web client. Always Show Instructions Stack Alarms of similar type Report Return to Normal Alarms Auto acknowledge of Return to Normal Auto clean Return to Normal You can enable the Alarm Alerts* (Pop-ups) by checking this option. The default is Unchecked. You can set the Maximum Page Size, which determines how many alarms to display per page (between 1 - 100). The default is 50. You can set the Alarm Sorting of your preference (recent to oldest or oldest to recent). You can set the Alarm Acknowledge Options based on your Role permission defined in Velocity. Require Acknowledge before Clearing: Check this box if you require an operator to acknowledge an alarm before it can be cleared. If left unchecked, the operator can clear an alarm whether it has been acknowledged or not. The default is checked. Require Entry of Note on Acknowledge: Check this box to require operators to enter a note whenever they acknowledge an alarm. When the operator acknowledges an alarm, the Operator Comments dialog appears. The operator must then enter a comment before continuing. The default is unchecked. Force New Note for Multiple Acknowledge: This box is only activated when the 'Require Entry of Note on Acknowledge' option is selected. Check this box to require the operator to enter a note every time he/she uses the Acknowledge All feature. When the operator acknowledges all current unacknowledged alarms, the Operator Comments dialog appears. The operator must then enter a comment before continuing. The default is unchecked. Require Entry of Note on Clear: Check this box to require operators to enter a note whenever they clear an alarm. When the operator clears an alarm, the Operator Comments dialog appears. The operator must then enter a comment before continuing. The default is unchecked. Force New Note for Multiple Clear: This box is only activated when the 'Require Entry of Note on Clear' option is selected. Check this box to require the operator to enter a note every time he/she uses the Clear All feature. When the operator clears all current unacknowledged alarms, the Operator Comments dialog appears. The operator must then enter a comment before continuing. The default is unchecked. Repeat Multimedia Until Acknowledged: Check this box to repeat the sound associated with an alarm until that alarm is acknowledged. In the 'Delay (1 - 65s)' field, enter the number of seconds allowed before it repeats the sound. The default is unchecked. Disable Default Alarm Sound (Beep): Check this box to disable only the default sound (but not any customized alarm sound). This setting applies only to the current operator; it is not a system-wide setting. The default is unchecked. Disable Customized Alarm Sounds (Audio Response): Check this box to disable only the customized alarm sounds (but not the default alarm sound). This setting applies only to the current operator; it is not a system-wide setting. The default is unchecked. Allow Alarm Sound in the Background on New Alarm: Enabling this checkbox allows the alarm sound to be heard even when working in other tabs if the alarm sound is active. In the Settings () -> Events tab: You can set Maximum Lines To Display, which determines how many lines to display in the Event Viewer (between 1-1500). Once it reaches the maximum, the operator won't be able to retrieve older events. The default is 100. You can set the Maximum Page Size, which determines how many events to display per page (between 1 - 100). The default is 50. Check the Load Cached Events option if you want to populate the Event Window with previous events. In the Show Events section, you can check the checkboxes for the tabs where you want the Event window to display. In the Settings () -> Photo Call-Up tab: Checking the Photo Call-Up Basic View box, will only display the picture and person name instead of displaying the full badge template. This setting will help with system performance. Example of full badge template (left) and Basic View (right). In the Settings () -> Status Dashboard tab: You can select which widgets you want to display in the Status Dashboard tab. The Auto Refresh feature reloads after a set number of seconds and shows the latest data on the People/Credentials, Performance Status, and Online Active Users Widgets. An operator can set the refresh interval from 5 - 60 seconds and different refresh times per Widget. The Auto Refresh is checked by default, and the default Delay is 10 seconds. These settings are per operator. In the Settings() -> Security Settings tab: All these settings are global and apply to ALL operators. Only operators who are members of the Administrator Role can see this tab. Max failed attempts: Specify the amount of failed login attempts allowed, between 1 - 10, after which the operator account will be locked. The default value is 4. Max failed attempts during this time is considered an attack: Specify the time period, between 1 - 120 seconds, allowed for failed login attempts. If an operator exceeds the Max failed attempts during this period, it is considered an attack, and the operator's account will be locked. The default value is 60 seconds. Operator lockout duration: Specify the time duration, between 1 - 60 minutes, for which the operator account will remain locked. The default value is 1 minute. Lockout per IP Address: Check this box if you want to track the failed attempts from a single IP Address or leave it unchecked to count failed attempts from any IP Address. The default is unchecked. *Enforce Two-factor Authentication (IDENTIV uTrust FIDO2): By checking this box, ALL operators are forced to login to the Web Client using a uTrust FIDO2 Security Key in addition to the usual username and password. To use this feature, a secure connection (i.e… HTTPS) is required. Administrators can configure Security Keys within Device Control → Operators.
Logout ()	This will logout the operator from the Web Client and return to the Login page.
Expand Menu	Click this expanded view to view the menu tabs along with their names. Users can click on the tabs from the menu bar to view the information.
Collapse Menu	Click this collapse view to hide the menu bar, giving extra space to view information. Hovering the mouse over the icons will display the name of the respective tab.

Enrollment Tab

The Enrollment tab provides the most important functionality. The page enables you to combine a Credential and Person (photograph optional) to create an access privilege for each user.

By default, the available columns are Last Name, First Name, Middle Name, and Updated. If needed, the columns can be changed by clicking on the gear icon

Please refer to Configure Column Headers for more details.

Person Information

To access the Person Information screen click on the person row from the person list. This is where basic details about a person are entered.

The Credential(s) associated with this person are listed in the Credentials section (top table), and their person information is listed below. You can click the "<-Person Groups…" back link in the top left to return to the main list.

ID	This is a read-only field generated by the system. Each person's record has a unique ID.
Record Last Updated	This is a read-only field generated by the system indicating the date (MM/DD/YYYY) and time when this record was last updated.
Name (First, Middle, Last)	If required, select a prefix for this person from the picklist. Options include: Mr., Mrs., Ms., and Dr. Type a first name for this person (up to 32 characters). This is a required field. If required, type a middle name or initial for this person (up to 32 characters). Type a last name for this person (up to 80 characters). This is a required field. If required, select a suffix for this person from the picklist. Options include: Jr. and Sr.
TAB1	A maximum of 10 tabs can be configured and used to place UDF 15 - 999 across the 10 tabs. This configuration needs to be done within the Velocity application. By default, only tab 1 is used with UDF 15 - 36.
Groups	This tab allows you to add the person to one or more groups. Person Groups need to be created within the Velocity application.
Additional Images	The Additional Images tab appears after the Person Information is added and saved. This enables qualified operators to include more than one image for each person. This image can show side views or additional front views of the enrolled person as well as other identifying images. Before you can access any additional images, you must first define the user placeholders in the User Defined Fields option within the Velocity application.
Additional Notes	This tab provides a free-form large text field, organized by category, that can be used for site specific purposes related to individuals. Additional Notes are similar to UDFs but are intended for larger free-formatted text that is easy to read and edit. Before you can access any additional notes, you must first define the Note Categories in the User Defined Setup - Additional Notes Tab in Velocity. If there aren't any Categories configured, the user won't be able to write notes.
Photo	The Photo field displays the photo of the person. The Edit Photo options are: Upload Photo: Allows you to select and upload an existing photo file. Capture Photo: Allows you to view a live image, capture the photo and show a preview of your photo after taking a snapshot from a webcam. Remove: Allows you to delete the current photo image.
Signature	The signature field allows you to import a signature image of file type: .jpg, .jpeg, .png or .bmp
Delete Person	Click this button to delete this person from the system, a confirmation dialogue box will appear asking you to confirm your selection.
Undo Changes	Click this button to undo the most recent change.
Update Via Smart Card	Select the Person record from the Enrollment list and click the Update Via Smart Card button, which will redirect to the PIV Enrollment window to scan and update the person information. To know more please refer to PIV Enrollment.
Apply Changes	Click this button to save changes.

Person Groups

Use the dropdown arrow to select All available groups, Everyone, or a defined person group from the list. Based on the group selection, the bottom panel will show the list of people assigned to that group.

Search in this group

The Search in this group field allows you to search for any enrolled person based on first, middle, or last name in the selected Person Group. The Search screen looks like this.

The search results, by default, will show 10 records and appear instantly as you begin to type. The results are displayed as last name, first name, middle name, as shown below.

Pressing Enter in the Search results will provide a filtered list within the Enrollment tab.

Depending on the user's role, the default option will be the first available Person Group. If we need to do a wider search we recommend using the "All AvailableGroups", where all the Person Groups available for the user's role will be merged in one person list for searching in all groups.

The search results can be configured to display between 5 - 50 within Settings | Enrollment tab.

Advanced Search

When you click Advanced Search, the below window appears.

This window includes the following fields and buttons:

Field	This picklist provides a list of field names from the Person Information which you can use to search on. For example, if you want to search for a person by their last name, you would select the Last Name option from the “Field” picklist.
Function	Supply the first and second elements of the search argument you want to use for searching the person database. (First Search Field Argument) is: The person you are searching for is the second element. is not: The person you are searching for is not the second element. The possible values for the second element appear in this picklist and vary depending on your “Field” selection: (Second Search Field Argument) equal to: The person you are searching for has a value that is identical to the selected field value. less than: The person you are searching for has a value less than that you specified in the 'Value' field. greater than: The person you are searching for has a value greater than that you specified in the 'Value' field. between: If you select a UDF that is defined as a date type, you can use this term. Two combo boxes appear into which you can enter the range of dates between which you want to search. starting with: The person you are searching for has a value that starts with that you specify in the 'Value' field. like: The person you are searching for has a value that is similar to the selected field value. For example, if you specified a value of 'Smith' in the 'Value' field, Enrollment Manager searches for a value like 'Smith' such as 'Smithon' or 'Smithers'. within: If you select a UDF that is defined as a date type, you can use this term. Three combo boxes appear: two boxes enabling you to determine the range of your search and a box specifying the period (e.g. an hour, 12 hours, a year) for which you are searching. If you select either less than or greater than as a second search argument, a check box appears to the right of the second search argument picklist. or equal to: This checkbox will appear if you select less than or greater than in the second search field argument. Check this box to indicate that the search term is actually less than or equal to, or greater than or equal to.
Search field Variable field	After you have selected an option in the 'Field' combo box and the required options in the 'Function' fields, one or more panes or combo boxes appear below the argument combo box. Click the search box to type as you begin typing, and suggested results will appear below the search box, if one of the suggested results is the item you need, simply click on it to be taken to it directly. Click the variable field box to use the drop-down list to select the component directly. Depending on the size of the database there might be a delay in retrieving and populating this list.
Value Field	Enter a value for this search in this text window. The functions you selected above apply to this. If your selected argument is “is equal to”, all values relevant to this Value Field appear. For example, if you specified Last Name in the 'Field' picklist and is equal to in the 'Function' picklist, all relevant last names appear in this field. Click to select one or more values relevant to your present search. If you have selected either between or within as your second search argument, two new text fields appear like in this example: If you specified an like condition and are trying to find a variation of the value you entered in the 'Value' field, use any of several wildcards including %, _, [ ], and [^].
Add	Click this button to add this element. If you edit the argument after it is added, the button changes to Update.
Search Results Window	All added arguments are displayed in the Search Results Window. If more than one argument appears here, then additional conditions, like AND or OR are added here.
Apply Search	Click this button to begin the search on all the groups.
Close	Click this button to close the search and return to Enrollment.

Find Credential

When you click the Find Credential, the below window appears.

The Find Credential looks for specific credential information by entering data for the following fields:

Credential ID	Selecting this radio button allows you to search on the unique Credential ID number of a particular person's credential.
Card Stamp Number	Selecting this radio button allows you to search on the Card Stamp Number field if populated within the credential. This is not a mandatory field so it might not be used. The card stamp number is the number that appears printed on the card.
Match Code	Selecting this radio button allows you to search on the MATCH field of a credential. If you are using PIN only credentials then this field will be blank.
Card Data	Selecting this radio button allows you to search on the Data field of a credential.
PIN Code	Selecting this radio button allows you to search on the PIN code of a credential. If you are using Card only credentials then this field will be blank.
Apply search	Click this button to search the database for the specified credential.
Contains criteria	This checkbox is activated while selecting Credential Stamp Number, Match Code and Card Data. It is grayed out for Credential ID and PIN Code. We can input partial information if we don't remember the full number and apply a search.

Search Results table

After doing a search with any of the previous criteria, we will see the available credentials that match the criteria. The available column information will depend on the user personal Column Configuration in Unassigned and Guest Credentials by clicking on the gear icon .

Action	This lists the associated Settings, Preview Badge, and Print Badge of the associated credentials. Refer to Credentials and Preview Badge and Print Badge for more details.
PID	This is a read-only field displaying the unique Person ID associated with this person.
CID	This is a read-only field displaying the unique Credential ID associated with this credential.
Last Name	This is a read-only field displaying the last name of the person associated with this credential.
First Name	This is a read-only field displaying the first name of the person associated with this credential.
IDF	This is a read-only field displaying the ID Format associated with this credential.
Function	This is a read-only field displaying the type of function associated with this credential.
Description	This is a read-only field displaying the description given to this credential.
Status	This is a read-only field displaying the current status of the credential.
Issue Status	This is a read-only field displaying your Current Issue Status for this credential.
Expires On	This is a read-only field displaying the date\time when the credential will expire.
Last Access	This is a read-only field displaying the date\time of the last access granted for this credential.
Last Door	This is a read-only field displaying the name of the last door where this credential had an access-granted transaction.
Tag	This is a read-only field displaying whether or not the credential is set to generate a tag alarm.
Alert	This is a read-only field displaying whether or not the credential is set to generate an alert notification.
Stamp	This is a read-only field displaying the Stamp number given to this credential.
Pagination	Click the link to know more about Pagination functions.

Add Credential

To assign a new credential to a person:

Click the Enrollment tab and select the person to whom you want to assign a credential to.

From Credentials, click the Add Credential button. Select a Default or existing Credential Template or Click the Add Credential option. The Credential Properties window appears.

General Tab in Credential Properties

General Tab
ID	This is a read-only field. The system generates this unique ID number for each credential created. This is also known as the Credential ID.
Link to	Check this box to link this credential to a Credential Template specified in the picklist. This means that if this Credential Template is changed, the credentials associated with this template also change. A pop-up confirmation box will appear asking you to confirm your action. If this box is not checked, this credential is independent of any Credential Template.
Badge Template	From the drop-down list, select the Badge Template you want to associate to this credential. Only those Badge Templates already defined and associated with your Role are displayed in this drop-down list. Badge Templates are created from the Velocity application using Badge Designer. A Badge Template must be selected in order to Preview and/or Print a Badge using this icon .
Description	Enter a brief description for this credential (up to 50 characters).
IDF	Select one of the available IDFs from the drop-down list. The default is, 1 - Keypad. The options are: 0 - Badge Only 1 - Keypad 2 - Card 3 - Dual 4 - Card+Dual 5 - Keypad+Dual 6 - Keypad+Card 7 - Keypad/Card/Dual
Card	If you select any card IDF option (card, dual, card+dual, keypad+dual, keypad+card, or keypad/card/dual) from the IDF field, this section is activated.
Type	Select from the drop-down list the type\format of card this is. The default is, Std 26-Bit Wiegand. The options are: Std 26-Bit Wiegand Std 27-Bit Wiegand Std 28-Bit Wiegand Std 29-Bit Wiegand One-Field ABA Special 1 - 30 Passthrough Special 32 - 37 Octal passthru Special 39 200-bit FASCN 200-bit 37-Bit Wiegand hex 37-Bit Wiegand NP hex Octal to Hex
Stamp #	This optional field is most often used for record-keeping. This is the number that is printed on the card (normally on the backside).
Data	Type the data appearing on this card. This is for manual registration only, use an enrollment station if one is connected. This number is often the same as the hot stamp number. If you are not swiping this card to generate a MATCH number, this field must be filled in order to generate a MATCH number. Please refer to your card provider for these details.
MATCH	Do one of the following: Enter numbers in the 'Data' field (hit Enter key), and Velocity automatically generates a MATCH number for this field. Type in the MATCH number from the cross-reference list. Swipe the new card through the attached enrollment station. The field is automatically populated. This is usually an 8 - 16 digit number, but it is a 32 digit number for a 200-bit card.
Activation /Expiration Date
Activate	The date and time when the credential will become active.
Expire	The date and time when the credential will no longer be active. If the person possessing the credential attempts to use this credential after the expiration date, the system will deny the attempt. If you want to activate this feature and change the date that appears in this field: Check the 'Expire' box to the left of the field Click the button, the Set Expiration Dialog appears Specify the date and time; either a specific date or a UDF date Click OK If a credential is linked to a Credential Template then setting the linked Credential Template’s expiration date to a future date will override and re-enable linked credentials that are currently disabled.
On Expiration	This field is activated when the 'Expire' checkbox is selected. Three options are available: Disable - click this radio button to indicate that this card/code is disabled on expiration. The card/code is stored in the database and cannot be reused. Delete from Controllers - click this radio button to indicate that this card/code is deleted from all controllers. The card/code is stored in the database and cannot be reused. Disable and Unassign - click this radio button to indicate that this card/code is disabled and unassigned at expiration. The card/code is stored in the database and can be reused by selecting the credential from unassigned, assigning the unassigned credential to a person, then re-activating it. This feature will not work unless the Activate/Deactivate Credentials schedule is enabled in the Scheduling Agent. This is done from Velocity.
Code	If you select any keypad option -- including keypad, dual, card+dual, keypad+dual, keypad+card or keypad/card/dual -- from the IDF field, this section is activated.
Length	Use the drop-down to specify how many digits this code must be. The range is 3 - 15 digits. The default is 4 digits.
PIN/Confirm	Either type in a new PIN in the field or click Auto to automatically generate a PIN. Confirm PIN field will be displayed when the Display PIN option is unchecked in the Velocity application. In this mode pins entered cannot be viewed or auto generated.
Auto	Click this button to automatically generate a new pin code.
Duress Digit	Use the drop-down to specify a duress digit for the credential. The available duress digits are 1 - 9. The default is 0, indicating that no duress digit is required for this code.
Apply Changes	Click this button to save changes.
Cancel	Click this button to discard changes and exit this window.

Set Expiration Date

The expiration date in the General tab of the Credential Properties determines when the credentials become disabled.

Expire	Click to check this box if you want this credential to expire on a specific date and time. The date\time field to the right is activated.
	At the date field, use the down arrow, to the right of this combo box to display a calendar. Select the month and day on which this card/code is expired. You can use the arrow keys to go side to side or up and down for values. The current time is automatically supplied. To change this, click in the time fields and enter new values as required.
Expire on UDF Date	Click to select this radio button if you want this credential to expire on a date specified by a value in a UDF field. The time when the expiration takes place is always the end of the last minute before midnight (11:59 PM) on the date designated by the UDF.
OK	Clicking OK returns to the Credential Properties General page. The expiration date you specified now appears in the 'Expire' field.

Functions Tab in Credential Properties

Function Category	From this drop-down list, select the function category for this credential. The categories include: Access Relay Alarm Password Special Function Group The fields below will change depending on the function category selected.
Function	From this drop-down list, select the function. The options will vary depending on the Function Category selected above.
Door Group	If you select Access or Password from the 'Function Category' drop-down list, this combo box appears. Select a Door Group from the list based on your Role permissions.
Controller	If you select Relay or Alarm from the ‘Function Category’ drop-down list, this combo box appears. Select the Controller that the specified Control Zone affects.
Control Zone	If you select Relay or Alarm from the 'Function Category' drop-down list, this combo box appears. Specify the Control Zone that specifies the relay(s) or input(s) and their behavior. Both Standard and Master Control Zones are included in this list.
Function Group	If you select Function Group from the ‘Function Category’ drop-down, this combo box appears. Select an existing Function Group from the list.
Special	Alarm Cancel: Cancel all alarms within the specified zone. When you select this function, the 'Door Group' combo box appears. Select the door group to which this function applies. The default is all doors, always. Watch Log: Logs code entry for tracking guards on their appointed rounds. When you select this function, the 'Door Group' combo box appears. Select the door group to which this function applies. The default is all doors, always. Time Log: Logs code entry for recording the arrival and departure times of time log code holders. When you select this function, the 'Door Group' combo box appears. Select the door group to which this function applies. The default is all doors, always. Deadman Timer: Starts a deadman timer at code/card entry. If the timer expires before the employee's next code/card entry, an alarm is recorded. When you select this function, three combo boxes appear: Controller, Control Zone, and Time(Sec). Indexed Command: If you select Indexed Command from the ‘Functions’ drop-down, this combo box appears which specifies several subfunctions. Manual Holiday Table (1-4) Manual UnHoliday Table (1-4) Forgive all Users Clear Code Tamper Count Users This Side Count Users Other Side Set Threat Level: If you select Set Threat Level from the ‘Functions’ dropdown, this combo box appears. Specify the Threat Level range from 0-99.
Save Changes	Click this button to save the configurations made.
Cancel	Click this button to discard and exit this window.

Limits Tab in Credential Properties

Limits
Apply Credential Management Globally in DIGI*TRAC	Check this box to indicate that the credential management limits specified here are shared amongst all controllers connected to the same Xbox. Before this feature can be applied, you must first check the 'Enable Global Credential Management' box on the Setup page of the Controller Properties dialog for each affected controller. For example, if a person using this credential exceeds the use limit at one door, that information is shared with all other controllers on the same Xbox. This makes it impossible for the credential to be used at another door even if it is controlled by another controller.
Threat Authority	Use the drop-down to increase or decrease the Threat Level for this Credential. At the specified Threat Level, the credential is no longer honored, and access is no longer allowed. The default is Level 00. This indicates that no threat level has been set for this Credential.
Day/Use/Absentee Limits
No Limit	Click this radio button to indicate that there are no limits for this Credential. This is the default setting.
Day Limiting	Click this radio button to specify that credentials expire after a specified number of days (a day is defined as running from midnight to midnight). Specify the days in the 'Day/Use/Absentee' field to the right. The range is from 1 - 255.
Use Limiting	Click this radio button to specify that credentials expire after a specified number of uses. Specify the uses in the 'Day/Use/Absentee' field to the right. The range is from 1 - 255.
Absentee Limiting	Click this radio button to specify that credentials expire after a specified number of recorded absences. Specify the absences in the 'Day/Use/Absentee' field to the right. The range is from 1 - 254.
Day/Use/Absentee Count	Use the spin control arrows to increase or decrease the number of days, uses, or absences the credential is allowed before it expires. The units specified here depend on the radio button selected: If you select Day Limiting, the count is in days (1 - 255) If you select Use Limiting, the count is in uses (1 - 255) If you select Absentee Limiting, the count is in absences (1 - 254) The default selection is No Limit and the counter value default is 1.
2-Person Rule	The following combinations of credential limits are valid at a 2-Person Rule enabled Door: Normal: Click this radio button to indicate that the normal 2-Person Rule applies to the credential. This person can access a 2-Person Rule-enabled door with any other person possessing a Normal, A/B Rule "A", or A/B Rule "B" designation. A/B Rule A: Two-Person "A/B" Rule. If one person has an A/B Rule "A" specified in the limits for their credential, they need to find someone with an A/B Rule "B" or a 'Normal' designation in order to unlock a 2-Person Rule enabled door. This is particularly useful for supervisor/trainee access privileges. A/B Rule B: Two-Person "A/B" Rule. If one person has an A/B Rule 'B' selected in the limits for their credential, they need to find someone with an A/B Rule "A" or a 'Normal' designation in order to unlock a 2-Person Rule enabled door. This is particularly useful for supervisor/trainee access privileges. Executive Override: Two-Person Executive Override. This allows the holder of this credential to override the 2-Person Rule. It only takes this credential to unlock the door, even if the door normally requires two people.
Save Changes	Click this button to save changes.
Cancel	Click this button to discard changes and exit this window.

Options Tab in Credential Properties

Actions
Tag	Check this box to indicate the credential is tagged. A tagged alarm will be generated at the host.
Alert	Check this box to indicate the credential causes an alert. An audible alert will be generated at the door.
Disable	Check this box to disable the credential. All actions from this credential will be denied.
Reader Control Groups	Select a Reader Control Group from this drop-down list to associate with this credential.
Passback
Executive Override	Check this box to designate that this credential allows executive override.
Special Needs
Special Needs Time Access Extension	Check this box to designate that this credential allows an unlock extension beyond the normal unlock interval for special needs, such as wheelchair access or large parcel delivery. Before this feature is enabled, you must first specify intervals in the 'Special Needs Time Extensions' section of the Setup page of the Controller Properties.
Override Scramble Keypad Display	Check this box to bypass the scramble keypad display option set in the door/reader properties to override keypad scramble for the dual credential.
Current Issue Status
	Enables an operator to document the current status of a credential. This is particularly helpful if the credential has been lost, stolen, or destroyed for some reason. Either type (up to 32 characters) or select one of the available status options from the drop-down list. The list options include: ● Lost ● Stolen ● Destroyed In addition to these default options, a qualified operator can also define new issue status conditions by defining one of the available Issue Control Reasons through the Components subfolder in the Customization Manager in the Velocity application. Under the Components subfolder, select Enrollment Manager - Credential, then in the right panel, Item column, scroll down to the DefaultListItem and modify one of the defaults <Reserved for Issue Control Reason> values, as shown in the following example:
Print Control
Enable Print Control	Check this box to enable print control. Print control is a feature that restricts the number of badges that can be printed using this credential. A qualified operator can enable Print Control globally using Enrollment Manager Preferences from the Velocity application.
Attempts	A read-only field indicating the number of attempts that were made to print the badge associated with this credential. This count and the Confirmed count will be identical unless you check the Display print confirmation box below.
Confirmed	A read-only field indicating the number of badges based on this credential that were printed. This number cannot exceed the prescribed Max field. This count and the Attempts count will be identical unless you check the Display print confirmation box below.
Max	Enter the maximum number of badges that can be printed for this credential. Velocity will not allow either the Attempts or Confirmed counts to exceed the value entered here, unless the operator printing the badge is assigned to a role that allows overriding of print control. A qualified operator can specify a maximum count globally using Enrollment Manager Preferences from the Velocity application.
Display Print Confirmation	Check this box to enable confirmation when a badge based on this credential attempts to print. This means that whenever an operator prints a badge based on this credential, Velocity prompts the operator to indicate whether the badge successfully printed. If the operator indicates that the badge did print properly, both the Attempts and Confirmed fields are incremented by one. If the operator indicates that the badge did not print properly, only the Attempts field is incremented.
Issue Control
Enable Issue Control	Check this box to enable issue control.
Count	A read-only field indicating the number of times this credential has been issued. This figure cannot exceed the Max count you enter.
Max	Enter the maximum number of times this credential can be issued. Velocity will not allow the Count field to exceed the value entered here.
Issue List	A list of issues appears in this table. The first issue indicates the initial issue of the card. Subsequent entries indicate that the credential was reissued. Each issue is identified by its issue number, the reason for its issue, and the date of its issuance. To review or edit an entry in this table, double-click on the entry and the Reissue Credential dialog appears.
Save Changes	Click this button to save your configurations made.
Cancel	Click this button to discard and exit this window.

Use the Configure Column Headers button to select the columns to appear in the page viewer.

Person Groups

The Person Groups In Enrollment tab allows you to group people into logical units. Person Groups enable people to be placed in different role-controlled views. These views determine which persons a specific operator can see in Enrollment based on the operator's role.

Adding People to Person Groups

Select the Person Name from the list.
Click the Groups tab. The Person Group(s) is displayed based on Role permissions.
Select the checkbox of the Person Group you want this person to be part of and click Apply Changes. The added person is displayed on the left pane under the Person Group.

To remove people from Person Group(s), uncheck the Groups checkbox and click Apply Changes. By default, all people belong to the Everyone Group.

Credentials

A credential is a compilation of vital security information associated with a person. The completed credential is a security profile unique to that person. Depending on the IDF selection, a credential is used with either a card, pin, or both.

Click the Enrollment tab and select a person. The Credentials pane will list the credential(s) associated with this person.

The below table describes the list of fields and actions that can be performed on the Credentials pane:

IDF	This is the IDF option assigned to this credential.
CID	This is a read-only field. The system generates a unique Credential ID number for each credential created.
Function	Displays the function defined for the Credential.
Description	Displays a brief description of the credential.
Status	Displays the credentials status (Active, Disabled, etc...).
Issue Status	Displays the credentials issue status (Lost, Stolen, Destroyed, etc...).
Expires On	Displays the date and time when this credential will expire. If the person possessing this credential attempts to use this credential after the expiration date, it will be denied.
Last Access	Displays the last time stamp that the Credential accessed.
Last Door	Displays the name of the last door that the Credential accessed.
Tag	Specifies if the credential is tagged (✓) or not (-).
Alert	Specifies if the credential is set to alert (✓) or not (-).
Stamp	Display the specific Stamp Number configured in this credential. This option is available to all IDF except 1 - Keypad
	Drop-down lists the following options (you can apply this to an individual credential with right click as well: Tag: Select this option to tag the specified credential. A check mark appears before the option. It can be deactivated at any time by re-selecting the checked option. Alert: Select this option to alert the specified credential. A check mark appears before the option. It can be deactivated at any time by re-selecting the checked option. Disable: Select this option to disable the specified credential. A check mark appears before the option. It can be re-enabled at any time by re-selecting the checked option. Forgive Passback: Select this option to forgive any passback violation for this credential. The event appears in the Event Viewer. This option is particularly useful in an emergency when a passback violation must be forgiven in order to get people out of a passback area as quickly as possible. Override Code Tamper: This allows a credential that has been disabled because of code tamper to be reused. This event appears in the Event Viewer. Reset Limit Count: Select this option to reset the limit count for this credential to the default value. The event appears in the Event Viewer. This essentially gives an extension to the credential holder. Force Download: Select this option to force an immediate download of this credential's information to the relevant controllers. Assign: Only available if the credential is in the unassigned queue. Unassign: Select this option to unassign this credential from the current person. The credential disappears from the Credential pane and is added to the Unassigned Credentials queue in the left column of the Enrollment pane. Edit: Click this option to edit the Credential properties of the current person. Delete: Select this option to delete the credential from the current person. A prompt appears asking you to confirm your choice. Click Yes and the credential is permanently removed from the system.

Preview Badge and Print Badge

After the required credentials fields are added (refer to Credentials for more details), the Preview Badge and Print Badge buttons appear in the Credentials panel as shown.

Although you can immediately print a badge from the Enrollment tab, it is often a good idea to preview it before you do. This can reveal any conflicts that might exist between the Badge Template you have chosen, the information that must appear on the badge, and the badge printer you are using.

The steps for previewing and printing the badges are:

Click the Preview Badge button in Credentials and the screen appears as below.

After you click the Preview Badge, the screen appears as shown:

Click the Print Badge button to print directly from the Print Preview screen.

Double-sided Badge Templates can be previewed and printed on both sides. Printers that support double-sided printing are used to print such badge types. Before printing a double-sided badge you can preview both sides by clicking the Flip Badge button as shown below.

PIV Enrollment

PIV enrollment is activated through the Velocity Application first in order to get the Add Via Smart Card option in Enrollment. The entire enrollment setup is connected to a Web Client using a USB smart card reader.

Prerequisite: Before making use of the PIV Enrollment feature, the Velocity Certification Check Service (VCCS) must be licensed, installed, and configured through the Velocity Application.

Only users with appropriate role permission in Enrollment are authorized to read cards and validate them. If FICAM Mode is unchecked then the “Add Via Smart Card” option will not be visible.

Select Enrollment -> Add Via Smart Card as shown.

A link to Download Velocity Web PIV Reader is available, click Download.

Select “Allow pop-ups for http://localhost”

“Allow pop-ups for http://localhost” for the first time when you read a smart card.

A window displaying to download and install the Identiv Velocity Web PIV Reader software on your system as shown.

Click OK to install the Velocity Web PIV Reader software. The ReaderInstall.exe gets downloaded.

Installing the Velocity Web PIV Reader Software

Execute the ReaderInstall.exe. The window displays as shown.

Click Next to proceed and select the installation folder.
Click Next to confirm the installation and complete the installation as shown.

Click Close to exit.

The messages that appear while downloading and installing the Velocity Web PIV Reader software on your system differ based on the Browser you are using.

● In Edge, the message looks like the one below. Click OK to proceed.

Click Yes to proceed and install the PIV Reader software and continue further.

● In Firefox the message looks like the one below. Click OK to proceed.

Click Choose... to download the PIV Reader software and proceed further.

In Google Chrome the message looks like the one below. Click OK to proceed.

Select a profile from the Validation Profile drop-down and click Read Card to read the card information for the selected profile.

Based on the number of smart card readers that are attached to your system you may observe a window like the one below.

Select the valid card reader from the drop-down and click OK.

Depending on the reader (with PIN pad or without PIN pad), the PIV reader prompts to enter the PIN Code as shown. Enter the valid Pin Code and click Read Card.

If an invalid PIN is entered, then a message like the one below is shown.

After the PIV card certificate is read successfully, the results of the PIV card validation display.

Click Proceed with Enrollment after viewing the details of the card.

Click Apply Changes to save the card details for Enrollment.

If something goes wrong with the PIV card validation process, a Card Validation Incomplete red alert box is displayed as shown below.

Check the Validation Logs to rectify the errors and continue the steps to read the card information again.

Update Via Smart Card

Select the Person from the Enrollment list or use the Search field to type the name of the person to open the Person’s record which requires an update. Click the Update Via Smart Card button, which will redirect to the Verify Smart Card information screen. At this point please follow and continue from step 5 on PIV Enrollment.

Unassigned and Guest Credentials

To unassign a credential currently associated with a person:

Click the Enrollment tab to view the currently assigned credentials with persons.
Select a person to view the Credential details.
Right-click on the Credential and select Unassign from the drop-down options list.
Now, the credential disappears from the person's credential and is moved to the Unassigned Credentials tab. However, unassigned credentials are still active unless they are disabled.

Assigning Guest Credential to a Person

To assign a guest credential to a person.

Click the Unassigned and Guest Credentials tab, then in the "Type Credential" dropdown, select the option "Guest" to view the list of available Guest Credentials.
Select or right-click on the Guest Credential and select Unassign from the dropdown options list.
Now, the credential disappears from the Guest Credential and is moved to the Unassigned Credentials tab.
Go to the "Type Credential" dropdown and select Unassigned.
Select or right-click on the recently Unassigned credential and select Assign from the dropdown options list to assign the credential to a Person.

Once a Guest credential is moved to Unassigned and assigned to a person, you won’t be able to put it back as a Guest credential.

Alarm Viewer Tab

Alarms provide the necessary instructions for further processing. The instructions are useful to the user as an operator/administrator on how to proceed, what process to use, or who to call for a specific alarm.

Viewing Alarm Instructions

Click the Alarm Viewer tab, the Alarms and Acknowledged Alarms panel is displayed.

Alarms	This panel contains the column details of each Unacknowledged Alarm.
Action	From this menu the user can perform the task of acknowledging individual alarms or all available alarms, and also be able to add Operator Notes. This removes the alarm from the Alarms panel and moves it to the Acknowledged Alarms panel.
Icon	The available alarm status icons are: Refers to an unsecured alarm Refers to a secured alarm
Instructions	There are two different views to see the instructions. Always have instructions displayed: In this method, the instruction notes can be viewed in the table to read the instructions related to this alarm. If the instruction is too long, a "see more" link which will redirect to the full instruction page. No instructions displayed: In this method, the instruction notes will not be displayed, as in the table as shown below. If you click on the instructions icon a full instruction page will appear with the full instructions. This view depends on how an Administrator has their System Wide Settings configured in Alarm Viewer under menu settings
Operator Notes	There can be multiple notes added to the same alarm by different users. By clicking on the operator note icon a modal window will show all available notes for this alarm with the most recent note on top of the list. For more details, please refer to Operator Notes. Operator Notes cannot be edited or deleted.
Count	If you have checked Stack Alarms of similar type option in Settings→ Alarm Viewer → System Wide Settings, this column displays all occurrences of alarms for this device that are still unacknowledged. The earliest alarm is marked as 1 and each subsequent alarm is incremented. This is a Global Setting for all operators, only Admins can change this.
Host Time	The date and time this alarm occurred as recorded by the Velocity host.
Controller Time	The date and time this alarm occurred as recorded by the controller experiencing the alarm. This value will be different from the Host Time only if the controller is located in a different time zone, or if there is a delay between the time the alarm occurs on the controller and the time when it is received by the Velocity host.
Description	A brief description of the alarm. This should supply a message indicating what the alarm was.
Address	The unique address assigned to this alarm. This indicates the exact point where the alarm took place.
Level	The priority level assigned to this alarm. Initially, all alarms have the same level 1 priority.
Alarm ID	The ID associated with this alarm. Each alarm type has a unique Alarm ID.
Acknowledged Alarms	This pane contains the column details of each Acknowledged Alarm.
Action	From this menu the user can perform the task of clearing individual alarms or all available alarms and also be able to add Operator Notes. This removes the alarm from the Acknowledged Alarms panel.
Icon	The available alarm status icons are: Refers to an unsecured alarm Refers to a secured alarm
Instructions	There are two different views to see the instructions. Always have instructions displayed: In this method, the instruction notes can be viewed in the table to read the instructions related to this alarm. If the instruction is too long, a "see more" link which will redirect to the full instruction page. No instructions displayed: In this method, the instruction notes will not be displayed, as in the table as shown below. If you click on the instructions icon a full instruction page will appear with the full instructions. This view depends on how an Administrator has their System Wide Settings configured in Alarm Viewer under menu settings.
Operator Notes	There can be multiple notes added to the same alarm by different users. By clicking on the operator note icon a modal window will show all available notes for this alarm with the most recent note on top of the list. For more details, please refer to Operator Notes. Operator Notes cannot be edited or deleted.
Count	If you have checked Stack Alarms of similar type option in Settings→ Alarm Viewer → System Wide Settings, this column displays all occurrences of alarms for this device that are still unacknowledged. The earliest alarm is marked as 1 and each subsequent alarm is incremented. This is a Global Setting for all operators, only Admins can change this.
Host Time	The date and time this alarm occurred as recorded by the Velocity host.
Controller Time	The date and time this alarm occurred as recorded by the controller experiencing the alarm. This value will be different from the Host Time only if the controller is located in a different time zone, or if there is a delay between the time the alarm occurs on the controller and the time when it is received by the Velocity host.
Workstation	The Workstation name from where the alarm was acknowledged.
Acknowledge Time	The date and time when this alarm was acknowledged.
Description	A brief description of the alarm. This should supply a message indicating what the alarm was.
Address	The unique address assigned to this alarm. This indicates the exact point where the alarm took place.
Acknowledged By	The name of the operator acknowledging the alarm.

Use the Configure Column Headers gear icon to define which columns appear in the Alarm Viewer panels.

Acknowledging Alarms

To acknowledge a single alarm:

Click on the Alarm Viewer tab.
From the Alarms panel, click to select at least one alarm (or you can select all available from the top checkbox).
Click the Action menu and select Acknowledged Selected from the Action pop-up menu.

The alarm is moved to the Acknowledged Alarms panel and the alarm sound, if assigned, for that alarm is halted.

To acknowledge all alarms click on the Action menu and select Acknowledged All from the Action pop-up menu and all the alarms are moved to the Acknowledged Alarms panel and the alarm sound for all alarms are halted. These options are determined by your Role.

Clearing Alarms from Acknowledged Alarms

To clear a single alarm:

Click on the Alarm Viewer tab.
From the Acknowledged Alarms panel, click to select at least one alarm (or you can select all available from the top checkbox).
Click the Action menu and select Clear Selected from the Action pop-up menu.

To clear all acknowledged alarms click on the Action menu and select Clear All from the pop-up menu and all the alarms are cleared from the Alarms.

All alarms in the Acknowledged Alarms panel are cleared but a record of the alarms remains in the database for reporting purposes.

Operator Notes

When you add a note related to alarms, it is displayed on the left side column of the table.

To add an Operator Note to acknowledged or unacknowledged alarms:

Select Alarms/Acknowledged Alarms panel.
Click on the checkbox of the desired alarm. If you need to write the same note to several alarms you can multi-select different alarms from here.
Click the Action menu and from the drop-down select Add Operator Note.

The Operator Notes dialog appears.

Enter your notes in the section and Save Changes

The Operator Notes are generally made as a:

Response to a specific deviation from an expected alarm
Required response to an alarm
Description of how a specific alarm was resolved

The notes appear in the left column. The text is wrapped automatically, and a vertical scroll bar appears, if necessary. Use plus sign on the left to view the rest of the information.

Event Viewer Tab

The Event Viewer is a read-only screen displaying all events detected by the Web Client as they occur throughout the monitored systems. An Event Viewer screen within the Web Client looks like the one below.

You will notice that there is a vertical scroll bar enabling you to scroll up or down through a list of all currently recorded events. Events are color-coded by Event Type.

The columns that describe each event are described below:

Host Time	The date and time this event occurred as recorded by the Velocity host.
Controller Time	The date and time this event occurred as recorded by the controller reporting the event. This value will be different from the Host Time only if the controller is located in a different time zone, or if there is a delay between the time the event occurs on the controller and the time when it is received by the host.
Description	A brief description of the event. This should supply a message indicating what the event was.
Address	The unique address assigned to this event. This indicates the exact point where the event took place.
Event Type	The type of event that occurred. Many different types of events are tracked by the system; DIGITRAC External, DIGITRAC Internal, Software, Communications, Port, Controller, and so on. For more about this, refer to Event Types.
Event ID	The ID associated with this event. Each event has a unique Event ID.
Configure Column Headers	For more details refer Configure Column Headers.

Event Types

Click on the Filter Events By Type field so that the dropdown list of the available Event Types appear. Select one or more Event Types; the Event Viewer will only display the chosen filter events. The columns that describe each event type and ID range are mentioned below.

Event Type	Event ID Range	Description
Software	1001 - 1099	An event generated by the software.
Access	2000 - 2033	An event based on the type of access.
Internal	9001 - 9099	An event recorded within the device, such as a time zone change or a database correction.
External	4001 - 4099	An event was recorded at the attached device.
Alarm	5001 - 5999	An event that triggers an alarm, such as a DOTL or entry delay error.
Programming	8600 - 8750	An event that triggers when a programming mismatch or is not configured correctly.
Xbox	7000 - 7047	An event based on Xbox type.
Misc	8001 - 8499	An event that does not fit into any other category.
Ports	8501 - 8599	Events specific to the port, such as a port socket or port offline error.

Suspend scrolling of Events

In some situations, you may need to suspend scrolling temporarily. Doing so freezes the Event Viewer at the current spot and stops displaying new events.

Some reasons for suspending scrolling are:

Events are happening faster than the operator can monitor
An important event occurred and the operator wants to freeze the screen at that point

To temporarily Suspend/Resume scrolling:

Right-click anywhere within the Event Viewer screen and click Suspend scrolling.
This feature is available on all the tabs where the Event Viewer is displayed. Please refer to the Settings→Events tab for more information.
The background color on the screen changes (unless the normal and the suspended color values are the same), and the Event Viewer stops displaying new events until you Resume scrolling.
To Resume scrolling, right-click anywhere on the Event Viewer screen and click Resume scrolling.

Suspended scrolling is a temporary setting that is not saved and will revert back to scrolling when you refresh or go in and out of the Event Viewer tab. Events are not lost while scrolling is suspended; their display is just postponed. The Event Viewer caches any new events in a queue, and when scrolling resumes, these cached events are displayed in the Event Viewer at a rapid rate.

Custom Filters

Custom Filters are predefined combinations that the Events can use to sort which events are actually shown. Custom Filter can sort by one or more system components. Only specified components or event types are displayed in the Events tab.

The fields, buttons, and panes on this page include:

Filter Group	Click in this drop-down and either select one of the currently defined filter groups or enter the name of a new filter group. The default is <None>. To create a new filter group, select <New>.
Rename	In the Filter Group dropdown, select an available filter. When we do, the "Rename" button on the right will be enabled. Click on it, and a new dialogue box will appear where you can enter the new name for the selected Filter Group.
Delete	Click this button to delete the currently displayed Filter Group.
Select Filter Type
Limit: Only the criteria selected will be shown in the Event Viewer	Click this radio button to limit the display for this Filter Group to the filter elements selected below.
Exclusion: The selected criteria will NOT be shown in the Event Viewer	Click this radio button to exclude from display for this Filter Group all the filter elements selected below.
Criteria Builder	Use one or more of these fields (up to a maximum of seven fields) as filtering elements. Simply click the combo box and select an element from the pull-down list. Each element must be previously defined.
Port	The Port to which the system is connected. Select the appropriate port from the drop-down list. The default value is N/A. Only those Ports currently defined for this system appear in the list.
XBox	The Xbox to which the system is connected. Select the appropriate Xbox from the drop-down list. The default value is N/A. Only those Xboxes currently defined for this system appear in the list.
Controllers	The Controller to which the system is connected. Select the appropriate DIGITRAC or Mx controller from the drop-down list. The default value is N/A*. Only those Controllers currently defined for this system appear in the list.
Event	The Event type that the Event Viewer should use to filter. Select the appropriate event from the drop-down list. The default value is N/A. Only those Events currently prescribed for this system appear in the list.
Add	Click the Add button to include the selected elements into the definition for the displayed Filter Group. The filtering elements appear in the Selected Criteria pane.
Selected Criteria
Selected Criteria pane	When you click the Add button, a description of the new Criteria is displayed in this pane.
Delete	Click the Delete button to delete a selected filter description from the Selected Criteria pane.

Configure Custom Filters

Click the Events tab and select the Configure Filters button.
Custom Filter modal appears as shown below. Only Operators with appropriate permissions can add Custom Filter Group. Operators without appropriate permissions will not be able to add Custom Filter Group and the fields will be grayed out.

At the 'Filter Group' field, select <New> from the drop-down list.
In the Filter Type section, select either:

Limit: Only the criteria selected will be shown in the Event Viewer.
Exclusion: The selected criteria will NOT be shown in the Event Viewer.

In the Criteria Builder section, select the components/elements you need to either include or exclude (depending upon your selection in Step 4).

Click Add. The new filter appears in the Selected Criteria panel.

To add more filter criteria, repeat Steps 4 - 6.
When you're finished, click Save Changes, Filter Group Name dialogue box appears, enter the name of this filter group, and click Save and the criteria for the new filter group are saved.

To create more Filter Groups, repeat Steps 3 - 8.
When you're finished, do the following:

Save Changes: This will save the currently displayed Filter Group with the filters.
Save and Close: This will Save and Close the Custom Filter Group. To apply the filter group to the Event Viewer, Click the Custom Filter box to select the predefined Custom Filter. Once it is added, the Filter icon is displayed, indicating a filter applied. The name of the applied filter is displayed as shown below.

Cancel: Clicking this button will throw a popup warning box with options.

Yes: Click this button to save changes.
No: Click this button to ignore the changes made.
Cancel: Click this button to return to the Custom Filter screen.

To apply the Custom Filter you need to Save your changes, and go back to the Event Viewer to apply the desired filter. An operator can assign a different filter per Event Viewer when showing it on different tabs.

Configure Column Headers

Use the Configure Column Headers gear icon to select which columns appear and in what order in the Event Viewer.

By default, all column headers will be checked.
Check/uncheck the boxes of the columns you want to display/hide.

At least one column must be checked, and you are prevented from unchecking all columns.

You can reorder the columns by holding the + symbol and dragging it to the desired location.
When you're finished, click Save Changes.

Device Control Tab

The Device Control tab provides a hierarchical display of system components based on operator role. There are two main tree branches:

Velocity Configuration
DIGI*TRAC Configuration

When opening the tab, it will open in Command Sets by default, or the first folder the user has access to. These folders provide all the information an operator requires to define the hardware elements of this system. The subfolders comprising the Device Control are:

Command Sets	Command Sets allow you to group one or more DIGI*TRAC commands that can be triggered, such as access to a drug pantry or lobby.
Credential Templates	Credential Templates are profiles that enable you to bypass the time-consuming task of creating a new credential from scratch for every enrolled person.
Door Groups	A Door Group associates one or more doors (readers/keypads) with a time zone for the purpose of allowing door access during a specific time.
Network Global IO Configuration	Network Global IO Configuration mechanism where a set of controllers share credential zone access information and Global Control Zone data to implement Occupancy and Anti-Passback features as well as trigger Control Zone functionality across these controllers.
Reader Control Groups	Reader Control Groups enable a credential to achieve different actions when presented to different readers.
Holidays	Holidays can be defined with up to four holiday schedules. You can define holidays for the current and following year only.
Time Zones	You can define three possible types of Time Zones: Standard, Master and Grand Master Time Zones
Operators	Operators are the people who access\login to the web client to use the system.
Roles	A role is a list of tasks and features that are available to operators who are assigned that role.
Ports	The Port is where you define the communications to the controller. It allows you to select if it's Serial, IPv4 or IPv6 along with the associated Protocol of XNET, XNET 2 or XNET 3 depending on the type of SNIB you are utilizing (SNIB2 or SNIB3). If network ports are used you can also enter the network IP information within the Port Properties.
XBoxes	Xbox is a built-in gateway on the SNIB2 and SNIB3.
Controllers	Controllers are responsible for collecting input signals from readers\keypads, door contacts, RQE buttons or motion detectors and distributing output signals to all connected devices like audible devices, electric locking hardware, printer and Velocity server.
Doors	A door is defined as a group of devices (reader, input, relay) which can control access between two areas physically divided by a door.
Expansion Inputs	Most controllers do not possess enough base inputs to monitor all the alarms a large facility has. To increase the number of alarms that a controller can monitor, Hirsch provides a line of expansion input boards (also called alarm expansion boards) such as the AEB8, that can be installed in the controller to provide additional connections (expansion inputs) for alarms.
Expansion Relays	Most controllers contain only a few base relays, most of which are used by doors for locks and other outputs. If there are more output devices than the base relays can handle, expansion relay boards (REB8) can accommodate them.
Readers	Readers and keypads are those devices that require personal input. These devices include: Keypads/ScramblePads MATCH Reader Interface RS485 (includes the Three Factor Reader) Readers
Inputs	Input devices are all those switches and sensors that provide the controller with information about the status of the point. All input devices must be connected to the controller through Line Modules.
Relays	Relays (Outputs) are those remote devices such as magnetic locks, electric strikes, and audible signals - that are operated by relays in the controller.

Pagination is a method of dividing total content into discrete pages, thus presenting content in a limited and digestible manner.

Index

This refers to the total number of items as well as how many are selected. If you keep the mouse hovering near the down arrow you see three options:

Select all data, clicking this will select all the items in the selected folder (i.e... 256/256 items).
Invert current page, clicking this will select or deselect all the items from the current page (i.e... 25/256).
Clear all data, clicking this will deselect all the selected items from the current page.

Total items available

On the left to the Control buttons, the total number of items available is also displayed.

Controls

Allows you to go between the available pages. The arrows allow you to go to the next or previous page.

Page View

Allows you to select the number of items to view per page. The minimum is 10 and the maximum is 100 per page.

The default value is 25 / page.

Action Buttons

Click the Device Control tab.
Select or Right Click on a point so the Action Menu activates to let you choose Edit, Rename, Delete, Execute, Set as Default, Properties, Enable, Disable, Lockdown, Reset Encryption etc. The actions available are dependent on the point or folder you are in:

Edit: Allows to access the properties page and make needed changes.
Rename: Allows to change the name of the point without going into its properties page.
Delete: Removes the selected item from the system with a confirmation.
Set as Default: (applies to Credential Templates ONLY) allows you to set the selected template as the default.
Properties: (applies to Credential Templates ONLY) allows editing the Credential properties.
Execute: (applies to Command Sets ONLY) allows selected Command Set to be initiated on the specified controllers.
Enable/Disable: Allows you to enable or disable the selected point.
Lockdown: Restricts an Operator from using the Web Client.
Reset Encryption: Resets the encryption on the host side ONLY for communication with an XNET 2 or XNET 3 Port.

Any Operator who has permission can Add, Edit, Rename and Delete components under the Device Control tab. If more than one item is checked, the Edit & Rename options from the Action button or right-click menu will be greyed out and only the Delete option will be highlighted. This is because some options are only available for single selections and not for multiple selections. Placing the mouse over a greyed-out option will provide you a reason why it's not available. Either you do not have permission or the option is not available on multi-selections.

Search and Sort Arrows

Click this icon to open the Search dialog and type a name of what you are searching for. Then click the Search button.
Click the Reset button to cancel the search result.
Click the Close button to exit the Search box.
Click this icon to sort the column in ascending or descending order respectively.

Velocity Configuration

Adding Command Set

In the Device Control tab, expand the Velocity Configuration to display the Command Sets folder.
Click the Add Command Set button.

The Add Command Set window includes the following:

Name	Enter a name to describe this command set (up to 32 characters). This is a required field.
Controller	Select a Controller from the drop-down list or type to narrow down your selection list then select the controller. The command string you define within this command set will be sent to this controller.
Function	Select a function from the drop-down list to define the type of function this command set will perform.
Points / Control Zone	This field changes according to the function selected in the 'Function' drop-down list. If you select an Access function (such as Access, Unlock, Relock or Toggle Lock) this field displays a Points list and all the available points relevant to the selected controller are listed. If you select a Control function (such as Control Trigger, Alarm Mask, or Force On) this field displays a Control Zone list and all control zones relevant to the selected controller are listed.
Command	The system automatically supplies the command values in this text field according to the values you entered in the previous three fields. If required, you can modify the command displayed in this field by entering different arguments. Only one command with required arguments is allowed per string; however, you can add more strings to include more commands in this command set, if needed.
Add Command	Click this button to add the command string defined into the Command Strings pane. It is now part of the command set.
Save Changes	Click the Save Changes button to save this Command Set and exit out of the Add Command Set window.
Cancel	Click the Cancel button to ignore any changes made to the Command Set and exit out of the Add Command Set window.

Editing Command Set

To Edit a Command Set:

Select or Right Click on a Command Set entry so the Action Menu activates to let you choose Edit.
The Edit Command Set window is displayed.

The Edit Command Set is the same as the Add Command Set, except that an additional Edit and Remove button option is displayed which allows you to edit or remove an already added command from the Command Strings pane.

When multiple commands are added for the same controller they will be grouped into one line separated by commas.

Credential Templates

Credential Templates enable you to bypass the time-consuming task of creating a new credential from scratch. Using templates, you simply create a credential using a predefined template, generate the necessary card information, and you've created the necessary credential. If you have many employees, this shortcut can save many hours in the enrollment process.

For example, if you have twenty technicians, all of whom use the same lab doors and require the same access, you can create a single Lab Technician Credential Template and assign that template to every technician, thereby saving you the trouble of filling out the same credential information twenty times.

The General tab of the Credential Template Properties looks like this:

ID	This is a read-only field. The system generates a unique ID for each Credential Template. When you create a new Credential Template, the value (new) appears. This is replaced by a unique number when the credential is created.
Link new credentials to this template	Check this box to link any new credential to this template. This means that when this template is changed, the credentials associated with this template also change. A pop-up confirmation box will appear asking you to confirm your action. If this box is not checked, this Credential Template can be changed without rippling down to every enrollee associated with the Credential Template.
Description	Type a brief description of this Credential Template (up to 50 characters).
Badge Template	From the drop-down list, select the Badge Template you want to link to this Credential Template. If you need a double-sided badge, make sure to select a Badge Template designed specifically for double-sided printing. Only those Badge Templates already defined from Velocity and associated with your Role are displayed in this list.
IDF	Select one of the available IDF options from this combo box. Options are: 0 - Badge Only 1 - Keypad 2 - Card 3 - Dual 4 - Card + Dual 5 - Keypad + Dual 6 - Keypad + Card 7 - Keypad/Card/Dual The default is 1 - Keypad.
Card	If you select any card option including 2 - Card, 3 - Dual, or any other Card + Code option from the IDF field, this section is activated.
Type	Select the type of card from the drop-down list. Select from these options: Std 26-Bit Wiegand Std 27-Bit Wiegand Std 28-Bit Wiegand Std 29-Bit Wiegand One-Field ABA Special 1 through 39 Passthru Octal passthru 200-bit FASCN 200-bit 37-Bit Wiegand hex 37-Bit Wiegand NP hex Octal to Hex The default is Std 26-Bit Wiegand.
Stamp #	This field is not used on a Credential Template.
Data	Type the data programmed in this card. This number is often the same as the hot stamp number (but not on Hirsch cards). If you are not enrolling this card through an Enrollment Station, and you know the data format of your cards you can enter it in this field by hand in order to generate a MATCH number.
MATCH	This field is not used on a Credential Template.

Activation/Expiration Date
Activate	The date and time when this credential becomes valid. At the date field, click to display a calendar. Select the month and day on which this card/code is activated. You can click the < and > buttons to go from month to month. The current time is automatically supplied. To change this, click in the time fields and enter new values as required.
Expire	The date and time when this credential becomes invalid. If the person possessing this credential attempts to use it after the expiration date, it will be denied. If you want to enable the use of an expiration date, do the following: To activate the expiration date field, check the ‘Expire’ option. Click the date field to display a calendar or click the button to the right. The Set Expiration Date dialog appears. Specify the date or UDF field you want to use as the expiring date. Click OK. The Credentials that are linked with the Credential Template will have the same expiry date as in the template, Setting a Credential Template’s expiration date to a future date will re-enable linked credentials that are currently disabled. See the pop-up warning shown below. Once the changes are made and clicking Apply Changes, you will get another pop-up alert box that shows the Credentials that will be overridden.
On Expiration	This field is activated when the 'Expire' checkbox is selected. Three options are available: Disable - click this radio button to indicate that the credential will be disabled on expiration. Delete From Controllers - click this radio button to indicate that the credential will be deleted from all controller databases. Disable And Unassign - click this radio button to indicate that the credential will be disabled and unassigned from the person at expiration. The credential can be reused by selecting it from the Unassigned Credentials within Enrollment, assigning it to a person, then reactivating it.
Code
Length	Use the picklist button to specify how many digits this code (PIN) can be. The range is 3 - 15 digits. The default is 4 digits.
PIN	This field is not used on a Credential Template.
Confirm	This field is not used on a Credential Template.
Duress Digit	Use the picklist button to specify a duress digit. The available duress digits are 1 - 9. The default is 0 indicating that no duress digit is required and the feature is disabled.
Save Changes	Click this button to save changes.
Cancel	Click this button to discard changes and exit this window.

The Function Tab of the Credential Template Properties dialog looks like this:

Functions
Function Category	From this drop-down list, select the function category for this credential. The categories include: Access Relay Alarm Password Special Function Group The fields below will change depending on the function category selected.
Function	From this drop-down list, select the function. The options will vary depending on the Function Category selected above.
Door Group	If you select Access or Password from the 'Function Category' drop-down list, this combo box appears. Select a Door Group from the list based on your Role permissions.
Controller	If you select Relay or Alarm from the ‘Function Category’ drop-down list, this combo box appears. Select the Controller that the specified Control Zone affects.
Control Zone	If you select Relay or Alarm from the 'Function Category' drop-down list, this combo box appears. Specify the Control Zone that specifies the relay(s) or input(s) and their behavior. Both Standard and Master Control Zones are included in this list.
Function Group	If you select Function Group from the ‘Function Category’ drop-down, this combo box appears. Select an existing Function Group from the list.
Special	Alarm Cancel: Cancel all alarms within the specified zone. When you select this function, the 'Door Group' combo box appears. Select the door group to which this function applies. The default is all doors, always. Watch Log: Logs code entry for tracking guards on their appointed rounds. When you select this function, the 'Door Group' combo box appears. Select the door group to which this function applies. The default is all doors, always. Time Log: Logs code entry for recording the arrival and departure times of time log code holders. When you select this function, the 'Door Group' combo box appears. Select the door group to which this function applies. The default is all doors, always. Deadman Timer: Starts a deadman timer at code/card entry. If the timer expires before the employee's next code/card entry, an alarm is recorded. When you select this function, three combo boxes appear: Controller, Control Zone, and Time(Sec). Indexed Command: If you select Indexed Command from the ‘Functions’ drop-down, this combo box appears which specifies several subfunctions. Manual Holiday Table (1 - 4) Manual UnHoliday Table (1 - 4) Forgive all Users Clear Code Tamper Count Users This Side Count Users Other Side Set Threat Level: If you select Set Threat Level from the ‘Functions’ dropdown, this combo box appears. Specify the Threat Level range from 0 - 99.
Save Changes	Click this button to save changes.
Cancel	Click this button to discard changes and exit this window.

The Limits page of the Credential Template Properties dialog looks like this:

Apply Credential Management Globally	Click this box to indicate that the credential management limits specified here are shared amongst all controllers connected to the same Xbox. Before this feature can be applied, you must first check the 'Enable Global Credential Management' box on the Setup page of the Controller Properties dialog for each affected Controller. For example, if a person using this credential exceeds the use limit at one door, that information is shared with all other controllers on the same Xbox. This makes it impossible for the credential to be used at another door even if it is controlled by a different controller.
Threat Authority	Use the spin control buttons to increase or decrease the threat level for this Credential Template.
Day/Use/Absentee Limits
No Limit	Click this radio button to indicate that there are no limits for this Credential Template. This is the default value for a Credential Template.
Day Limiting	Click this radio button to specify that this credential expires after a specified number of days. (A day is defined as running from midnight to midnight.) The 'Day/Use/Absentee Count' spin control field is activated. Specify the limit in the 'Day/Use/Absentee Count' field to the right.
Use Limiting	Click this radio button to specify that this Credential Template expires after a specified number of uses. The 'Day/Use/Absentee Count' spin control field is activated. Specify the limit in the 'Day/Use/Absentee Count' field to the right.
Absentee Limiting	Click this radio button to specify that this Credential Template expires after a specified number of recorded days absent (days this card and/or code were not used). The 'Day/Use/Absentee Count' spin control field is activated. Specify the limit in the 'Day/Use/Absentee Count' field to the right.
Day/Use/Absentee Count	Use the spin control buttons to increase or decrease the number of days, uses, or absences this Credential Template is allowed before it expires. The units specified here depend on the limiting radio button: if you select Day Limiting, the count is in days (1 - 255) if you select Use Limiting, the count is in uses (1 - 255) if you select Absentee Limiting, the count is in days absent (1 - 254)
2-Person Rule	This section specifies how the 2-Person rule is applied to this Credential Template. Doors are enabled for 2-Person Rule using the General page of the Door Properties dialog. Timers and time zone disable parameters are specified on the Passback page of the Controller Properties dialog.
Normal	Click this radio button to indicate that the normal 2-Person rule applies to this credential. This person can access a 2-Person Rule-enabled door with any other person possessing a Normal, A/B Rule "A", or A/B Rule "B" designation.
A/B Rule A	Two-Person "A/B" Rule. If one person has an A/B Rule "A" specified in the limits for their credential, they need to find someone with an A/B Rule "B" or a 'Normal' designation in order to unlock a 2-Person Rule-enabled door. This is particularly useful for supervisor/trainee access privileges.
A/B Rule B	Two-Person "A/B" Rule. If one person has an A/B Rule 'B' selected in the limits for their credential, they need to find someone with an A/B Rule "A" or a 'Normal' designation in order to unlock a 2-Person Rule-enabled door. This is particularly useful for supervisor/trainee access privileges.
Executive Override	Two-Person Executive Override. This allows the holder of this Credential Template to override the 2-Person Rule. It only takes this Credential Template to unlock the door, even if the door normally requires two people.
Save Changes	Click this button to save changes.
Cancel	Click this button to discard changes and exit this window.

The Options page of the Credential Template Properties dialog looks like this:

Actions
Tag	Check this box to indicate the credential is tagged. A tagged alarm will be generated at the host.
Alert	Check this box to indicate the Credential causes an alert.
Disable	Check this box to disable all credentials associated with this Credential Template.
Reader Control Groups	Select from this drop-down list to associate the appropriate Reader Control Group with a credential.
Passback
Executive Override	Click this box to designate that this Credential Template allows executive override.
Special Needs
Special Needs Access Time Extension	Click this box to designate that this Credential Template allows an unlock extension beyond the normal unlock interval for special needs, such as wheelchair access or large parcel delivery. Before this feature is enabled, you must first specify intervals in the 'Special Needs Time Extensions' section of the Controller Setup properties sheet.
Override Scramble Keypad Display	Click this box to designate that this credential allows Scramble Keypad Display override.
Current Issue Status
Current Issue Status	Enables an operator to document the current status of this credential. This is particularly helpful if the credential has been lost, destroyed, or stolen for some reason. Either enter an issue into this combo box, or select one of the status options from the drop-down list. The default issue list options include: Lost Stolen Destroyed This is an information field which does not disable the Credential Template. That is done by checking the Disable box in the Actions section.
Print Control
Enable Print Control	Check this box to enable print control. Print control is a feature that restricts the number of badges that can be printed using a credential based on this Credential Template. If this credential is not associated with a Badge Template, this section has no relevance. A qualified operator can enable Print Control globally using Enrollment Manager Preferences.
Attempts	A read-only field indicating the number of attempts that were made to print a badge based on this Credential Template. This count and the Confirmed count will be identical unless you check the Display print confirmation box.
Confirmed	A read-only field indicating the number of badges based on this Credential Template that were actually printed. This number cannot exceed the prescribed Max field. This count and the Attempts count will be identical unless you check the Display print confirmation box.
Max	Enter the maximum number of badges that can be printed for a badge based on this Credential Template. Velocity will not allow either the Attempts or Confirmed counts to exceed the value entered here unless the operator printing the badge is assigned to a role that allows overriding of print control. A qualified operator can specify a maximum value globally using Enrollment Manager Preferences.
Display print confirmation	Check this box to enable confirmation when a badge based on this Credential Template attempts to print. This means that whenever an operator prints a badge based on this credential, the system prompts the operator to indicate whether the badge is printed correctly. If the operator indicates that the badge did print properly, both the Attempts and Confirmed fields are incremented by one. If the operator indicates that the badge did not print properly, only the Attempts field is incremented. A qualified operator can enable this feature globally using Enrollment Manager Preferences.
Issue Control
Enable Issue Control	Check this box to enable issue control.
Count	This field is not relevant for a Credential Template.
Max	Enter the maximum number of times a credential based on this template can be issued. The system will not allow the Count field to exceed the value entered here.
Save Changes	Click this button to save changes.
Cancel	Click this button to discard changes and exit this window.

Door Group

Door Groups allow you to decide what door(s) (readers/keypads) and at what time people are allowed access.

Door Groups combine one or more doors and a time zone
Each door may be assigned the same or different individual time zone
Door Groups answer the questions When and Where. The When is the time zone, and the Where is the door(s).
Door Groups are highlighted in yellow and the Master Door Groups are highlighted in green. Searching or sorting will not alter the color scheme.

After you have defined and named all doors connected to a controller and created the required Time Zones (but before you add people/credentials), you should create Door Groups.

Adding a Door Group

In the Device Control tab, expand the Velocity Configuration tree to display the Door Group folder.

Click the Add Door Group button. The Add Door Group window displays.

In the Name field enter a name for this Door Group (up to 64 characters).
In the Time Zones field, either type to narrow the selection or use the drop-down menu to select a time zone from the list.
To specify individual Time Zones for individual doors;

Select the Time Zone
Select the Door/Reader
Click the Add button

An Operator can select multiple Controllers at one time and the associated doors will be listed on the right side. Once added the reader appears in the lower pane with its designated address, door name, and time one.

The select all/none checkbox allows you to automatically check or uncheck all options under its associated section or using the search field to type the controller, door, or reader name will narrow the selection. Please refer to the Search & Sort Arrows to know more about the Search function.

At the 'Display my network layout' checkbox, do one of the following:

Check the box to display a list of controllers (default)
Uncheck the box to display a list of all doors

When you uncheck the ‘Display my network layout’ a select all/none checkbox next to Address allows you to automatically check all doors or you can also manually check only the doors you need.

When the Tag checkbox is enabled, it automatically sends a Tag Alarm to the Alarm Viewer each time a credential associated with this Door Group is used, regardless of whether access was granted or denied.
When the Alert checkbox is enabled, an audible alert sounds at the door each time a credential associated with this Door Group is used, regardless of whether access was granted or denied.
When the Disable checkbox is enabled, it will disable ALL credentials associated with this Door Group.
To remove a reader from the current Door Group, select the door in the lower panel and click Remove. The selected door is removed from the bottom pane and is returned to the available doors pane.
Click Save Changes to add the Door Group or Cancel to dismiss your changes and exit.

Editing Door Group

To Edit a Door Group:

In the Device Control tab, expand the Velocity Configuration tree to display the Door Group folder.
Click the checkbox to select a door group then click the Action menu and select Edit or right-click on a row (not over the checkbox) and select Edit, the Edit Door Group window is displayed.

If you check to select more than one Door Group, the Edit & Rename options from the Action button or menu will be greyed out and only the Delete option is highlighted. This is because some actions are only available for single selections.

At this point you can either add more door/time zone combinations, edit an already added door/time zone combination or remove them.

You must select at least one or more doors before you can click the Edit or Remove buttons.

Select the door for which you want to edit the Time Zone and click Edit.

The Edit Time Zone windows displays.

Select the Time Zone from the drop-down you want to assign for the door and click OK for the changes to take place.
Click Save Changes to save the configuration.

Adding Master Door Group (MDG)

You can combine Door Groups into a Master Door Group in the same way as you create Master Time Zones from Standard Time Zones. Creating Master Door Groups enables qualified operators to group Door Groups from the various controllers and different locations.

To Add Master Door Group:

In the Device Control tab, expand the Velocity Configuration tree to display the Door Group folder.
Click the Add Master Door Group button. The Add Master Door Group window is displayed.
Enter a name for this Master Door Group in the ‘Name’ field (up to 64 characters).
All currently defined Door Groups are displayed in the 'Does not contain' pane.
If needed, check the Tag and/or Alert boxes to tag or alert this Master Door Group.
If required, check the Disable checkbox, it will disable ALL credentials associated with this Master Door Group.
In the 'Does not contain' panel, select one or more Door Groups then click the button.
All selected door groups are moved to the 'Contains' panel. To select all the Door Groups click the select/unselect all checkbox .

Click Save Changes when you are done or Cancel to discard changes and exit.

Network Global IO Configuration

Network Global IO refers to the mechanism where a set of controllers share credential zone access information and Global Control Zone data to implement Occupancy and Anti-Passback features as well as trigger Control Zone functionality across these controllers.

In older releases Global IO is limited to controllers on the same Port (RS-485 communication channel). Velocity Web Client v3.8.6 introduces SNIB3 based Networked Global IO (NGIO) that expands this concept to work over a set of controllers that are logically grouped by SNIB3s communicating over a TCP/IP Network.

Controllers participating in the Networked Global IO may include the controllers with networked SNIB3s as well as any downstream RS-485 connected controllers (connected via SNIB2 or SNIB3).

To enable individual controllers to participate in the Network Global IO Credential Management Group or Network Global IO Master Control Zone Group, the participating controllers must have their “Enable Global Credential Management” or “Enable Global Master Control Zone” options enabled within the Controllers Setup tab.

The following are terms/concepts that are used throughout this document.

Global IO Topic - The type of Global IO data the server will be publishing:
- Global Credential Management
- Global Master Control Zone
Global IO Server - A SNIB3 designated to publish a Global IO Topic to which SNIB3 clients subscribe to receive Global IO data. One physical SNIB3 can be configured to publish both Global Credential Management and Global Master Control Zone topics.
Global IO Client - SNIB3 client subscribes to the server to receive Global IO topic data from other SNIB3 clients and sends its locally generated GIO-related data to the Global IO server. Clients can publish/subscribe to both Global MCZ and/or Global Credential Management servers simultaneously.
Networked Global IO Group - The set of controllers, with external or built-in SNIB3 (i.e., Mx1), configured to communicate to the same Global IO Server for a given topic. One or more of the SNIB3s in the group may also have downstream RS-485 controllers (connected via SNIB2 or SNIB3) that can also participate in the group.
Global IO Package (GIO PKG) Firmware - With the launch of SNIB3 v4.0, all newly purchased SNIB3, and Mx1 shipped from the factory will have the Global IO Package (GIO PKG) firmware installed. However, users updating their existing SNIB3 firmware will have to manually download the GIO PKG to each SNIB3/MX1 that will be configured as a Networked GIO Server only.

This table describes each of the menu items and fields.

Action	Select or Right Click on a point so the Action menu activates and displays the actions that can be performed.
Name	Displays the name for this NGIO (up to 64 characters).
Search & Sort Arrows	Click the Link to know more about the Search & Sort Arrows functions.
Topic	Displays the defined Network Global IO as Credential Management or Master Control Zone.
Pagination	Click the link to know more about Pagination functions.

Add Network Global IO Credential Management Group

A Networked Global IO Credential Management Group is a Velocity abstraction that allows you to easily define and configure a SNIB3-based network topology for globalizing the Credential Management topic.

The group allows you to select which SNIB3 port will act as the Global IO server and which SNIB3 ports will be member clients. One or more of the SNIB3 ports in the group may also include downstream RS-485 controllers (connected via SNIB2 or SNIB3) that can also participate in the Global IO Group.

To add a Global IO SNIB3 as a server that member SNIB3s can subscribe to get global IO data:

In the Device Control tab, expand the Velocity Configuration tree to display the Network Global IO Configuration.
Click on Add Network Global IO Credential Management Group.

The Add Global Credential Management Group window is displayed.

Enter a name for this group in the Name field (up to 64 characters).
Click the Global IO Server drop-down and choose a SNIB3 port that you want to add as the Global IO server. The SNIB3 selected as the server is automatically added as a client to itself.
Use the right arrow button to select the SNIB3 ports displayed on the left side of the window panel that are available as eligible members to join the client members on the right side.
The right side of the pane is the list of SNIB3 member clients that are part of the Global IO Group. These member clients subscribe to the Global IO server to receive data from other member clients.

A SNIB3 client can be a member of ONLY ONE group for a given topic (Credential Management or Master Control Zone). However, you can add the same SNIB3 client for a Credential Management group server and one for a Master Control Zone group server.

Also, you should remember that when a SNIB3 is chosen to be a Server and is moved to the Client Members pane, it cannot be removed using the button, the reason being that the server is implicitly a client to itself. Later, if you choose a different server, then the existing server will become a client and it can be removed.
Click Save Changes to save the Global IO Credential Management Group and it appears in the Network Global IO Configuration window.

Add Network Global IO Master Control Zone Group

To add a Global IO SNIB3 as a server that member SNIB3s can subscribe to get global IO data:

In the Device Control tab, expand the Velocity Configuration tree to display the Network Global IO Configuration.
Click on Add Network Global IO Master Control Zone Group.
The Add Global IO Master Control Zone Group window is displayed.

Enter a name for this group in the Name field (up to 64 characters).
Click the Global IO Server drop-down and choose a SNIB3 port that you want to add as the Global IO Server. The SNIB3 selected as the server is automatically added as a client to itself.
Use the right arrow button to select the SNIB3 ports displayed on the left side of the window pane that are available as eligible members to join the client members on the right side.
The right side of the pane is the list of SNIB3 member clients that are part of the Global IO Group. These member clients subscribe to the Global IO Server to receive data from other member clients.

A SNIB3 client can be a member of ONLY ONE group for a given topic (Credential Management or Master Control Zone). However, you can add the same SNIB3 client for a Credential Management Group server and one for a Master Control Zone Group server.

Also, you should remember that when a SNIB3 is chosen to be a Server and is moved to the Client Members pane, it cannot be removed using thebutton, the reason being that the server is implicitly a client to itself. Later, if you choose a different server, then the existing server will become a client and it can be removed.
Click Save Changes to save the Global IO Master Control Zone Group and it appears in the Network Global IO Configuration window.

Reader Control Group (RCG)

Reader Control Groups enable a credential to achieve different actions when presented to different readers.

RCG allows the same credential, at different readers, to do different things
RCG allows 16 Control Zones (one for each reader in a panel) to be defined per credential that can be triggered or otherwise used by the credential in addition to the credential's assigned (access or control) function

For example, a visitor is attempting to leave a facility, the reader relay is triggered to activate a gate, an expansion relay is triggered to activate a drop box for the visitor card, and a third relay is triggered to activate a large LED in a different location.

This can be accomplished by defining a RCG for use by a visitor credential that specifies which specific readers (e.g., exit reader for main visitor entrance) will activate a drop box for visitor badges.

Action	Select or Right Click on a RCG so the Action menu activates and displays the actions that can be performed.
Pagination	Click the link to know more about Pagination functions.
Search & Sort	Click the Link to know more about the Search & Sort Arrows functions.
Name	Indicates name of this Reader Control Group (up to 64 characters).
Control Zone	Lists all available Control Zone for the selected controller. Select the one to be triggered when a credential is granted at the specified reader(s). Standard Control Zones (SCZ1 - SCZ191) are available. Master Control Zones (192 - 255) consists of a combination of Standard Control Zones and each capable of performing different access and control functions simultaneously.
System Tree Panel	When ‘Display my network layout’ is checked (default) this view shows available controllers. In this view, the Available Reader Pane shows readers belonging to the selected controller.
Available Readers Panel	All currently available readers (for either the selected controller or for the entire system) appear in this pane. The available readers for the entire system appear in this pane if the 'Display my network layout' box is unchecked.
Select All	Click the checkbox to select/unselect all the doors displayed in the available Readers pane.
Add	Click this button to include all readers checked in the Available readers pane as members of this reader group. All readers added here are moved to the bottom pane.
Display my network layout	Uncheck this box to change the view to display all available readers in the system. Check one or more of these doors as needed to include them in the current door group then click Add.
Selected Readers Panel	All readers selected from the Available Readers panel (checked and added) appear in this pane.
Remove	Click this button after selecting a reader in the Selected Readers panel, to remove a reader from this Reader Control Group and return it to the Available Readers pane.
Edit	Click this button after selecting a reader in the Selected Readers panel, to change its control zone.
Save Changes	Click the Save button to save to configuration.
Cancel	Click this button to discard changes made.

Adding Reader Control Group

In the Device Control tab, expand the Velocity Configuration tree to display the Reader Control Group folder.
Click the Add New Reader Control Group button. The Add Reader Control Group window is displayed.
Enter a name for this Reader Control Group in the 'Name' text field (up to 64 characters).
In the 'Control Zone' drop-down, select a control zone that will trigger if access (or control) is granted.
At the 'Display my network layout' box, do one of these:
- Check the box to display a list of controllers and associated readers
- Uncheck the box to display a list of all readers in the system
Click to select the controller. All associated available readers appear on the right side.
Check the box of each reader you want included in this Reader Control Group.
To associate more than one control zone with the readers in this group, you can select only those readers using a specific control zone, then assign a control zone to those selections, and then add them to the group. After this is done, go back and select the next control zone and select the readers for which this zone is appropriate.
Click Add. The selected readers appear in the bottom panel with their designated address, reader name, and control zone.

When you are finished, click Save Changes.

Holiday

Velocity Web Client can define up to 365 days per holiday (366 for a leap year) with up to four schedules per Holiday.

These holidays can then be included in the definition of Time Zones.

A Holiday is a day or group of days defined as holidays for this system. You can assign one or more holiday schedules to a standard time zone.

You can only define holidays for the current year and the following year. For example, you could define holidays for 2023 and 2024, but not 2025. In addition, you must specify the year for each holiday defined, whether it is a recurring holiday or not. For example, you cannot simply define 'New Years' and expect it to be observed every year; you must define 'New Years 2022'.

If holidays are included in the time zone for a person's Door Group (by selecting the cell that intersects the STZ row with the H column), access will be authorized when the system's calendar detects a scheduled holiday date.

If a holiday schedule is not authorized, the specific Door Group denies access for each designated holiday date.

Adding a Holiday

To define a holiday:

In the Device Control tab, expand the Velocity Configuration tree.
Select the Holidays folder.

All currently defined Holidays will be listed along with the Add Holiday button.

Notice that the defined holidays are shown with their holiday schedules marked to the right.

Please refer to Search & Sort Arrows to know more about the button functionalities.

Click the Add Holiday button. The Add Holiday window appears as shown below.

In the 'Name' field, type a name for this holiday (up to 32 characters).

We recommend you include the year in the name, for example, Christmas 2021.

The default Holiday display is a quarterly view. You can switch to a monthly view by clicking on the Monthly view button. The current day of the month will be highlighted in red.

In the 'Date' section, do one of these:

Click on the day you want to define as a holiday. To select a range of days, click on a start date, (+ Shift), click on the end date. All days selected will change to a dark shade. Click a selected shaded day to deselect it; in this way, you can select a non-contiguous series of days. To go backward or forward a month or quarter, click the or button to the left or right side of the month.
Click on the or button at the upper left or upper right corner of the calendar to move between months that contain selected dates. For example: we have selected 17 - 19 May and 11 - 15 October from 2021, you can go directly to the next selected date you already have, saving clicks to get there.

In the 'Holiday Schedules' section, check one or more of the holiday schedules.
Click Save Changes when finished.

Checked holiday schedules are included in a time zone only if the ‘H’ cell is also checked on the Standard Time Zone Properties page. If the ‘H’ cell is not checked, then holidays will not be considered.

Time Zones

Time Zones are one of the most basic units of a system. Each Time Zone contains:

Name
Start Time (where 00:00 = midnight)
End Time (where 24:00 = midnight)
Days of week (1 - 7 days + H)
Holiday schedules (1 - 4 schedules)

There are three types of Time Zones you can define:

The week starts on Monday and ends on Sunday. The week can include a holiday.

Time periods defined by the starting and ending time can be set to a full 24-hours or any limited set of hours. Each STZ also includes up to seven days-of-the-week during which access (or some other activity) is granted for the specified hours-of-the-day. STZs can include holidays.

If holidays are included in a time zone, access is authorized for all people assigned a Door Group with the specific STZ whenever the system's calendar detects a scheduled Holiday date.
If Holidays are not included in a Time Zone, persons with that STZ are denied access whenever the system detects a scheduled Holiday for the entire day
If you check the H day cell for a specified Time Zone and indicate one or more schedules, the Time Zone is active (door unlocked) even during the Holidays included in the selected schedule.
If you do not check the ‘H’ cell for that Time Zone, then the Time Zone is inactive during selected holidays (door locked).

In addition, there are Master Time Zones (MTZ) and Grand Master Time Zones (GMTZ) which support the grouping of Standard and Master Time Zones for flexibility.

Master Time Zones are used when:

A Time Zone must extend past midnight
Multiple start/end times occur on a single day
Different start/end times occur on different days

Grand Master Time Zones (GMTZs) are compilations of Standard and Master Time Zones and are used when a large or irregular block of time must be specified.

Adding Standard Time Zones (STZ)

In the Device Control tab, expand the Velocity Configuration tree to display the Time Zones folder.

The In-Use square shaded in Yellow refers to the Time Zones that are assigned and used by a function within the system like a Door Group or a Door. The Not referenced by any controller square shaded in Orange refers to the Time Zones that are not being used or assigned to any functions like a Door Group or door. The two grey Time Zones (<Always> and <Never>) are the default system Time Zones and cannot be modified.

Click the Add Standard Time Zones button. The Add Standard Time Zones window appears.

The STZ window contains the following fields:

Name	Type a descriptive name for the STZ, such as 'Standard Work Week' or 'Shift 2' (up to 50 characters).
Start	The beginning time for this Time Zone. To set the start time: Click the 'Start' field. The time you enter is based on a 24-hour clock in which 00:00 is midnight.
End	The ending time for this Time Zone. To set the end time: Click the 'End' field. The time you enter is based on a 24-hour clock in which 24:00 is midnight. End time cannot be less than the Start time.
M T W T F S S	Days of the week for which this STZ's time interval applies. Check each day that applies for this Time Zone. A check mark appears.
H	If you check ‘H’, it means the Time Zone is in effect during selected holiday schedules. If you do NOT check ‘H’, it means the Time Zone is in effect EXCEPT during selected holiday schedules.
1 2 3 4	The holiday schedules that apply to this STZ. If you checked ‘H’, the STZ is in effect even during the holiday schedules you check in these columns. If you do not check ‘H’, the STZ is in effect except during the select holiday schedules. You can assign one or more holiday schedules to each STZ.
Save Changes	Button allows you to save changes and exit.
Cancel	Button allows you to discard changes and exit.

Adding Master Time Zones (MTZ)

In the Device Control tab, expand the Velocity Configuration tree to display the Time Zones folder.
Click the Add Master Time Zones button. The Add Master Time Zones window appears.

The MTZ contains the following fields:

Name	Type a descriptive name for the MTZ, such as 'Standard Work Week' or 'Shift 2' (up to 50 characters).
Standard Time Zones	The STZs during which this MTZ is in effect. To select STZs for this MTZ: Click in the first available row and select the STZ from the list. Select more STZs as required for this MTZ by selecting a different row.
Save Changes	Button allows you to save changes and exit.
Cancel	Click this button to discard changes and exit this window.

Adding Grand Master Time Zones (GMTZ)

In the Device Control tab, expand the Velocity Configuration tree to display the Time Zones folder.
Click the Add Grand Master Time Zones button. The Add Grand Master Time Zones window appears.

The GMTZ contains the following fields:

Name	Type a descriptive name for the GMTZ, such as 'Standard Work Week' or 'Shift 2' (up to 50 characters).
Master/Standard Time Zones	The STZs and MTZs during which this GMTZ is in effect. To select STZs or MTZs for this GMTZ: Click in the first available row and select the STZ or MTZ from the list. Select more STZ or MTZs as required for this GMTZ by selecting a different row.
Save Changes	Button allows you to save changes and exit.
Cancel	Button allows you to discard changes and exit.

Operators

Operators are the people who logon to the Web Client. Like credential holders, operators must have card and/or code access to some portions of the secured facility. In addition, operators have access to all or part of the Web Client. This requires that the operator be provided with a Roles, allowing them to use at least a portion of Web Client functions.

For administrative operations such as Add, Edit, or Delete Operators, the service account will need a certain set of permissions to carry out the task successfully. An important note here is that the Web Service Itself on the Server should have some permissions enabled; if not, an "Elevated Permissions Required" prompt will come up asking the Operator for an account that has Active Directory and SQL permissions if the service account does not have enough privileges. A prompt will appear asking for the required elevated credentials, see below.

You need to ask your IT or Administrator for an account with the Windows permissions mentioned below to continue.

The Windows account provided should have the following permissions:

Local and Active Directory accounts permissions:

Read permissions for searching user accounts
Read permissions for getting user properties (specifically password settings)
Write permissions to create a new user
Read permissions to read user account information
Read permissions to read user account information
Write permissions to remove user membership from local or domain group

As a recommendation, it would be ideal that your IT personnel establish a gMSA (Group Managed Service Account) with this password that can be managed by Windows, since having a manually managed service account, the following must be established:

Password does not change (or it would be subject to password rotation policy)
Deny Interactive Login (via Group Policy)
Log On as a Service (via Group Policy)

Review these requirements with your IT personnel.

There are occasions when an operator may need to be restricted immediately from using any Web Client. To Lock Down an operator, please follow the steps below:

Only operators who are members of the Administrator Role can view and access the Operators folder to perform these functions, for all other operators, the folder is hidden. Regular Operators can handle their own Two-Factor features.

In the Device Control tab, expand the Velocity Configuration folder.

Click the Operators folder. All currently defined operators appear on the right side window.
Select (one or more) or Right-click on the Operator you want to Lock Down.
From the Action button or right-click menu, select LockDown.
A pop-up confirmation box with one or more operator names will appear, asking you to confirm your action.

Click Yes to Lock Down the operator(s).

The operator is now Locked Down and will not be able to access the Web Client.

To Enable a Locked Down operator, please follow the steps below:

Repeat Steps 1 - 2 of the above instructions.
Select (one or more) or Right-click on the Locked Down Operator and click Enable from the Action Button or right-click menu. A popup confirmation box will appear with one or more operator names, asking you to confirm your action.

Click Yes to Enable the operator(s).

Add New Operator

Click the Add New Operator button.
Add New Operator window will be displayed as below:

Two-factor tab will be available only when a trusted certificate is installed on the server; otherwise, this button will not be available. If you wish to have Two-factor capabilities, please refer to the Installation process documentation for more information.

General
User Name	Name of the Operator.
Full Name	Enter the full name of the Operator (up to 64 Characters)
Description	Type a brief description of the Operator's duties or title.
Windows Credential	Password: Type the new password for this operator. Confirm Password: Retype the new password. The 'Password' and 'Confirm Password' entries must match. User cannot change password: Check this box to indicate that this operator cannot change password. Password never expires: Check this box to indicate that the operator's password never expires. Account is disabled: Check this box to indicate that the current operator account is disabled. + Find: Click this button to display the Users dialog box and find the user you want to add. This list will populate depending on your Windows Configuration. Look to determine the user account. User Name, you can directly enter the User name of the account. Exclude existing users, click this checkbox to hide the existing user accounts.
Restricted by Shift	Check this box to indicate that this operator's activity on the Web Client is restricted to certain times. In the given fields, specify the Shift Start and Shift End. By default, the box is unchecked.
Auto lock workstation after	Check this box to indicate that the Web Client locks up the workstation after a designated number of minutes have elapsed. You can either enter the value directly or use the spin button to assign the values. By default, it is unchecked.
Disable operator after	This feature will disable inactive accounts after a period of time which is determined by the organization. This option is set individually for each operator, enabling you to specify the period of inactivity that is allowed for the assigned roles. By default, the value is 0.
Acknowledge alarms up to level	Indicate the priority level of events this operator is allowed to view. The range is 1 - 99 with the default 99 (the highest).
Roles	A role is a list of tasks and features that are available to operators who are assigned that role. Member of: This pane includes a list of all roles of which this operator is a member. Not a Member of: This pane includes a list of all currently-defined roles of which this operator is not a member. Use to remove the roles from members of pane. Use to add the roles to the members of pane.
Two-factor
Status	Active: This determines the Two-factor authentication is enabled and active. Bypass: By clicking this allows the operator to bypass the Two-factor authentication and login with credentials only. Add Key: By clicking this button, the FIDO Security key can be added to the Operator. Please refer to the Two-Factor Authentication. Once the key is successfully added, it will be listed in the below section as shown. Once the Security Key is selected, the action button will be enabled and allow you to Rename or Delete the Key.
Save Changes	Click this button to save changes.
Cancel	Click this button to discard changes and exit this window.

Two Factor Authentication

To use Two-factor Authentication, a Trusted certificate must be installed on the server or client machines purchased from the Certificate Authority. If not, the Enforce key checkbox will be grayed out and will not let the user enable the feature. Once the Enforce key is enabled, click Save Changes and log out from the web client.

Setting up a FIDO key involves several steps to ensure its security and functionality.

Once the prerequisites are in place, all users can add FIDO keys to themselves, but only Administrators will need to be able to Enforce the Two-factor feature for all system operators in Settings → Security Settings → Enforce Two-factor Authentication (IDENTIV uTrust FIDO2).

This setting will put in place the registered of a FIDO key to all Operators the next time they log in to the system

Below are the detailed steps to set up a FIDO key:

In the login screen click the login button.
A Two-factor Authentication screen will pop-up. Click Add Key for Authentication.
Choose Security Key from the choices.
Insert the FIDO key into your computer's USB port and click OK to continue the Security Key setup.
The system will read the make and model of your Security key, Click OK.
Enter the PIN for the Security Key and Click OK.
Once it flashes an orange light, touch the biometric in the Security Key.

Now, the Passkey is saved in the system. Click OK
Enter the name you prefer to use for this key for future reference.
Now click login, and it will show a screen, as shown below. The Operator should touch the FIDO key connected to the system. It will verify and login to the Web Client.

Velocity Web Services Client (VWSC) User’s Guide v3.8.6

Overview

End User License Agreement (EULA)

System Use Notification

Menu Settings

Enrollment Tab

Person Information

Person Groups

Search in this group

Advanced Search

Find Credential

Search Results table

Add Credential

General Tab in Credential Properties

Set Expiration Date

Functions Tab in Credential Properties

Limits Tab in Credential Properties

Options Tab in Credential Properties

Person Groups

Adding People to Person Groups

Credentials

Preview Badge and Print Badge

PIV Enrollment

Installing the Velocity Web PIV Reader Software

Update Via Smart Card

Unassigned and Guest Credentials

Assigning Guest Credential to a Person

Alarm Viewer Tab

Viewing Alarm Instructions

Acknowledging Alarms

Clearing Alarms from Acknowledged Alarms

Operator Notes

Event Viewer Tab

Event Types

Suspend scrolling of Events

Custom Filters

Configure Custom Filters

Configure Column Headers

Device Control Tab

Pagination

Action Buttons

Search and Sort Arrows

Velocity Configuration

Adding Command Set

Editing Command Set

Credential Templates

Door Group

Adding a Door Group

Editing Door Group

Adding Master Door Group (MDG)

Network Global IO Configuration

Add Network Global IO Credential Management Group

Add Network Global IO Master Control Zone Group

Reader Control Group (RCG)

Adding Reader Control Group

Holiday

Adding a Holiday

Time Zones

Adding Standard Time Zones (STZ)

Adding Master Time Zones (MTZ)

Adding Grand Master Time Zones (GMTZ)

Operators

Add New Operator

Two Factor Authentication