ACS Synchronization

Figure 4.9. ACS Sync

ACS Sync


An option for LiftOff Mobile™-licensed buildings is to have user floor group membership and enrollment status synchronized from an access control system. Thus, if the building is also licensed for Access Control Sync™, an ACS Users tab will be displayed. This tab provides visbility into the accesss control system data that has been synchronized from the building's ACS to Commander. The interface allows those with Administrator and/or Approver roles to:

ACS Sync Process

When an ACS sync executes, the synchronization queries the access control system for the following data elements:

  • ACS Unique ID

  • First Name

  • Last Name

  • Email Address

  • Access Groups

This data is then used by LiftOff to enroll users in a LiftOff Mobile™-licensed building, unenroll inactive users from the building, and enroll the users in the appropriate floor access and call groups.

There are two synchronizes that are configured when an ACS Synchronization is enabled at a building:

  • Fast Sync

  • Full Sync

The Fast Sync occurs within a matter of a minute or two (or faster) when a change is made to a profile in the access control system. The speed with which the synchronization occurs is dependent upon the access control system technology used. Generally, modifying a person's access control system record should result in the Last Sync attriubute being updated in the ACS Users panel within a matter of a minute or two.

The Full Sync occurs on a scheduled execution basis, usually once per night. The full synchronization will query all relevant (see below) access control records and ensure the cloud is up-to-date with the latest variants. This provides an automatic recovery mechanism should a service disruption cause a Fast Sync to fail.

In either sync scenario, access control records must have a valid email address for the record to participate in the synchronization. Upon the first synchronization, LiftOff will email the user a six character alpha-numeric (all upper case letters) Email Code, directing the user to enter the code into the mobile application. Once performed, the user's LiftOff account is "linked" to the access control record for the building. The user's LiftOff profile is automatically enrolled and the user is automatically placed into the appropriate floor access and call groups based upon the access groups indicated by the ACS. Subsequent synchronizations will similarly automatically enroll/unenroll the user and manage group membership. A "link" icon will appear both in the Enrolled Users panel as well as the ACS Users panel. Hovering over the "link" icon on the ACS Users panel will show the date and time the user entered the Email Code into the application.

If the user ignores the Email Code message, or if the email address is incorrect in the access control system, the access control record remains unlinked, and the user will not be able to access destinations they would otherwise be able to access unless manually granted access by an Administrator or Approver at the building. After a configurable wait time Email Frequency (default is one day), LiftOff will send a follow-up email asking the user to enter the code. LiftOff will continue to do so until Max Attempts (see Settings) has been exhausted. The default number of attempts is 5.

The Administrator or Approver in a building can send an Email Code invitation to an access control system user manully by tapping on the Email icon associated with their ACS record. The email defaults to the email address as indiciated by the access control system, but a dfferent email address can be specified. When using the Email button to manually send an email, the system ignores the Settings values that restrict the frequency and maximum number of attempts and will always send an email. Manually sending an email also increments the number of attempts. Exampe: if three had been sent automatically by the system, and a one is sent manually by an administrator, and the maximum number of attempts is 5, then only one more automatic email will be sent.

Floor Access and Call Group Management

Once an access control system record is linked by the user entering the Email Code, either at the time they install the application, or by tapping on Settings and the Do you have an email code? link, membership in matching floor access and call groups is automatically managed by the synchronization. Users will be removed from any group not indicated by the synchronization. The ACS Users panel, for each record synchronized from the access control system, will display a link, which, when tapped, will display the groups sourced from the ACS and whether or not a matching Floor Access Group or Call Group exists in LiftOff:

Figure 4.10. ACS Groups

ACS Groups


[Note]Note

The synchronization does not automatically create the corresponding floor access group and/or call groups in LiftOff Commander for a variety of reasons, including the technical limitations imposed by most access control systems. Therefore, the matching group must be created by the Administrator and/or Approver. Once created, access control-linked users will instantaneously be placed into the group(s).

Floor Access Groups may also be created in-bulk by tapping on the Bulk Add button at the upper-right of the external users table. The following dialog is then presented:

Figure 4.11. ACS Sync

ACS Sync


The listing shows those access groups that have been surfaced from the access control system and whether or not a corresponding access group has been created. If a corresponding group has not yet been created, ticking the checkbox next to the group or tapping the Select All control followed by clicking the Create command button will result in the automatic creation of the group. Linked users will instantaneously be put into the group. After the groups are created, authorized destinations must still be indicated by the Administrator by editing the Floor Access Group accordingly.

Off-boarding

A linked user is automatically unenrolled from a building and removed from all floor access and call groups if the access control system indicates that the profile is no longer active. If a new identity is issued in the access control system, or if the old profile is re-activated, the user will have to re-enter a new Email Code into the mobile application, which will automatically be sent upon the next synchronization.

For additional details on the configurable settings which govern the behavior of the synchronization, see ACS Sync Settings section of the Settings chapter.