Introduction
KABA Exos 9300 is an access authorization solution from dormakaba, which offers various locking solutions. KABA Exos 9300 basically manages users and their access permissions. There are many different types of these permissions, but here we limit ourselves only to the currently implemented type "Profile".
We use the REST interface to perform actions on the KABA Exos 9300 system.
Set up target system
Target system attribute | Description | Example value |
|---|---|---|
Kaba Exos base URL | Specification of the base URL of the Exos API interface, incl. schema, domain and path. | https://ncvms-doorlock.netcloud.ch/ExosApi/api/v1.0 |
Kaba Exos login URL | Specification of the base URL for the Login Exos API interface, which issues a token for authentication. | https://ncvms-doorlock.netcloud.ch/ExosApiLogin/api/v1.0 |
Kaba Exos login username | Username to be used for login | KabaApi |
Kaba Exos login password | Password to be used for login | Netcloud.008 |
Kaba Exos api key | The API Key is used together with the solved token for authentication. Is given by the KABA system | MyApiKey |
Disable SSL handshake | Checkbox → if selected, the SSL certificate check is skipped, e.g. if no valid certificate is available. Should be avoided in principle | Checkbox, selected or not |
Kaba Exos Set up user provisioning configuration
Attribut | Comments |
|---|---|
CoreOne Anzeigenamen | Internal display name for the CoreOne Suite, is not provisioned |
First name | First name of the Kaba Exos user |
Last name | Last name of the Kaba Exos user |
Personalnumber | Is alphanumeric, so does not necessarily have to be a number. For Netcloud, for example, this is mapped with the 3-digit employee abbreviation |
Badge Name | Is only required if a badge is available on the core identity, e.g. as an asset. If a name is entered here, the badge is assigned to the user in Kaba Exos. |
Kaba Exos Access right resource (profile)
Currently, the access right (profile in the Kaba system) has been implemented only for use as a linked resource.
In concrete terms, this means that you can simply create a new resource type from the system resource type "Access right" for a Kaba Exos target system. After this step, it is already possible to enter linked resources in CoreOne Suite.
Error messages / Possible error sources
All REST queries throw a detailed error message in case of an error, which is written to our log.
Access rights can only be assigned to or taken away from a person if they have not yet been assigned or taken away in the Kaba system, otherwise this will throw an error message
The simplest solution here is to manually set the assignment status on the database
This can of course also be solved accordingly on the Kaba system
A from-to date can be set for an access right in the Kaba system. This must not be the case in the current implementation!
All from-to data fields must be removed from the access rights in Kaba
Identity types
The following identity types are supported:
AD Object | Description |
|---|---|
User | User object |
Contact | Contact object |
Identity
...
features
The following identity functions are supported:
Function (Task feature)System Connector task features | Supported |
createCreate / delete identities |
|
provisioning Provisioning identities |
|
update Update identities |
|
provisioning Provisioning identity updates |
|
deprovision Deprovision identities |
|
cleanup Cleanup of inactive identities activeactive | - |
check Check password changed active | - |
Resources
...
features
The following resource functions are supported:
Function (task feature)System Connector task features | Supported |
createCreate/delete resources |
|
provision Provision resources |
|
update Update resources |
|
provisioning Provisioning resource changes |
|
deprovisioning Deprovisioning resources |
|
provisioning Provisioning resource allocations |
|
deprovisioning Deprovisioning resource allocations |
|
provisioning Provisioning resources-resource allocations | - |
Deprovisioning resource resource allocations | - |
Cleanup
...
features
The following cleanup functions are supported:
Function (task feature)System Connector task features | Supported |
Is available in the expected/actual comparison log |
|
Clean up expected/actual In the should-actual Log available | ✅ |
Should be - Actually is - cleanup | - |
Read back user account properties | - |
Resource identity assignments Target system cleanup member target system clean up | - |
Resource - resource assignments Target system cleanup member target system clean up | - |