Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Current »

Introduction

KABA Exos 9300 is an access authorization solution from dormakaba, which offers various locking solutions. KABA Exos 9300 basically manages users and their access permissions. There are many different types of these permissions, but here we limit ourselves only to the currently implemented type "Profile".

We use the REST interface to perform actions on the KABA Exos 9300 system.

Set up target system

Target system attribute

Description

Example value

Kaba Exos base URL

Specification of the base URL of the Exos API interface, incl. schema, domain and path.

https://ncvms-doorlock.netcloud.ch/ExosApi/api/v1.0

Kaba Exos login URL

Specification of the base URL for the Login Exos API interface, which issues a token for authentication.

https://ncvms-doorlock.netcloud.ch/ExosApiLogin/api/v1.0

Kaba Exos login username

Username to be used for login

KabaApi

Kaba Exos login password

Password to be used for login

Netcloud.008

Kaba Exos api key

The API Key is used together with the solved token for authentication. Is given by the KABA system

MyApiKey

Disable SSL handshake

Checkbox → if selected, the SSL certificate check is skipped, e.g. if no valid certificate is available. Should be avoided in principle

Checkbox, selected or not

Kaba Exos Set up user provisioning configuration

Attribut

Comments

CoreOne Anzeigenamen

Internal display name for the CoreOne Suite, is not provisioned

First name

First name of the Kaba Exos user

Last name

Last name of the Kaba Exos user

Personalnumber

Is alphanumeric, so does not necessarily have to be a number. For Netcloud, for example, this is mapped with the 3-digit employee abbreviation

Badge Name

Is only required if a badge is available on the core identity, e.g. as an asset. If a name is entered here, the badge is assigned to the user in Kaba Exos.

Kaba Exos Access right resource (profile)

Currently, the access right (profile in the Kaba system) has been implemented only for use as a linked resource.

In concrete terms, this means that you can simply create a new resource type from the system resource type "Access right" for a Kaba Exos target system. After this step, it is already possible to enter linked resources in CoreOne Suite.

Error messages / Possible error sources

All REST queries throw a detailed error message in case of an error, which is written to our log.

  • Access rights can only be assigned to or taken away from a person if they have not yet been assigned or taken away in the Kaba system, otherwise this will throw an error message

    • The simplest solution here is to manually set the assignment status on the database

    • This can of course also be solved accordingly on the Kaba system

  • A from-to date can be set for an access right in the Kaba system. This must not be the case in the current implementation!

    • All from-to data fields must be removed from the access rights in Kaba

Identity types

The following identity types are supported:

AD Object

Description

User

User object

Contact

Contact object

 

Identity functions

The following identity functions are supported:

Function (task feature)

Supported

create/delete identities

provisioning identities 

update identities          

provisioning identity updates   

deprovision identities  

cleanup of inactive identities active

-

check password changed active

-

Resources functions

The following resource functions are supported:

Function (task feature)

Supported

create/delete resources

provision resources     

update resources         

provisioning resource changes 

deprovisioning resources         

provisioning resource allocations         

deprovisioning resource allocations     

provisioning resources-resource allocations     

-

Deprovisioning resource resource allocations   

-

 

Cleanup functions

The following cleanup functions are supported:

Function (task feature)

Supported

In the should-actual Log available    

Should be - Actually is - cleanup

-

Read back account properties

-

Resource identity member target system clean up

-

Resource resource member target system clean up

-

  • No labels