Configuration guidelines for managing OSS Standard Offline locks - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-09-13

Before encoding cards with OSS Standard Offline configurations, you must configure doors and access rules, and then configure their custom fields. Learn about the restrictions and recommendations for configuring these entities in Security Center.

About OSS custom fields

After creating an OSS Standard Offline configuration for the first time, custom fields are automatically created in Config Tool. These custom fields allow the proper access rights to be encoded on cards, and to link the correct entities to events.
NOTE: Ensure that any non-administrator users that must configure the custom fields are added to the Security section of the custom fields.

Mapping door entities to physical door wiring in Security Center is not required in the context of OSS, since the locks are offline. The locks are mapped to doors entities in Security Center through Door IDs and Group IDs. Using the configuration tools provided by the lock manufacturer, you must configure a Door ID and, optionally, one or more Group IDs for each lock. You can then create door entities in Security Center and map them to the locks through the corresponding Door ID and Group ID custom fields.

NOTE: If you accidentally delete the custom fields, the custom fields are recreated automatically after you edit and save an OSS Standard Offline configuration. However, they are recreated with the default values, so you must reconfigure everything. For example, if the OSS Standard Offline credential custom field is deleted, all the OSS Standard Offline credentials become regular credentials.
The following custom fields are created:
Access rule custom field
Group ID
Identifies a group of doors. Encoding access rights using the Group ID instead of individual doors saves space on the card. In this scenario, only the Group ID is encoded to grant access to multiple doors.

If the access rule applies to a door, the Door ID is encoded when the Group ID is 0. If the access rule applies to an area, the doors of that area are encoded as a list of corresponding Door IDs when the Group ID is 0. When the Group ID is above 0, the Group ID is encoded, regardless of the entity that the access rule applies to.

NOTE: Setting a Group ID to 0 is useful if you want to grant a cardholder access to only one door. If you do this, do not assign the cardholder other access rules that have Group IDs above 0 granting access to the same door. Otherwise, access to the Group IDs above 0 is ignored.
Door custom fields
Door ID
Identifies a door. Each door per site must have a unique Door ID. Multiple doors can share the same Door ID, as long as the doors aren’t part of the same site. Door IDs must be greater than 0, otherwise card encoding fails.
Example: Each site includes three different door entities, but Door IDs 2 and 3 are used in both sites:
  • Site 1 includes Door IDs 1, 2, and 3
  • Site 2 includes Door IDs 2, 3, and 4
Site ID
Identifies the site that an OSS Standard Offline configuration corresponds to. Each Site ID must correspond to a configuration with a different Application ID.
Tip: To help you visualize which doors are part of a site, use area entities to represent the sites in Security Center.
  • In the MIFARE DESFire context, a site represents a set of doors linked to a configuration that Security Center uses to give access to cardholders.
  • In a real-world context, a site could represent a floor of a building, a whole building, or a geographically distinct location.
    Example: A multi-site company can use a different Site ID to identify each city where it has offices. A school with two campuses can use a different Site ID to identify each campus.
  • All cardholders with a card encoded with the same configuration should only have access to doors with the same Site ID.
Credential custom fields
The following custom fields are read only:
Blacklisted
Indicates whether or not the card is blacklisted.
Last badge update
Indicates the last date and time that the card was updated at a reader.
OSS Standard Offline
Indicates whether or not the card is encoded with an OSS Standard Offline configuration.

Restrictions for access rules and schedules

OSS Standard Offline has specific restrictions that you must keep in mind when configuring access rules and schedules in Security Center. Encoding a card with the OSS Standard Offline configuration fails if these restrictions aren’t followed:
  • Each schedule must contain at least one time period, and the Date coverage must be set to Weekly.
  • Each schedule must be linked to permanent access rules in Security Center. The access rules must be applied to the doors and cardholders that use the offline locks.
  • Access rules must be configured to grant access to cardholders when the schedule is active. Access is denied when no schedule is active.
  • To grant a cardholder access at all times, assign them an access rule with the Always schedule or a weekly schedule with 24/7 coverage. You can’t assign them the All open rule access rule.
  • Up to 15 schedules can be applied through access rules to doors that are accessible by OSS Standard Offline cards.
    Best Practice: Schedules in Security Center aren’t represented one-to-one in OSS, rather, the restriction is linked to the size of the configuration. The more complex the schedule is, the more space it takes up on the card. Keep the configuration of your access rules and schedules simple to make keeping track of where they are used manageable.
  • Each schedule can contain up to four Day IDs and can’t have the same day in more than one Day ID. The Day ID defines the days or groups of days in a week.
    Example:
    • Day ID 1: Monday
    • Day ID 2: Tuesday, Wednesday, Thursday, Friday
    • Day ID 3: Saturday, Sunday
  • Each Day ID can contain up to four time periods. Time periods represent time slots in a day and they can’t overlap.
    Example: The following counts as two time periods:
    • 07:00 to 12:00
    • 14:00 to 18:00