Access Manager configuration tabs - You configure the settings of the Access Manager role from the Roles and units view of the Access control task in Security Center Config Tool.

Access Manager configuration tabs - You configure the settings of the Access Manager role from the Roles and units view of the Access control task in Security Center Config Tool. - Security Center 5.13

Security Center Administrator Guide 5.13

Product

Security Center

Content type

Guides > Administrator guides

Version

5.13

ft:locale

en-US

Last updated

2025-04-16

You configure the settings of the Access Manager role from the Roles and units view of the Access control task in Security Center Config Tool.

Access Manager - Properties tab

Click the Properties tab to configure the general settings of the Access Manager.

Keep events

Specify how long you want to keep the events in the Access Manager database before deleting them. The access control events are used for reporting and maintenance purposes (they include events related to doors, elevators, areas, and other access control entities).

Indefinitely: Keep the events until you manually delete them.
For: Select the number of days for the retention period.

CAUTION:

When using the SQL Server 2014 Express database engine, it's important to note that the database size is limited to 10 GB. This database engine is included with the Security Center installation files. A door event uses on average 200 bytes in the database. If you configure the Access Manager to keep door events indefinitely, the database eventually reaches the 10 GB limit and the engine stops.

Activate peer-to-peer

Select this option to enable the communication between Synergis™ units managed by this Access Manager. For two units to be connected as peers, they must be part of the same peer group. You can enable peer-to-peer after creating at least one peer group with at least two units. Up to 15 units can belong to the same group, supporting a maximum of 512 outputs and 128 inputs in I/O linking configurations.

NOTE: If your Access Manager is hosted in the cloud, you must configure the Fully Qualified Hostname in the Cloud Agent Portal. For more information, see "Configuring access control units for peer-to-peer communication" in the Security Center SaaS Edition (Classic) Deployment Guide.

Best Practice: Only enable peer-to-peer communication if you plan to create I/O zones involving multiple Synergis units. Also enable it to apply antipassback to areas controlled by multiple Synergis units. Otherwise, leave this option off for better system security and performance.

Activate global antipassback

(Peer-to-peer must be enabled) Select this option if you need to apply antipassback to areas controlled by multiple Synergis units.

Best Practice: If a single unit controls all your antipassback areas, don’t enable global antipassback. Enabling global antipassback increases the communication between Synergis units.

Include identifiable personal data in synchronization

(Synergis™ IX only) Select this option to synchronize cardholder names with the Synergis units. If this option is cleared (default), only credentials are synchronized, excluding cardholder personal data. Enable this option if you have devices capable of displaying cardholder names and you want them to be visible.

Minimal cardholder synchronization

Select this option to minimize the number of cardholders the Access Manager needs to synchronize with its units. This option is only recommended for large systems and requires following specific design guidelines. It’s disabled by default.

Manage offline doors

Select this option if the Access Manager is responsible for managing offline doors. Enabling this option allows:

The Access Manager to send offline door configurations and blocklists to Synergis units.
OSS events to be stored in the Access Manager database when badges are updated.

Enabling this option is the first step in supporting the OSS Standard Offline in your system. You also need to create an OSS Standard Offline configuration and configure readers to update OSS Standard Offline cards. For more information, see About managing OSS Standard Offline locks.

Unit discovery

Select this option to allow the Access Manager to use DHCP to automatically update the IP addresses of its Synergis units.

NOTE: This option is typically disabled by default, to avoid possible security threats. Enabling the option can negatively impact your security score.

Assign NTP server

Enable this option and enter an NTP server in the Address field to configure the NTP server for all the access control units under this Access Manager role. This setting overrides the NTP server configured in the units' portals. To override this setting for a specific unit, configure a different NTP server from the unit's Properties page.

NOTE: The following minimum firmware versions are required, depending on your access control units:

Synergis™ Softwire 11.4.0
Synergis™ Cloud Link 2.1.0
Cloud Link Roadrunner™ 2.1.0

Access Manager - Extensions tab

Click the Extensions tab to configure the manufacturer-specific connection parameters shared by access control units that are controlled by this Access Manager.

Synergis™: Extension for all Synergis units. This extension requires at least one discovery port. For more information, see Adding access control unit extensions.
HID VertX: Extension for all HID units, including the legacy VertX models (V1000 and V2000), the VertX EVO, and the Edge EVO controllers. For the complete list of supported controller units and firmware, see the Security Center Release Notes.

Access Manager - Resources tab

Click the Resources tab to configure the servers and database assigned to this role.

Servers: Servers hosting this role. All must have access to the role database.

Database status

Current status of the database.

Database server

Name of the SQL Server service. The value (local)\SQLEXPRESS corresponds to Microsoft SQL Server Express Edition installed by default with Security Center Server. Ensure that the SQL Server version is compatible with Security Center software requirements. For more information, see Security Center 5.13 software requirements .

Database

Name of the database instance.

Actions

You can perform the following functions on the role database:

Create a database (): Create a new database with the option to overwrite the existing one.
Delete the database (): Delete the database.
Database info (): Show the database information.
Notifications (): Set up notifications for when the database space is running low.
Resolve conflicts (): Resolve conflicts caused by imported entities.
Backup/Restore (): Back up or restore the database.

Authentication

Specifies which SQL Server authentication is to be used:

Windows: (Default) Use Windows authentication when the role server and the database server are on the same domain.
SQL Server: Use SQL Server authentication when the role server and the database server are not on the same domain. You must specify a username and password in this case.

Database security

Security options for communication between the role and its database server.

Encrypt connections: (Default) Uses Transport Layer Security (TLS) protocol for all transactions between the role and the database server. This option prevents eavesdropping and requires no setup on your part.
Validate certificate: Authenticates the database server before opening a connection. This is the most secure communication method and prevents manipulator-in-the-middle attacks. The Encrypt connections option must first be enabled.
NOTE: You must deploy a valid identity certificate on the database server. A valid certificate is signed by a certificate authority (CA) that is trusted by all servers hosting the role and that is not expired.