Configuration guidelines for managing OSS Standard Offline locks - To encode cards with OSS Standard Offline configurations, first, create offline doors and access rules. Then, configure the Door IDs, Site IDs, and Group IDs to encode access rights on the cards. Start by familiarizing yourself with the restrictions and recommendations for configuring these entities in Security Center.

Configuration guidelines for managing OSS Standard Offline locks - To encode cards with OSS Standard Offline configurations, first, create offline doors and access rules. Then, configure the Door IDs, Site IDs, and Group IDs to encode access rights on the cards. Start by familiarizing yourself with the restrictions and recommendations for configuring these entities in Security Center. - Security Center 5.13

Security Center Administrator Guide 5.13

Product

Security Center

Content type

Guides > Administrator guides

Version

5.13

ft:locale

en-US

Last updated

2025-04-16

To encode cards with OSS Standard Offline configurations, first, create offline doors and access rules. Then, configure the Door IDs, Site IDs, and Group IDs to encode access rights on the cards. Start by familiarizing yourself with the restrictions and recommendations for configuring these entities in Security Center.

About offline doors

An offline door is a door entity governed by offline locks instead of access control units. Ensure that each offline door is uniquely identified by its combination of Door ID and Site ID.

Door ID

Identifies a door within a site. Different doors can share the same Door ID as long as they don’t belong to the same site.

Example: Each site includes three different door entities, but Door IDs 2 and 3 are used in both sites:

Site 1 includes Door IDs 1, 2, and 3
Site 2 includes Door IDs 2, 3, and 4

Site ID

Identifies the site that an OSS Standard Offline configuration corresponds to. Each Site ID must correspond to a configuration with a different Application ID.

Tip: To help you visualize which doors are part of a site, use area entities to represent the sites in Security Center.

In the MIFARE DESFire context, a site represents a set of doors linked to a configuration that Security Center uses to give access to cardholders.
In a real-world context, a site could represent a floor of a building, a whole building, or a geographically distinct location.
Example: A multi-site company can use a different Site ID to identify each city where it has offices. A school with two campuses can use a different Site ID to identify each campus.
Cardholders with cards encoded with a specific OSS Standard Offline configuration should only be granted access to doors that correspond to the matching Site ID.

About OSS custom fields

After creating an OSS Standard Offline configuration for the first time, custom fields are automatically created in Security Center for access rules and credentials. These custom fields, along with the Door ID and Site ID of offline doors, enable the encoding of appropriate access rights on cards. They also facilitate the linking of correct entities to events.

The following custom fields are created:

Access rule custom field

Group ID: Identifies a group of doors. Encoding access rights using the Group ID instead of individual doors saves space on the card. In this scenario, only the Group ID is encoded to grant access to multiple doors.
If the access rule applies to a door, the Door ID is encoded when the Group ID is 0. If the access rule applies to an area, the doors of that area are encoded as a list of corresponding Door IDs. This happens when the Group ID is 0. When the Group ID is above 0, the Group ID is encoded, regardless of the entity that the access rule applies to.

NOTE: Setting a Group ID to 0 is useful if you want to grant a cardholder access to only one door. If you do this, don’t assign the cardholder other access rules that have Group IDs above 0 granting access to the same door. Otherwise, access to the Group IDs above 0 is ignored.

Credential custom fields

The following custom fields are read only:

Blacklisted: Indicates whether or not the card is blocklisted.
Last badge update: Indicates the last date and time that the card was updated at a reader.
OSS Standard Offline: Indicates whether or not the card is encoded with an OSS Standard Offline configuration.

NOTE: Ensure that any non-administrator users who need to configure the custom fields are added to the Security section of the custom fields.

Offline locks in the field are mapped to offline doors in Security Center through Door IDs, Site IDs, and Group IDs. Using the configuration tools provided by the lock manufacturer, you must configure a Door ID, a Site ID, and optionally, one or more Group IDs for each lock. You can then create offline doors and access rules in Security Center and map them to the locks through the corresponding Door ID, Site ID, and Group ID.

NOTE: If you accidentally delete the custom fields, the custom fields are recreated automatically after you edit and save an OSS Standard Offline configuration. However, they are recreated with the default values, so you must reconfigure everything. For example, if the OSS Standard Offline credential custom field is deleted, all the OSS Standard Offline credentials become regular credentials.

Restrictions for access rules and schedules

OSS Standard Offline has specific restrictions that you must keep in mind when configuring access rules and schedules in Security Center. Encoding a card with the OSS Standard Offline configuration fails if these restrictions aren’t followed:

Each schedule must contain at least one time period, and the Date coverage must be set to Weekly.
Each schedule must be linked to permanent access rules in Security Center. The access rules must be applied to the doors and cardholders that use the offline locks.
Access rules must be configured to grant access to cardholders when the schedule is active. Access is denied when no schedule is active.
To grant a cardholder access at all times, assign them an access rule with the Always schedule or a weekly schedule with 24/7 coverage. You can’t assign them the All open rule access rule.
Up to 15 schedules can be applied through access rules to doors that are accessible by OSS Standard Offline cards.
Best Practice: Schedules in Security Center aren’t represented one-to-one in OSS, rather, the restriction is linked to the size of the configuration. The more complex the schedule is, the more space it takes up on the card. Keep the configuration of your access rules and schedules simple to make keeping track of where they are used manageable.
Each schedule can contain up to four Day IDs and can’t have the same day in more than one Day ID. The Day ID defines the days or groups of days in a week.
Example:
- Day ID 1: Monday
- Day ID 2: Tuesday, Wednesday, Thursday, Friday
- Day ID 3: Saturday, Sunday
Each Day ID can contain up to four time periods. Time periods represent time slots in a day and they can’t overlap.
Example: The following counts as two time periods:
- 07:00 to 12:00
- 14:00 to 18:00