MicroStrategy ONE
Integrating Lenel® OnGuard® with MicroStrategy Identity
You can let users unlock physical resources, such as locked doors or offices, using the MicroStrategy Badge app on their smartphone. To provide access to locations that are secured with Lenel OnGuard, you integrate your OnGuard system with MicroStrategy Identity.
You integrate Lenel OnGuard with MicroStrategy Identity through a Windows-based web service that communicates to the OnGuard physical access control system server using DataConduIT. The web service that performs this role is called the adapter.
You can also secure the adapter by completing an optional step that ensures that only the MicroStrategy Identity Server communicates with the adapter. This process is included in the steps below.
When OnGuard successfully connects to MicroStrategy Identity, each physical access point secured by OnGuard is loaded into the server as a digital key. To control which users have permission to unlock each physical access point, you must manage user permissions in Lenel OnGuard. You can customize how keys are displayed to users in their MicroStrategy Badge app. For examples and steps to customize keys, see Managing physical access keys.
After installing the adapter, you can check that it is installed correctly, configure advanced settings, verify that the adapter is running, and perform other troubleshooting tasks. For steps, see the following:
- Verifying that the Lenel Adapter Installation is Correct
- Optimizing the Lenel Adapter for MicroStrategy Identity
- Diagnosing the Lenel Adapter Health
- Refreshing the Lenel Adapter Cache
- Viewing and Analyzing the Lenel Adapter Logs
To create the Lenel OnGuard adapter, the server that hosts the adapter must meet the following requirements:
- Windows Server® 2008 R2 operating system or later (64-bit).
- Microsoft Internet Information Services (IIS) version 7.0 or later.
- Microsoft .NET Framework version 4.0 (64-bit) or later.
- OnGuard server 2010 or later is installed and is licensed and configured for remote DataConduIT.
- If the server hosting your OnGuard adapter has Microsoft Windows Server 2012 and Microsoft IIS 8.5 or later, enable the HTTP Activation feature for Windows Communication Foundation (WCF) so the adapter operates properly with MicroStrategy Identity.
Select the following features in Microsoft Server Manager for IIS:- .NET Framework 4.5 Features
- WCF Services
- HTTP Activation
You must install a 32-bit MySQL ODBC driver. Supported versions:
- 5.3
- 5.2
- 5.1
- 3.51
You must create a MySQL 5.5 or later database space with a 32-bit ANSI system DSN pointing to it. The MySQL database is used by the adapter to log adapter activity and errors.
Create a DSN that connects to a MySQL database prior to installation.
Gather the following information:
- The name of the machine hosting Lenel OnGuard.
- Four Windows user accounts that have administrator access, via DataConduIT, to the Lenel OnGuard server. These accounts are used to create parallel connections between the Lenel OnGuard server and the Lenel adapter, to improve performance. For instructions to configure these accounts, see Configuring Administrator Accounts for the Lenel® OnGuard® Server.
- The cardholder field used to look up identified OnGuard users. This field can be email, employee ID, or Social Security number. This field is from the Lenel
Lnl_Cardholder
table. - Connection information to the MySQL database space that you created for the adapter log.
If users were added to your Identity Network by entering their information manually or by importing a comma-separated values (CSV) file, you must meet the following requirements:
- You must have a MicroStrategy Cloud implementation.
- The field in your Lenel OnGuard system that is used to look up identified OnGuard users must correspond to a field in the user's MicroStrategy Identity profile. For steps to add users to your network and provide information for user profile fields, see Adding Users Manually or Adding Users from a CSV File.
To Enable Physical Access with MicroStrategy Identity to Locations Secured by Lenel OnGuard
- Log into MicroStrategy Identity Manager:
- Navigate to the Identity Manager home page.
- On your smartphone, open the MicroStrategy Badge app and scan the displayed QR code.
- Click Physical Gateways.
- Under Building Access, click the Lenel icon . The Configure Lenel Physical Access System page opens.
- Click Download MicroStrategy Identity Adapter for Lenel. The
UsherAdapterforLenel.zip
file is downloaded. - Unzip the
.zip
file. The file contains a SQL script that you run to create the adapter log database and the installation file for the adapter. - Use a MySQL client to connect to the MySQL database space you prepared, as described in the , and execute the
Lenel_log.sql
script file that is included in the.zip
file. - To install the adapter, on the machine hosting the Lenel OnGuard adapter, open and run the
UsherAdapterLenel.msi
installation file. - Review the information on the Welcome screen, then click Next.
- In the OnGuard Host Name (or IP address) field, type the name or IP address of the machine hosting Lenel OnGuard, as described in the .
- In the User Name and Password fields, type Windows user account names and passwords for four users that have administrator access, via DataConduIT, to the Lenel OnGuard server, as described in the .
-
In the User Mapping field, type the cardholder field to use to look up identified OnGuard users. This field can be email, employee ID, or Social Security number (
ssno
, the default), as described in the .
To enable your Lenel adapter to stream data to a Kafka server:
- Kafka event streaming: Select Yes.
- OnGuard segmentation: Select Yes.
- Kafka cluster: Enter the IP address and port number you wish to use for the Kafka server that will store the data from your Lenel adapter.
- Click Next and proceed to Step 17.
- Click Next.
-
In the Database server that you are installing to field, type the IP address of the server running the MySQL database. Alternatively, to locate the server, click Browse. From the list of available servers, select the one hosting the MySQL database space, then click OK.
If you are using a port number other than 3306, after the IP address, type a comma and then the port number, with no spaces. For example,10.11.12.13,3308
. - Select the Server authentication using the Login ID and password below option, then type the Login ID and Password used to connect to the MySQL database.
- In the Name of the database catalog field, type
Lenel_log
. - Click Next.
- Click Install. The adapter is installed. Click Finish to close the wizard.
- Return to MicroStrategy Identity Manager, then click Next.
- Enter the following information:
- Configuration Name (required): A descriptive name for this connection to the Lenel OnGuard system. This is the name that displays in MicroStrategy Identity Manager.
- Adapter Server URL (required): URL of the Lenel OnGuard adapter server, such as
http://IPaddress:port
,http://hostname:port
, orhttps://hostname:port
. - Adapter Service Path (required): Path of the Lenel OnGuard adapter.
- User ID Mapping (required): The field to use to look up identified Lenel OnGuard users.
If the users in your network are added manually or by importing a comma-separated values (CSV) file, type the Identity profile field that contains information used to look up identified OnGuard users, as described in the . Select from the following fields:- If OnGuard users are identified by their first name, type
first_name
. - If OnGuard users are identified by their last name, type
last_name
. - If OnGuard users are identified by their email address, type
email
. - If OnGuard users are identified by their title, type
title
. - If OnGuard users are identified by an alternate value that you provided when you added users to your Identity Network, type
user_name
.
- If OnGuard users are identified by their first name, type
- SSL Bypass: By default, communication is encrypted with secure sockets layer (SSL). To use plain, unencrypted communication between the adapter and Identity, type
true
.
- Click Refresh. When successfully connected to the adapter, a green check mark is displayed.
- Click Next. The keys in your Lenel OnGuard system are loaded into the Identity Server.
- To secure the adapter by verifying that the adapter communicates with the Identity Server, you can create a certificate for Identity Server. To do this, click Support to contact MicroStrategy and request help creating a certificate.
- Click Done.
You can now customize how keys are displayed to users in the MicroStrategy Badge app. For steps, see Managing Physical Access Keys.
Related Topics
Creating a MicroStrategy Identity Network and Issuing an Administrator Badge
Distributing Badges to Users in Your MicroStrategy Identity Network