Skip to main content

 

Eptura Knowledge Center

OnGuard Configuration

The Proxyclick OnGuard integration has the following prerequisites:

If you’re running OnGuard 7.5 versions that are below version 7.5.375.12, access level assignment will not work unless running as a System Admin user. A patch is available via OnGuard tech support.

OnGuard "getting started" guides on how to set up your OpenAccess server are available from LenelS2.

  • Networking

    • The Proxyclick access control client reaches out to Proxyclick servers via port 443. For more information on networking please refer to the 'Deployment Requirements' section of the Access Control Overview.
    • The access control API listens on port 8080 by default but depending on your setup this can change. Please confirm the correct port number with your access control administrator.
    • The access control client needs to be able to reach the API.
  • Purchase the part code

    Please purchase the following part code from LenelS2 via your VAR, costings will vary based on the number of readers on the system: IPC-052-PXYCL01

  • Ensure OpenAccess is set up

    1. Make sure OnGuard OpenAccess is enabled and accessible from the machine the Proxyclick client will be installed on.
    2. OpenAccess is generally set up using port 8080, and this will need to be opened in the firewall of the machine itself, as well as any intermediate firewalls between OpenAccess and the Proxyclick client.
    3. Check that OpenAccess is running and accessible by us, you can easily verify this by accessing the OpenAccess Swagger interface, found at: https://example.com:8080/api/access/onguard/openaccess/swagger If this URL isn’t accessible and you’ve followed all steps within the documentation provided by LenelS2, please contact LenelS2 tech support for assistance.

The website will look like this:

clipboard_ebe557d89e389f067f3d7afe84d90f260.png

  • Ensure the board refresh rate is set to instant

    OnGuard refreshes data to its control boards by default once per minute. For speedy actions (adding a visitor waiting in front of a turnstile) this could cause issues as the combined delay could become 1 minute 20 seconds (if Proxyclick takes 20 seconds). There's an option to bypass this (named "Failed RPC table" in OnGuard), but this has consequences for busy systems as well. Please get in touch with OnGuard technical support for more information on the best setup for your environment.

    A note from the OnGuard documentation:

    There's a flag you can set up in the OnGuard System that will write all hardware updates directly to the FailedRPC table. These records will be handled by communications server(s). You can also set up the OnGuard System to send updates directly to communication servers and not through the FailedRPC table. This should reduce any delay to hardware when adding cardholders and/or visitors.

    OpenAccess writes updates to the FailedRPC table by default. In order to send out updates to communication servers directly and not through FailedRPC you would add the following two lines to c:\Windows\ACS.INI

    [RPCCom]

    APIDirectToFailedRPC=0

    Note: The more requests the Communication Server receives to send updates, the more processing will be required by the Communication server. Therefore, depending on the environment (how many visitors are added simultaneously for example) you may still experience performance issues even when bypassing the FailedRPC table.

  • Badge configuration - for QR-based access

Set maximum active badges

Select "Administration" then "General Cardholder Options"

Set "Maximum active badges per cardholder" to 10.

The Eptura Visitor integration can add multiple cards per cardholder (minimum 1 card per meeting).

Set up the badge type

Create a badge type named “Proxyclick QR code” - without the quotes. This name must be exact and is case-sensitive.

Class = Visitor

Set Badge ID allocation

Badge ID allocation needs to be set to "Manual Entry".

Set up ID ranges

Make sure to set an ID range for Proxyclick to generate tokens in. We need a defined range that only Proxyclick cards will be created in.

You will need the share the token range with the Access Control team at Proxyclick as we will then only generate tokens within this range. See here ("Token/card-number range") for more details.

 

  • Configure the card format - for QR-based access

    Set up a card format with the details in the table below. As these details can change slightly depending on your exact settings, please confirm this with your local setup as specified in the QR documentation.

    The QR setup section of our Access Control Overview specifies a simple test for you to ensure your system is configured to read it correctly.

 

Card Format

Name Proxyclick QR Code
Type     Wiegand
Facility Code     0
Badge Offset Number     0
Asset Format     No (unchecked)
Reversed Bit Order     No (unchecked)
Duress Format     No (unchecked)
Total Number of Bits On Card     42 (can change depending on reader setup)
Facility Code (starting/number bits)     0/0
Card Number (starting/number bits)     9/32
Extended Id (starting/number bits)    0/0
Issue Code (starting/number bits)     0/0
ILS-Specific Fields     None (all 0/0)
Number of Even Parity Bits     0
Number of Odd Parity Bits     0
Special     Step Parity Check by Two Bits

 

 

  • Using Physical Credentials - RFID Cards/Fobs

    Our Access Card Manager allows physical credentials to be assigned to a visitor via the Proxyclick dashboard. To configure this, we will need to know the Badge Type configured for your RFID readers. See Access Card Manager.

    Note: QR code setup steps (configure the Badge and Card Format) must be completed to enable the use of physical credentials.

  • Set up a system admin user

    For the Proxyclick integration to work we need a user to be able to log into the OpenAccess service. This user doesn’t need to be linked to any Directory accounts and can simply be an Internal account. The user doesn’t need any monitor zones, area access manager levels but will need the System Admin, Cardholder admin, Monitor admin, full report access and view/edit all field permissions.

    We recommend using a long, strong password and to not communicate this with anyone over email but simply use these account details when connecting the Proxyclick client software to OnGuard.

    If you want events, make sure to set the Proxyclick admin user to have viewing permissions on the reports.