Access Control Module Guide - Grosvenor Technology · No part of this document may be reproduced in...

Release 3.0

Access Control Module Guide

November 2016

Sateon Release 3.0 2 Issue 0.1 Access Control Module Guide November 2016

Sateon Release 3.0

Access Control Module Guide

Issue 0.1, released November 2016

Disclaimer

Copyright © 2016, Grosvenor Technology. All rights reserved.

SATEON and the SATEON logo are trademarks or registered trademarks of Grosvenor Technology. All other brands, names, or trademarks appearing in this document are acknowledged as the trademarks of their respective owners.

No part of this document may be reproduced in any form or by any means for any purpose without the written permission of Grosvenor Technology.

Whilst we make every effort to ensure the accuracy of our publications, Grosvenor Technology assumes no responsibility or liability for any errors or inaccuracies that may appear in this document.

www.grosvenortechnology.com

http://www.grosvenortechnology.com/


Contents

Preface ............................................................................................................................. 5 About Sateon ....................................................................................................................................5 About this guide ...............................................................................................................................5 Related documents ...........................................................................................................................6 Technical support .............................................................................................................................6

Introduction ..................................................................................................................... 7 About the Access Control module ....................................................................................................8 About access management ..............................................................................................................9

Defining the areas/buildings that a person can access ......................................................... 10 Restricting the times that personnel can access an area/building ........................................ 11

About system security ................................................................................................................... 11

Setting up essential access control data ........................................................................... 12 Setting up a reader group .............................................................................................................. 13 Setting up time patterns and schedules ........................................................................................ 14

About time patterns and schedules ....................................................................................... 14 Importing a calendar file into a time pattern ........................................................................ 18 Combining time patterns into schedules ............................................................................... 19 Example of setting up a time schedule .................................................................................. 20

Setting up a system mode ............................................................................................................. 22 Standard modes ..................................................................................................................... 22 Creating a new mode ............................................................................................................. 23 Activating a mode .................................................................................................................. 24

Setting up and assigning access ........................................................................................ 25 Setting up a new access group ...................................................................................................... 26 Setting up a new access set ........................................................................................................... 27 Granting access to a person .......................................................................................................... 28

Granting access via the Access Group page ........................................................................... 29 Granting access via the Personnel page ................................................................................ 34


Managing secured areas .................................................................................................. 36 About areas.................................................................................................................................... 37 Creating a new area ....................................................................................................................... 37

Managing the system hardware ....................................................................................... 41 About the system hardware .......................................................................................................... 42 Setting up sites and comms engines ............................................................................................. 43

Setting up a site ..................................................................................................................... 43 Setting up a comms engine .................................................................................................... 44

Setting up controllers and connections ......................................................................................... 45 Setting up a controller ........................................................................................................... 45 Setting up a field network and port ....................................................................................... 47

Setting up doors and readers ........................................................................................................ 49 Setting up a door.................................................................................................................... 49 Setting up a reader ................................................................................................................ 52

Setting up inputs and outputs ....................................................................................................... 57 Setting up an input ................................................................................................................. 57 Setting up an input group ...................................................................................................... 59 Setting up an output .............................................................................................................. 60 Setting up an output group .................................................................................................... 61

Configuring automatic actions....................................................................................................... 62 Setting up an automated action ............................................................................................ 62 Setting up a reader-triggered action ..................................................................................... 64

Hardware defaults ........................................................................................................... 66 Controller hardware defaults ................................................................................................ 66 Door hardware defaults ......................................................................................................... 67 Reader hardware defaults ..................................................................................................... 67 Input hardware defaults ........................................................................................................ 68 Output hardware defaults ..................................................................................................... 68

Reader types and formats ................................................................................................ 69

Door unlocking using keypad ........................................................................................... 71 Setting up Sateon data .................................................................................................................. 72

Creating a new token type ..................................................................................................... 72 Editing the reader details ....................................................................................................... 72 Creating and issuing tokens ................................................................................................... 73


Preface

This document provides information on the Access Control module of Sateon, which enables you to configure the system hardware and set up the essential data of your access control system.

This version of the document relates to Sateon Release 3.0.

Date of latest update: November 2016.

About Sateon Sateon Advance is a powerful yet easy-to-use browser-based access control system that allows users to manage and monitor physical access to sites. It integrates access control, alarm and incident monitoring, visitor management and reporting facilities.

Based around a set of SQL databases, it allows system managers and security staff in any location to set up, view and monitor data about personnel, access cards/tokens, the system hardware, access permissions and reported events.

Sateon is installed on a central server, and can then be accessed from any location via a browser-based interface.

About this guide This document describes how to set up data in the access control module of Sateon Advance, including details of access permissions, time patterns, areas and system hardware.

Note: This document is primarily intended for users of the Expert mode, who have access to all features of Sateon. Users of the Quick mode will see a simplified interface and will not have access to all the features described here

It includes the following information:

• Section 1 – Introduction. This section provides an overview of the access control module and its capabilities.


• Section 2 – Setting up essential access control data. This section details the data that needs to be set up before you can grant access to individuals: access groups (and access sets if you use them), reader groups, and system modes.

• Section 3 – Setting up and assigning access. This section includes details of setting up access permissions and assigning access to people.

• Section 4 – Managing secured areas. This section provides details of setting up specific physical locations and monitoring and controlling the number of people in areas.

• Section 5 – Managing the system hardware. This section explains how to set up the hardware elements of the access control system, including configuring controllers, readers, inputs and outputs.

Note: Representations of screens in this document are shown for general illustration only. There may be some differences in the screens you see, depending on the operating system and the computer configuration.

Related documents The following documents, available from Grosvenor Technology, may also be useful:

• The Sateon Personnel Module Guide. Explains how to set up the people who will use the system and the tokens they use to gain access to the site.

• The Sateon Control Centre Guide. Explains the Sateon Control Centre, which allows security staff to view and monitor events, to deal with reported incidents and to manage or control specific elements of the system.

• The Sateon System Administration Guide. Explains how to configure a number of functions for system management and administration.

There are also a number of guides to optional features of Sateon including interfaces to third-party systems such as fire panels and CCTV systems.

Technical support For further assistance with Sateon Advance, please contact Grosvenor Technology Technical Support as follows:

Email (EMEA): [email protected]

Telephone: +44 (0)1279 838000

Website: www.grosvenortechnology.com


Section 1

Introduction

This section provides a general introduction to the Access Control module of Sateon.

• For overview information, see About the Access Control module on page 8.

• General information about defining access is given in About access management on page 9.

• Important notes on security of the system are described in About system security on page 11.


About the Access Control module The Access Control module of Sateon Advance is used to control, monitor and restrict the movement of people in, out and around your site. It allows you to:

• Set up, view or edit information about the physical elements of the system (doors, readers, controllers, and so on) and the connections between them.

• Set up and manage the access permissions that are used to define where people, as groups or individuals, are allowed to go.

• Set up the time schedules that define the dates and times that access can be controlled.

• Set up secure areas, which provides a means of monitoring and controlling the number of people in specific physical locations.

• Set up and manage interfaces to external systems such as alarm panels and CCTV systems.

To access these features, choose the Access Control option from the module buttons that appear at the top of the page.

A page with the following options is displayed:

The options on this page are as follows:

• Device Management. This option allows you to set up and configure the physical elements in your system, including controllers, readers and doors. This normally set up by an installer or engineer when the system is first installed and configured. For details, see Managing the system hardware on page 41.

• Action/Group Management. This option allows you to set up the building blocks of your access control system: groups, actions, time patterns and schedules and system modes. For details, see Setting up essential access control data on page 12.

Note: The Action/Group Management option also allows the set up of Destination elements. These are used primarily for the integration of elevator systems: for details, see the documentation describing the specific integration.


• Access Management. This option allows you to set up the access permissions that are used to define access to specific readers at particular times. Each access permission is a unique combination of a reader group, a time schedule and a system mode. For details, see Setting up and assigning access on page 25.

• Area Management. This option allows you to set up and view defined areas and the restrictions that apply to them. Areas can be used to report the number of people in an area, to detect unoccupied areas, to prevent passback violations, and so on. For details, see Managing secured areas on page 36.

Note: Depending on your licence and Sateon permissions, additional items may be present on this page, related to the set-up and management of optional features.

About access management Fundamentally, access management is about defining which personnel can access certain buildings, areas or parts of a building. This is achieved by setting up access permissions, which define groups of readers that permit the same access, and assigning them to personnel.

Each reader on the system belongs to a reader group, normally given the name of the area to which the reader controls access (such as Accounts, Maintenance, Directors’ Offices). Personnel are then associated with a specific reader group which will allow them access to each of the readers within that group.

Note the following terms:

• A reader group is a group of one or more readers that manage specific access. Reader groups are normally given the name of the area to which the readers control access: for example, Warehouse or Accounts.

• An access permission is a single reader group associated with a single time schedule and a system mode. For example, “Car Park – Weekends – Normal Mode”.

• An access group is a group of one or more access permissions and can be assigned to any person on the system.

For example, a single access group could contain the following access permissions:

• Car Park – Weekends - Normal

• External Doors – Weekends - Normal

• Works Office – Weekends - Normal

Several access groups can be linked together as access sets – these are optional but if you have a complicated system to set up they may be helpful.

In order to set up access rights you must first create the constituent parts: reader groups, time schedules and system modes. You can view and set up this information by choosing the Action/Group Management option from the main Access Control page:


You can then set up the access groups. You can view and set up this information by choosing the Access Management option on the main Access Control page:

Defining the areas/buildings that a person can access Defining the access that a particular person is permitted involves several steps. You need to do the following:

• Create reader groups for readers that will control access to areas with different requirements. For example, you may have a group of readers called External Doors for the main doors to the building, another called Office for all normal internal doors and a third for Secure Area which will be restricted to just a few people. See Setting up a reader group on page 13.

• Create time schedules that define times that personnel can gain access through doors. For example, you could have a time schedule called Office Hours which permits access between 8:00 and 18:00 Monday to Friday, and another one called 24 hr Weekends which permits access at any time on Saturday and Sunday and would be restricted to security staff. See Setting up time patterns and schedules on page 14.

• Create system modes that define the situations in which personnel can gain access. For example, you could have a General Access mode for normal use and an Emergency mode that would apply if an alarm was activated. See Setting up a system mode on page 22.


• Create access groups which categorise the access you want. Each access group can be assigned to any person on the system and consists of one or more individual access permissions. An access permission defines the reader group, time schedule and mode. See Setting up a new access group on page 26.

• Grant specific personnel access to the access group. Once this is done, the person’s tokens will work at the readers within the reader groups, at the times specified in the time schedules and when the specific modes are operational. See Granting access to a person on page 28.

• If you want to control and monitor the number of people entering and exiting a specific area, you need to set up secure areas, controlled by specific entry and exit readers. Areas can also be used to implement anti-passback measures. See Managing secured areas on page 36.

Restricting the times that personnel can access an area/building You can restrict the times that personnel can access a site/building or area by creating time schedules that define times that people can gain access through certain doors.

For example, you could have a time schedule called Normal Office Hours which permits access between 8:00 and 18:00 Monday to Friday, and another one called Weekends which permits access at any time on Saturday and Sunday and would be restricted to security staff. Time schedules are set up as a combination of time patterns, which identify blocks of times. Combining several time patterns enables more complex schedules to be defined.

If you want to restrict access to a single individual or a small group, you could set up an access group and assign it to that person.

About system security Note the following important points about security:

• You need to log in to Sateon using a user ID and a password. Default log in IDs and passwords apply initially, but must be changed the first time you log in. Your site system administrator will normally be responsible for setting up user IDs.

• Never let anyone else use your log in ID/password. For audit purposes, your identity is logged against every action that you take on the system.

• Keep your password secret and do not write it down.

• Change your password regularly. Your site system administrator may implement a password policy that may require you to change your password at regular intervals and may prevent you from re-using passwords.


Section 2

Setting up essential access control data

Certain data needs to be set up before you can grant access to individuals: reader groups, time schedules and system modes.

• For information about setting up reader groups, see Setting up a reader group on page 13.

• For information about time schedules, see Setting up time patterns and schedules on page 14.

• For an explanation of system modes, see Setting up a system mode on page 22.


Setting up a reader group A reader group is a set of readers that control access to an area. Reader groups are normally given the name of the area to which the readers control access, for example, Car Park, First Floor, Accounts, and so on.

Reader groups are used when assigning access to personnel. A reader cannot be a member of more than one group, but it is possible to have a reader group with only one reader in it.

Note: For the purposes of Reader Actions, you can set up reader groups that have no readers in them. See Setting up a reader-triggered action on page 64.

Normally the readers will have been set up, but it is possible to set up reader groups before setting up the readers. See Setting up a reader on page 52.

To create a reader group 1. Choose Access Control > Action/Group Management > Reader Groups.

2. Click Add at the top of the page:

3. On the Basic tab, enter the following:

Description Name of this reader group. We recommend you give it a name that indicates its location and purpose, such as First Floor.

4. The Readers not in a group box lists all readers that are not currently allocated to a group. To include a reader in the current group, select it and click the right-arrow button:

5. Click Save.


Setting up time patterns and schedules

About time patterns and schedules Time schedules are used to define the periods during which certain things can happen within the Sateon access control system. For example, time schedules are used to define when access is permitted at certain doors, when events are reported and when actions can be set to occur.

Some basic time schedules are set up in Sateon, but you can set up as many additional ones as you want. For example, you could have a time schedule called Normal Office Hours which permits access between 8:00 and 18:00 Monday to Friday, and another one called Weekends which permits access at any time on Saturday and Sunday and would be restricted to security staff.

• A time schedule is set up as a combination of time patterns, where each time pattern defines one or more periods of time.

• Each individual period of time with a defined start and end time is an appointment. Appointments can consist of an entire day.

• Appointments can be set up to have a recurring pattern, on a daily, weekly, monthly or annual basis, so for example you can have an appointment for every Monday morning or on the last Friday in each month.

• Time schedules use the standard iCal format, which means that pre-existing calendars can be imported into a time pattern. This enables the sharing of calendar-based information and the import of standard information such as a calendar of public holidays.

• When setting up time schedules, multiple time patterns can be combined inclusively (e.g. Normal Office Hours AND Weekends) or exclusively, e.g. Normal Office Hours EXCLUDING Public Holidays.

Time schedules are used in various places in Sateon:

• They are used when setting up access groups which categorise the access you want. When these access groups are assigned to users they define the readers and doors that the personnel can use and at what times.

• Time schedules can also be used when setting up actions. For example, you could set up an action that automatically unlocks doors during certain times.

• In addition, time schedules apply to event rules, meaning that event reporting, including notifications and command invokers, can be made dependent on time periods. For example, you could configure the system so that Door Wedged events on internal doors are not flagged as incidents during normal working hours.

• Time schedules also apply to system activities that must run at specific times, including scheduled reports and backups.


You need to set up the time patterns you need and then combine them into a time schedule. Time patterns themselves cannot be directly associated with other objects in Sateon.

Five time patterns are included by default in the system:

• All the Time

• Core Hours 1000-1200, 1400-1600

• Never

• Weekdays – 0800-2200

• Weekends – 0900-1800

You can create as many additional ones as you need.

To create a new time pattern 1. Choose Access Control > Action/Group Management > Time Patterns.

2. Click Add at the top of the page.

3. Enter a Description of this time pattern. We recommend you give it a name that

indicates its purpose, such as Office Hours, or Weekdays 08:00 : 18:00.

4. Choose the most appropriate tab for setting up the time periods – Day, Week, Month or Timeline. By default, Month is selected. You might find it easier to choose Day or Week if you want to create an appointment shorter than a day; choose Month to create an appointment lasting a full day or more.

5. To create an appointment, do one of the following:

− Click at the start point of the appointment. Right click in the highlighted block and choose New Entry from the pop-up menu.

− Click at the start point of the appointment and drag to select a block of time. Right click in the highlighted block and choose New Entry from the pop-up menu

− Double-click at the point in the calendar control that you want the event.

In each case the following dialog box appears:


6. Complete details about this block of time:

− Give it an identifying name (Subject) and optionally a Description.

− Provide a Start Time and End Time for the block of time. If you have chosen a defined time period (from the Day or Week tab) the Start Time and End Time default to the period selected, as shown above. You can change the dates/ times as required, either by overwriting them or entering them directly. Times are given in hh:mm format and although in the date picker they appear in 30 minute intervals they can be set to anything you like.

If you have chosen to create an appointment from the Month page, Sateon assumes the block of time is one or more entire days and will default to an All Day Event:

If you want to set specific times, you can clear the All day event box. Specific times then appear, which you can edit as required:


7. If you want this block of time to be repeated on a regular basis, click Edit Recurrence in the top left-hand corner. The following dialog appears:

You can choose and set the frequency of the recurrence. For example, every Thursday afternoon until the end of the year:


In the following example, the appointment is set to recur on the last day of every month:

8. Click OK on this dialog to save details of the recurrence.

9. Click OK on the appointment details dialog to save details of the block of time.

10. Click Save to save the time pattern record.

Importing a calendar file into a time pattern Sateon time patterns support the standard iCalendar file format which allows you to import calendars of public holidays or any other scheduling information held in the form of .ics files.

To import an iCalendar file 1. Ensure your iCalendar file is somewhere accessible.

2. Within a Time Pattern, click the Import Calendar button at the top of the page

3. The following dialog appears:


4. Click Upload Calendar File.

5. Navigate to the file, select and open it.

6. Details of the file are displayed in the dialog, for example:

7. Click Save.

Combining time patterns into schedules A time schedule is a combination of one of more time patterns. Time patterns can be included – such as multiple shift patterns – or excluded, such as public holidays.

Five time schedules are included by default in the system:

• All the Time

• Core Hours 1000-1200, 1400-1600


• Never

• Weekdays – 0800-2200

• Weekends – 0900-1800

Initially, each of these consist of a single time pattern with the same name.

To set up a time schedule 1. Choose Access Control > Action/Group Management > Time Patterns.

2. Click the Add button at the top of the page.

3. Enter a Description of this time pattern. We recommend you give it a name that

indicates its purpose, such as Office Hours, or Weekdays 08:00 : 18:00, excluding UK holidays.

4. By default, the Use Local Time checkbox is selected, meaning that all times are displayed in local time. To set up details in another time zone, deselect this box and choose the appropriate time zone from the drop-down.

5. On the Included Time Patterns tab, all the available time patterns are listed. Select one or more time patterns representing the periods that will be in this schedule. These time patterns are combined inclusively. Note that you must include at least one time pattern.

6. On the Excluded Time Patterns tab you can select time patterns that represent periods to be excluded from the schedule. For example, you can select holiday periods when normal access control does not apply. Note that it is optional to exclude time patterns.

If a time pattern is subsequently amended, any time schedules that us this pattern will automatically be updated.

Example of setting up a time schedule The following example illustrates a time schedule for a showroom which is normally open every weekday from 9:00 a.m. to 5:00 p.m. Monday to Friday, but is closed on all Bank Holidays and for staff training time at the beginning of each month.

• Set up a time pattern for weekdays 9:00 to 5:00.

• Set up a time pattern defining Bank Holidays (this can be imported from a defined .ics file)

• Set up a time pattern defining a staff training period, recurring the first Thursday of each month, for example:


• Set up a new time schedule called Showroom Hours. On the Included Time Patterns tab, select the Weekdays 9:00 to 5:00 time pattern. On the Excluded Time Patterns tab, select both the Bank Holidays and the Staff Training time patterns.

• The Basic tab then shows the combined times, as follows:

Included time patterns are shown in blue and Excluded time patterns are shown in red.

This time schedule can then be applied when setting up an access group, or setting up an action; for example:


Setting up a system mode System modes are a means of making rapid changes to the way in which Sateon operates without having to make substantial changes to the programming of individual tokens, actions or time schedules.

For example, your site could usually be set to General Access mode, requiring all personnel to badge in and out, but switch to Emergency mode in the case of a fire alarm, allowing all external and fire doors to be unlocked with a single action.

System modes are used in various places in the system.

• All access permissions are associated with a system mode that defines the situation in which access is permitted. When an access group with a particular permission is assigned to personnel it specifies the system mode in which access is permitted. For example, you may set up special permissions that only allow access through certain doors in the case of emergencies.

• Event rules are also associated with a system mode in order to define the situation in which specific events are reported.

• System modes are also associated with actions. For example, you could set up an action that automatically unlocks doors when a certain system mode is active.

Standard modes The following four modes are included in Sateon by default. They cannot be deleted.

Mode Purpose

Cause and Effect Used to control the configuration of actions and command invokers

Events and Logging Used to control how events are reported. When active, events are logged

General Access Used to control access. When active, normal access is permitted.

Incidents Used to control whether events are reported as incidents. When active, incidents are reported.


Note: The Cause and Effect, Events and Logging and General Access modes are Active by default, but the Incidents mode is not initially active. This is to ensure that multiple incidents are not reported before the system is first commissioned.

Creating a new mode Any number of additional modes can be configured.

To create a new system mode 1. Choose Access Control > Action/Group Management > System Modes.

2. Click the Add button at the top of the page:

3. Enter the following fields:

Description Name of the system mode. We recommend you give it a name that indicates its purpose, such as Emergency.

Active by Default Select the box if this mode is to be activated immediately.

Note: None of the four default System Modes can be edited from the System Modes page. To activate/deactivate a mode, you will need to use the Control Centre.

4. Click Save to save the new system mode.

Note: A mode can be configured and set to Active but will have no effect unless it has been linked to access permissions, actions, events, etc.

As well as configuring the system modes to be activated automatically when certain system conditions apply, you can activate or deactivate a mode manually from the Devices tab on the Control Centre.


Activating a mode System modes can be activated from the Control Centre.

By default, the Incidents system mode is not activated when Sateon is first installed. This is to avoid many incidents being raised when the system is first commissioned. Once you have set up core data we recommend that you activate the Incidents mode.

Note: The other three default system modes, Cause and Effect, Events and Logging and General Access are all Active by default.

To activate a mode 1. Choose Control Centre.

2. Select the Devices tab, click System Modes and select the mode to be activated.

3. Click the Activate button in the pane on the right.


Section 3

Setting up and assigning access

This section includes details of setting up access permissions and assigning access to people.

• For information about setting up access groups, see Setting up a new access group on page 26.

• For information about setting up access sets, see Setting up a new access set on page 27.

• For details of assigning access groups to individuals or groups of people, see Granting access to a person on page 28.


Setting up a new access group An access group is a group of one or more access permissions and can be assigned to any person on the system to define their access.

As part of setting up a new access group you can create new access permissions.

To create a new access group 1. Choose Access Control > Access Management > Access Groups.

2. Click the Add button:

3. On the Basic tab, enter the following fields:

Description Name of this access group. We recommend that you use a name that indicates what the access group does, such as First Floor – security staff.

Access Start Start date and time of the access period. This is optional; if not set the access period is valid immediately. Either type in a date and time or click the calendar control to select a date and time.

Access End End date and time of the access period. This is optional; if not set the access period will never expire. Either type in a date and time or click the calendar control to select a date and time.

Note: Even if the Access Start and Access End times for the access group are not set, a person’s access will be affected by the token validity and any start and end times that are set on the person record.

4. Click Save.

5. To add the individual access permissions that form this access group, click Manage Permissions at the top of the page:


6. The following screen appears:

7. Any access permissions already set up are listed in the lower part of the page.

For a normal access permission based on Sateon door locks, choose a reader group from the Resources drop-down. You can then choose a time schedule and system mode from the drop-down lists at the top of the page and click Add Permission to include it in the access group.

Note: If you are using offline door locks, appropriate lock groups appear in the Resources drop-down in additional to standard reader groups. See the appropriate third-party integration documentation for full details.

8. Click Save to save the changes.

Setting up a new access set An access set is a collection of access groups. The use of access sets is optional – you may want to use them if you have a large organisation and want to assign multiple access groups to a person.

To create a new access set 1. Choose Access Control > Access Management > Access Sets.


2. Click the Add button at the top of the page.


Description Name of this access set. We recommend that you use a name that indicates what the access set does, such as Security Staff Access.

4. The Available access groups box lists all groups that are not currently in the access set. To include these in the current access set, select them and click the right-arrow button:

5. Click Save to save the new access set.

Note If you subsequently edit an access set to add or remove access groups, these changes are not applied to the people whose access has already been defined. You will need to re-apply the access set for these changes to take effect.

Granting access to a person Once you have set up the access groups, reader groups and time schedules you can grant access to specific personnel.

You can choose to grant access to a single specific person or assign an access group to a group of people at once, for example, all the people in a specific department.

You can also grant access via the Personnel page.


Note: Before granting access to a person, you should have set up all the access groups you need (including individual access permissions).

Granting access via the Access Group page

To grant access to one person 1. Choose Access Control > Access Management > Access Groups.

2. Choose the access group that you want to assign.

3. Click Manage Personnel Access at the top of the page:

The following dialog appears:

4. Click Add Personnel at the bottom of the page:


5. You can search for a specific person by entering characters from the person’s name. Click the Filter button to list matching personnel:

Click the Clear button to clear the search:

6. When the list is displayed, select the person to be assigned to the group and click Done.


To grant access to multiple people 1. Choose Access Control > Access Management > Access Groups.

2. Choose the access group to assign.

3. Click Bulk Grant User Access at the top of the page:

4. The Bulk Grant Personnel Access window appears.

− Choose All Personnel to apply the selected access group to all personnel in the system. Click Next to set start and end times: see step 8.

− Choose Select Personnel to choose the specific personnel to apply this group to. Click Next.

5. If you have chosen Select Personnel, the following dialog appears to allow you to select the people:


From here you can set up a set of selection criteria to define the users, for example, everyone in the Sales department. To add a search clause, click the plus icon at the right of the page:

A set of drop-downs appears:

− In the first drop-down, choose a field such as Employee Number, Surname or Department.

− In the second drop-down, choose a comparison expression such as Is Equal To, Starts With or Contains.

− In the third drop-down, enter a value to match the field against.

This gives you a search clause, such as “Employee Number Starts with 100”, “Department Equals Sales”, “Surname contains th”

To add further search criteria, click the plus icon again. An additional blank line is displayed allowing you to set up a further clause.

Choose And from the drop-down list to find people who match all of the specified clauses or choose Or to find people who match any of the clauses.

6. The Calculate Number of Personnel In Selection button allows you to check how many record will be affected. To view the list, click the Preview button. The system will list the personnel this will affect, for example:


7. When you are happy with the list of people, click Choose Access Period and Apply.

8. Define the start and end of the access that applies to the selected people in the Access Starts and Access Ends fields. Either enter appropriate dates and times directly, or click the calendar button to select the date and time from the control.

9. Click Grant Access to apply the selected access group to the defined personnel.


Granting access via the Personnel page You can assign access by selecting specific people and assigning access groups to them.

To grant access to person 1. Choose Personnel > Personnel and choose the person whose access you want to

set.

2. Click the Manage Access button at the bottom of the page:

3. The Manage Access page appears:

4. Access groups are listed in the main part of the page, with the access groups assigned to this person selected. If there are large numbers of access groups, you can filter the display by entering a string of characters in the Search box at top left. Press Apply to apply the filter.

5. To assign an access group, select the checkboxes for the access groups to be assigned to the person.

6. If access sets have been defined they will appear in the bottom left. If you highlight an access set and click Apply, the access groups within that set are automatically selected.

Note: If you subsequently edit an access set to add or remove access groups, these changes are not applied to the people whose access has already been defined. You will need to re-apply the access set for these changes to take effect.


7. For each access group assigned, you can specify the times for this particular person’s access to start and finish. If times are already displayed, these are the defaults set up for these access groups, but these can be overwritten. For both Starts and Ends, enter a date directly or click in the field and select the calendar control:

8. When you have finished setting up the access rights for this person, click Save.


Section 4

Managing secured areas

The use of areas provides a means of monitoring and controlling the number of people in specific physical locations.

• For general information about areas, see About areas on page 37.

• For information about setting up and monitoring areas, see Creating a new area on page 37.


About areas The use of areas provides a means of monitoring and reporting on the number of people in specific physical locations. To implement area control, readers must be installed at each entrance to and exit from the controlled area.

Areas can also be used to prevent passback violation, sometimes known as tailgating. This is when one or more additional people follow a legitimate token holder into an area without using their tokens. Anti-passback can be implemented to track whether a token is inside or outside a secure area and apply system rules if a violation occurs.

You can also record periodic snapshots, so that the people in an area at a specific moment are recorded. You can define how often snapshots are taken, by either defining the frequency of snapshots or the number of events occurring between snapshots. You can also specify how long snapshots are retained in the system. Snapshots are used when producing Area Reports.

Creating a new area To create a new area 1. Choose Access Control > Area Management > Areas.



Description* Name of this area. We recommend you give it a name that indicates its purpose.

Comms Engine* Choose the comms engine responsible for managing this area.

Timeout Period This value can be set if you are implementing anti-passback. When the specified Timeout Period has passed after a person has entered an anti-passback area, they will be deemed to be of Unknown whereabouts by the system and removed from the area. For example, setting the Timeout value to 10 minutes would mean the person is deemed to be of unknown whereabouts 10 minutes after entering the area.

Note: The timeout period relates to the control of anti-passback. If you simply want to monitor the people within an area, you do not need to set this.


Forgiveness This value is used to clear all personnel from an area at a set time each day. At the specified time, any personnel marked as being present within an area are removed and deemed to be of unknown whereabouts by the system. This is generally set to a time when the area is intended to be unoccupied.

Maximum Occupancy Specify the maximum number of people that are permitted in this area. Leave it blank if there is no maximum.

Minimum Occupancy Specify the minimum number of people that are permitted in this area. Leave it blank if there is no minimum.

Snapshot Period How often a snapshot (recording details of the people who are currently in the area) is taken. Defaults to 30 minutes.

Snapshot Period Events The number of events recorded in each snapshot. When this number of events has occurred, the snapshot is saved and a new one started.

Note: If you are using snapshots, you should set either the Snapshot Period, or the Snapshot Period Events. You should not use both values.

Retention Period Defines how long the snapshot data is retained on the system. Defaults to 7 days.

Note: The accuracy of snapshot reporting can be improved by increasing the frequency of the snapshots or setting the number of events to a lower number. However, this has an impact on the storage requirements, so you may need to experiment to discover the optimum settings for your circumstances.

Enforced When this box is selected, anti-passback rules are enforced.

Offline When this box is selected, anti-passback will not be enforced by the controller if it cannot communicate with the main Sateon server. When the controller comes back on-line, its anti-passback status is automatically updated.

Local When this box is selected, the anti-passback status will only be held in the local controller. This is used if there is only one door into an area and the In and Out readers are on the same controller. In this case other controller do not need to know the real-time status of this area, which saves system traffic.


Treat single occupancy as being When this box is selected, this area is an abnormal state required to have more than one occupant.

When only one person is present this will be reported on the Abnormal States tab within the Control Centre.

4. On the Entry Readers tab, you can define one or more readers that control entry into this secure area. To assign an entry reader, select it and click the arrow button.


5. On the Exit Readers tab, you can define the readers that control exit from this secure area. To assign an exit reader, select it and click the arrow button.

6. On the Verify Out of Area Readers tab, you can define the readers that are used to verify that the person is out of area. To assign readers, select them and click the arrow buttons.

7. On the Verify In Area Readers tab, you can define the readers that are used to verify that the person is in area. To assign readers, select them and click the arrow buttons.

8. Click Save to save details of the new area.


Section 5

Managing the system hardware

This section explains how to set up and manage the system hardware. It includes the following:

• General information about system hardware is given in About the system hardware on page 42.

• For information about setting up sites and comms engines, see About the system hardware on page 42.

• For details of setting up controller and connections, see Setting up controllers and connections on page 45.

• For details of setting up doors and readers in your system, see Setting up doors and readers on page 49.

• For information about setting up inputs and outputs, see Setting up inputs and outputs on page 57.

• For details of configuring actions including reader-triggered actions, see Configuring automatic actions on page 62.


About the system hardware This section describes how to set up the information related to system hardware – including the comms engines, field networks, controllers, readers, doors, inputs and outputs on the system.

Note: The hardware details are normally set up by an installer or engineer when the system is first installed and configured, and often do not require any changes. However, in some cases you may need to make amendments at a later date.

When setting up system hardware, you may need to configure the following:

• The sites, which define your access control locations. A site is a logically separate access control location.

• The comms engines, which are the software elements that communicate with and configure the hardware controllers.

• The field networks that connect the controllers to the main computer. (IP-connected controllers do not need field networks as they connect directly via the IP network.)

• The ports that the field networks are connected to.

• The controllers – the intelligent devices that control doors and peripherals.

• The doors that can be opened by the access control system.

• The readers that control access to an adjacent door.

• The devices that provide inputs to the system, such as fire alarm sensors or passive infrared detectors.

• The outputs that trigger devices such as lighting systems or alarms.

You can view details of the physical system by choosing the Device Management option on the main Access Control page:


The main Device Management page appears:

Setting up sites and comms engines A single Sateon installation can support multiple sites, where each site is a single separately-managed access control location. Each defined site can be managed by one or more comms engines, which are separate software control systems. (Note that the physical location is irrelevant.)

One site called Main Site exists by default; additional sites can be created if required.

Setting up a site 1. Choose Access Control > Device Management > Site.



Description* Name of this site. We recommend you give it a name that indicates its purpose and/or location.

Site Code* Enter a code to identify this site.

Organisation Not supported in this version.


4. Click Save to save this site.

Setting up a comms engine The comms engines are Sateon software elements that communicate with and configure the hardware controllers (door controllers and peripheral controllers).

Although for many installations a single comms engine is sufficient, an additional comms engine may be required for various reasons: to support remote sites; to improve system performance by load-sharing; or for resilience, to avoid a single point of failure.

For details of installing an additional Comms Engine, see the Sateon Installation Guide.

To set up a comms engine 1. Choose Access Control > Device Management > Comms Engine.



Description* Name of this comms engine. We recommend you give it a name that indicates its purpose and/or location.

Hostname* The hostname of the machine that this comms engine is running on. (Note: Do not include the http:// prefix, and do not use localhost or an IP address).

Site* Choose the site appropriate to this comms engine from the drop-down list of available sites. (You need to set this even if you only have one site.)

Note that all these are required fields.


4. Click Save to save these details.

Setting up controllers and connections The controllers are the intelligent devices that manages access to doors and other hardware (sometimes called controllers or boxes). IP-connected controllers are connected directly via the IP network, but 485-connected controllers will have a comms line known as a field network which needs to be configured.

Note: Controllers are generally discovered and set up when Sateon is first configured, using the Quick Start application or the eSeries Programmer. It is not usually necessary to configure them via the Sateon software.

Setting up a controller Sateon supports various types of controller, which may have the following variations:

• They may be Sateon Advance boards, EZ boards (supported on Sateon Enterprise systems) or PRO boards, specific to Sateon Pro. Alternatively, on migrated systems they may be Janus legacy hardware that is still supported on Sateon systems.

• Sateon Advance controllers may be single blade or multi-blade, which support different numbers of doors and readers.

• They may be door controllers (known as IDCs) or input/output controllers (known as IOCs or IPCs).

• They may be connected via the IP network or by a 485 line.

• They may support different numbers of inputs and outputs.

The controller type indicates the features. For example, the Advance4B-IP controller is a Sateon Advance multi-blade controller, connected via IP and supporting up to four door and/or I/O blades, while the EZ-1024-E is a EZ IP-connected I/O controller, which supports 8 inputs and 16 outputs.

Note: The controllers that are available will depend on your licence.


Ensure you select the correct controller type as this will affect the options available. For 485-connected controllers, you need to set up a field network and a port. Field networks do not need to be configured when IP-connected controllers are used, since they are connected directly over the network, so you just need an IP address.

To set up a controller 1. Choose Access Control > Device Management > Controller.



Description* Name of this controller. We recommend you give it a name that indicates its purpose and/or location. For example, your naming convention may be Building-Level-Location-ID.

Panel Type* Select the appropriate controller type from the drop-down. The controller configured in the drop-down will depend on your licence, for example, if you have an EZ licence you will only see EZ boards.

Comment You can specify any text here; for example, the physical location of the controller.

Mains Failure Define how long the mains power can be disconnected before an alert is raised. The hardware default is 10 minutes.

Time zone If the controller is in a different zone from its controlling comms engine, you should select the time zone that the controller is in. If the controller is in the same time zone, leave this blank.

Interlock When selected, this box indicates that the two doors controlled by this controller are never to be unlocked at the same time by valid tokens.

Note that if this setting is selected with Advance Multi-blade controllers, it will apply to all the doors connected to this controller (up to 8 doors).

Poll When selected, this box indicates that the controller is to be regularly polled by the system. During set-up and commissioning you can clear the box to avoid incidents being raised if the controller is not communicating with the comms engine.

The following additional fields appear for 485-connected controllers, which require a field network and port to be set up:

Field Network Choose the field network for this controller from a drop-down list. If this has not yet been configured, you can set it later. The controller will appear as Unassigned in the list.


Address The Address is an identification number that identifies the field network to the system. The number you enter here has to be set on the controller hardware itself. (Range 1-63)

The following additional fields appear for IP-connected controllers which are connected via their IP address:

IP Address The IP address of this controller. Note that if this has not yet been configured, you can set it later. A warning will appear against the device. Support

Encrypted When selected, communications between the controller and the comms engine are encrypted.

4. Click Save to save this controller.

Setting up a field network and port If you have any 485-connected controllers, you need to set up a field network (comms line) and a port to define how the controller is connected to Sateon.

Note: IP-connected controllers do not require a field network and port.

To set up a field network 1. Choose Access Control > Device Management > Field Network.


3. In the Description field, enter the name of this field network. We recommend that

you give it a name that indicates its purpose and/or location.


4. Click Save.

Note: At this point you can click Manage Local Devices to set up the controllers and ports that are associated with this field network.

To set up a port 1. Choose Access Control > Device Management > Port.



Description* Name of this port. We recommend you give it a name that indicates its purpose and/or location.

Field Network The field network (comms line) that connects to this port. Note: If this has not yet been configured, you can set it later. The port will appear as Unassigned in the list.

IP Address* The IP address that identifies this port.

Encrypted Select this box if communications on this port are encrypted.

*Required field

4. Click Save.


Setting up doors and readers You need to configure the doors are used to enter and exit a site, building or area and the readers that control access. Note that the term door can apply to a reader-operated turnstile or other barrier. A door may be associated with one reader or two (i.e. there may be a reader on each side of a door).

Setting up a door A door is managed by a controller, so as part of setting up the door you need to define the controller that manages it. However, if you wish you can set up the door and connect to the controller later.

To set up a door 1. Choose Access Control > Device Management > Door.



Description* Name of this door. We recommend you give it a name that indicates its purpose and/or location. Follow the naming conventions agreed by your organisation, such as Building-Level-Location-ID.

Controller Choose the controller that manages this reader from the drop-down. If this has not yet been configured, you can set it later. The door will appear as Unassigned in the list.

Address Choose the address of this door on the controller. For PRO, EZ and legacy boards this will be either 1 or 2, depending upon which set of terminations is being used at the controller for this door.

For Advance controllers the address consists of the number of the blade, followed by a zero, followed by the number of the door. For example, if this is Door 2 on Blade 3, its address would be 302. Note that this address format is required for Single-Blade controllers as well as Multi-Blade controllers.

Unlock Output Group #1 This field defines when the doors are unlocked. If you want doors to be opened automatically by triggering an action, you can choose the output group from the drop-down list. Leave this blank if the door is to be locked at all times.


If necessary, you can create a new output group from this page by clicking the button after you have saved the record.

Unlock Output Group #2 This field defines an additional output group. If necessary, you can create a new output group from this page by clicking the button after you have saved the record.

Sounder Output Group This field defines an output group that will operate a sounder when the door is opened. Leave this blank if this is not required.

If necessary, you can create a new output group from this page by clicking the button after you have saved the record.

Lock Configuration The type of lock on this door: only relevant to doors connected to Sateon Advance controllers. One of:

Fail Secure – Use this setting if the lock requires power to release the lock (Fail Secure or Fail Locked). The door would remain locked in the case of a power failure.

Fail Safe – Use this setting if the lock requires power to lock the door Fail Safe or Fail Unlocked). The door would be unlocked in the case of a power failure.

For Fail Secure and Fail Safe settings, the current must be selected – High, Medium, Low or Very Low.

Use Aux Output – Use this setting if external power is required, for example for turnstiles. This is configured as Fail Secure.

Unlock Period The length of time that the relay controlling the door lock will activate when a valid token read occurs and access is granted. Hardware default = 5 seconds.

Note: The Unlock Period setting has a standard selection control that allows any period of time to be selected. We recommend that the unlock period is not set to a period of Hours or Days - this functionality is intended to unlock the door briefly in response to a token read, not to unlock the door for an extended period.

Command Unlock Period The length of time that the door will be unlocked when a command is issued. (Certain personnel may have permission to unlock doors by commands at a keypad.)


4-State Supervision If the door sensor is wired with line monitoring/supervising resistors, select this box.

Exit Switch Select this box if this door is controlled by an exit switch.

4. The Sensor Settings tab allows you to configure an associated sensor, where present:


Door Sensor Select this box if the reader has an associated sensor used to monitor whether the door is open or closed. Additional fields are only enabled when this is selected.

Maximum Open Period The maximum length of time that the door sensor can be open before the door is deemed to be wedged open. Hardware default = 30 seconds

Minimum Open Period The minimum length of time that the door sensor is allowed to be open. Hardware default = 3 seconds

Open Reminder Period If the door sensor is in an active state for longer than the length of time you type here, a reminder will be displayed. The sensor may be faulty. Enter Continuous if you never want a reminder.

Indicate Wedged Select this box to operate a local alarm sounder if the door sensor indicates that the door remains open after a valid token read for more than the length of time specified in the Maximum Open Period field.

Indicate Forced Select this box to operate a local alarm sounder if the door sensor indicates that the door has been opened without either a valid token presentation or the exit button being pressed.

Relock On Open Select this box if you wish the lock to re-lock when the door sensor detects that the door has opened. This can prevent the door bouncing open if the door closer is too strong. Do not select this option if the lock is a monitored maglock where the monitor reflects the lock state.

Note that defaults apply to the time period settings. For details, see Hardware defaults on page 66.

5. Click Save when you have set up the door.

Setting up a reader Readers are configured to control access to an adjacent door. Readers come in a variety of types from a number of manufacturers: swipe cards, contactless proximity, PIN based, and so on. For details of the current readers supported, see Reader types and formats on page 69.

A reader is controlled by a controller, so as part of setting up the reader you need to define the controller that manages it. However, if you wish you can set up the reader details and associate it with the controller later.

Two readers can be associated with a door, one in and one out.


To configure a reader 1. Choose Access Control > Device Management > Reader.


3. On the Basic tab, enter the following fields.

Description* Name of this reader. We recommend you give it a name that indicates its purpose and/or location. A recommended naming convention is Location-IN/OUT.

Reader Format Type* Choose the type of reader from the drop-down list, which is populated by the reader types and technologies supported by Sateon.

Reader Group If you have already set up reader groups, you can choose the appropriate one from the drop-down list. (You can add this later if you haven’t set up reader groups yet.)

Controller Choose the controller that manages this reader. Note: If this has not yet been configured, you can set it later. The reader will appear as Unassigned in the list.

Address For PRO, EZ and legacy boards this will be either 1 or 2, depending upon which set of terminations is being used at the controller for this reader.

For Advance controllers, the Reader address consists of the number of the blade, followed by a zero, followed by the number of the reader. For example, if this is Reader 1 on Blade 2, its address would be 201. Note that this address format is required for Single-Blade controllers as well as Multi-Blade controllers.

Door Choose the door that is controlled by this reader. The drop-down is populated by all the doors attached to this controller.

Extend Unlock When this box is selected, it indicates that an extended unlock period is permitted at this reader/door to personnel with the appropriate setting. See also the Extend Unlock setting on the personnel record.

*Required field


4. The Indicator Periods tab is used to specify the length of time you want the LED/sounder to operate in various situations. All settings are initially set to the default values, but can be changed as required:

Token Output Periods

Valid LED Period Length of time that the LED illuminates when a valid token is presented. A valid token is one that is assigned to a person and is within a valid date/time range. Hardware default = 3 seconds.

Invalid LED Period Length of time that the LED illuminates when an invalid token is presented. Hardware default = 5 seconds.

Beeper Periods

Valid Period Length of time that the sounder is to operate when a valid token is presented. A valid token is one that is assigned to a person and is within a valid date/time range. Hardware default = 0.2 second.


Invalid Period Length of time that the sounder is to operate when an invalid token is presented. Hardware default = 2 seconds.

Indicate valid on beeper Select this box to operate a local sounder whenever a valid token is used at this door.

Indicate invalid on beeper Select this box to operate a local sounder if an attempt is made to use a token that does not have permission for this door.

5. The Has Keypad tab allows you to configure an associated keypad, where used.

Has keypad Select this box if the reader has an associated keypad. Additional fields are only enabled when this is selected.

Keypad Input Group If you want to activate this keypad by triggering an action, choose the action from the drop-down list. Leave this blank if the keypad is to be active at all times.

Keypad Time-out Specify the length of time that the keypad should allow for a valid PIN to be entered. Hardware default = 30 seconds.

6. The Advanced Security tab allows you to configure additional features, including escort reader options and location verification.

Escort Reader Group This field is used for high security doors where two tokens must be read before the door will unlock. This is often referred to as a Dual Read. When a token that has permission for the primary reader group is read, the LED is activated for a specified time without unlocking the door. During this time a second token must be read before the door will unlock. The second token must have permission for the Escort Reader Group. Leave this field blank if the door is to unlock with one token.


Note: The Escort Reader Group can be the same as the primary reader group but the door will only unlock if two different tokens with suitable permissions are used.

Escort Reader Group Where a Dual Read is required, this field specifies Timeout Period the timeout for the second read. Hardware

default = 10 seconds.

Escort Reader Select this box if you want this reader to be an escort reader. If a person or a visitor is recorded as Is escorted, a host token valid for the reader’s Secondary Reader Group must also be presented. If not, the door will not unlock.

Static Escort Select this box if the escorting token needs to be read but the escorting person does not pass through the door.

If area management is being used, the escorting person remains in the original area, while the primary person will be counted in the new area.

Command Reader This box allows you to specify that certain personnel can issue commands to this reader, for example to unlock a door and relock the door.

Commands are selected by entering numbers at the keypad associated with this reader BEFORE the token is presented. Pressing 1 unlocks the door for the extended period of time; pressing 2 resets the extended unlock. Other digits can be used to trigger the Command Invoker for specific commands; see the Sateon Event Configuration Guide for details.

7. Click Save to save the new reader record.


Setting up inputs and outputs An input is any device, such as a fire alarm or a PIR detector, which provides signals or data to Sateon. An output is any device, such as a lighting system or an alarm, which can be controlled or triggered from within Sateon. The number of inputs and outputs that can be configured depends on the type of controller.

Setting up an input You need to configure all the inputs in your access control system, such as switches, buttons that control buzzers, PIRs, and so on.

Note: The number of inputs and outputs that can be configured per controller depends on the controller type (hardware variant).

To set up an input device 1. Choose Access Control > Device Management > Input.



Description* Name of this input. We recommend you give it a name that indicates its purpose and/or location.

Input Type Select the type of input. The choices available are:

Normal – for a normal input switch.

Output pulse when triggered – this triggers the equivalent output on the same controller for 1 second. For example, if input 5 is activated, output 5 on the same controller would be pulsed for 1 second.

PIR detector – This type is used primarily for PIR detectors and is used to prevent multiple alarms occurring for the same event. This input type will only report once in each time period after the initial alarm has been detected.

Input Group If you have already set up input groups, you can choose the group that this input is a member of. If necessary, you can create a new output group from this page by clicking the button after you have saved the record.

Controller Choose the controller that manages this input from the drop-down. If this has not yet been


configured, you can set it later. The input will initially appear as Unassigned in the list.

Address Choose an address for this input, depending on the termination in the controller.

For PRO, EZ and legacy controllers this will be either 1 or 2, depending upon which set of terminations is being used at the controller for this reader.

For Advance controllers the address consists of the number of the blade, followed by a zero, followed by the number of the input. For example, if this is Input 1 on Blade 2, its address would be 201. Note that this address format is required for Single-Blade controllers as well as Multi-Blade controllers.

4-State Supervision Select this box if the contact is wired with end-of-line resistors to monitor for circuit tamper and fault.

Normally Open Select this box if the input is normally in an Open state.

Sense Period Enter the length of time to wait after an input becomes active before generating an alarm. Hardware default = 0.2 seconds.

Activate Description Enter the text that is to be reported when this input is activated. Defaults to Activated.

Reset Description Enter the text that is to be reported when this input is reset. Defaults to Reset.

PIR Inhibit Used for PIR detectors. Defines the length of time that the input will be inhibited after an initial activation. The default is 30 seconds.

PIR Active Used for PIR detectors. If a PIR remains in the active state for the length of time entered here, it will be deemed to be faulty. The default is 60 seconds.

*Required field


4. Click Save to save the record.

Setting up an input group An input group is an association of inputs with similar characteristics – for example you could create an input group consisting of all the PIRs on the first floor.

All input devices on the system must be a member of an input group. An input can only be a member of one input group.

Input groups are required when setting up actions. When an input activates it can trigger one or more outputs to change state. As well as these general actions, specific actions can be set up to unlock doors and make keypads active.

To configure an input group 1. Choose Access Control > Action/Group Management > Input Groups.


3. On the Basic tab, enter the name of this input group in the Description field. We

recommend you give it a name that indicates its purpose, such as First Floor PIRs.

4. You can then choose the inputs that are members of this group. To move inputs between groups, select them and click the arrow buttons:


5. Click Save when you have set up the members of this input group.

Setting up an output You need to set up all output devices that can be activated, such as lighting systems or alarms. The possible number of outputs that can be configured depends on the controller type.

Outputs are used when setting up actions. When an input activates it can trigger one or more outputs to change state.

To set up an output 1. Choose Access Control > Device Management > Output.



Description Name of this output. We recommend you give it a name that indicates its purpose and/or location.

Controller Choose the controller that manages this output from the drop-down. Note: If this has not yet been configured, you can set it later. The output will appear as Unassigned in the list.

Address Choose an address for this output, depending on the termination in the controller.


For Advance controllers the Output address consists of the number of the blade, followed by a zero, followed by the number of the output. For example, if this is Output 2 on Blade 2, its address would be 202. Note that this address format is required for Single-Blade controllers as well as Multi-Blade controllers.

Output Group If you have already set up output groups, you can choose the group that this input is a member of from the drop-down. (You can add this later if you haven’t set up groups yet.)

If necessary, you can create a new output group from this page by clicking the button after you have saved the record

Pulse Length The length of time that this output will remain switched on when activated by the system. Hardware default = 1 second.


Setting up an output group An output group is an association of outputs with similar characteristics – for example all the alarm sounders can be in a single output group called Alarms.

All output devices on the system must be a member of an output group. An output can only be a member of one output group.

Output groups are required when setting up actions.

To configure an output group 1. Choose Access Control > Action/Group Management > Output Groups.



3. On the Basic tab, enter the following:

Description Name of this output group. We recommend you give it a name that indicates its purpose, such as First Floor PIRs.

4. Click Save.

Configuring automatic actions Sateon enables certain actions to be performed or triggered automatically.

You can set up actions that are triggered by inputs and actions that are triggered automatically when a valid read occurs at a specific reader.

Setting up an automated action You can set up Sateon so that certain actions are performed or triggered automatically. In this case when an input in a specified input group activates it triggers the outputs within a specified output group to change state.

You must already have set up the time schedules, system modes, input groups and output groups that you need.

To set up an action 1. Choose Access Control > Action/Group Management > Actions.



Description* Name of the action to be set up.

System Mode* Choose a system mode from the drop-down list. This means the action can only be triggered when this mode is active.


Time* Choose a time schedule from the drop-down list. This means the action can only be triggered during the times specified in this schedule.

Input Group* Choose the input group that will trigger the outputs.

Output Group* Choose an output group that will be triggered.

Output Period Choose one of the following to specify how long the output will be activated:

Preset – Select this option if you want each output in the group to be switched on for the time specified in its Pulse Length field.

Preset – Cancel on Input reset – Select this option if you want each output in the output group to be switched on for the length of time specified in its Pulse Length field, or until the input group ceases to be active, whichever is soonest.

Follows Input – Select this option if you want each output in the group to be switched on while the input group is active, and off while the input group is inactive. This is the most usual setting.

*Required field



Setting up a reader-triggered action You can set up Sateon so that a system action can be triggered automatically when a valid read occurs at a specific reader. This enables system actions to be related to a particular person’s access rights.

You must already have set up the readers, reader groups and outputs that you need.

This feature can in many situations, for example:

• Controlling lifts: If a person presenting a token at a reader has valid permissions for the defined reader group, an output will operate, enabling a floor button in the lift.

• Area management, such as in car parks. A reader action will be able to put a person into an area and/or out of an area. If a person presenting a token has valid permissions for the defined reader group, they will be marked as being in/out of the specified area. If an area is marked as Enforced and the person fails anti-passback, the area details will not be updated and the associated output will not be triggered.

In addition, an event can be raised when the reader action occurs.

To set up a reader-triggered action 1. Choose Access Control > Action/Group Management > Reader Actions.



Description* Name of the reader action to be set up.

Reader* Choose a reader from the drop-down list. The action will be triggered when a valid read occurs at this reader.

Reader Group* Choose a reader group from the drop-down list. The person must have valid permissions for this reader group.

Entry Area For area management, choose the area that the person will be marked as entering when a valid card read occurs. If the Entry Area Enforce Limits box is set, area limits are enforced.

Exit Area For area management, choose the area that the person will be marked as exiting when a valid card read occurs. If the Exit Area Enforce Limits box is set, area limits are enforced.

Output Where required, select the output that will be triggered when a valid read occurs.

Raise Event Select this box if an event is to be raised when this reader action occurs.


Note: If the Raise Event box is selected it is possible to use the command invoker to control a particular piece of hardware. For details, see the Sateon Event Configuration Guide.

*Required field



Appendix A

Hardware defaults

The following default settings apply to the hardware within Sateon. These are set in the firmware.

Controller hardware defaults

Name Type Default

Mains Input 10 minutes

Tamper Input 0.1 second

Power Input 0.1 second

Low Battery Input 1 second

PSU monitor Input 1 second

Lock power fails Input 1 second

Low 5 volts Input 1 second

Ext power Input 1 minutes

Offline Timer 1 hour

Xport power Timer 2 seconds


Door hardware defaults

Name Type Default

Door Sensor Input 0.3 second

Exit switch Input 0.1 second

Lock Output 5 seconds

Min Open Period Timer 3 seconds

Max Open Period Timer 30 seconds

Interlock Output 0.2 second

Alarm State Timer 15 minutes

Sensor Fault Input 0.2 second

Door Open Reminder Timer 15 minutes

Reader hardware defaults

Name Type Default

PIN timeout Timer 30 seconds

Reader Timeout Timer 10 seconds

Valid LED Output 3 seconds

Sound Invalid Output 2 seconds

Sound Forced Output 10 seconds

Sound Wedged Output 10 seconds

Sound Valid Output 0.2 seconds

Invalid LED Output 5 seconds


Input hardware defaults

Name Type Default

Sense Time Input 0.2 second

Min Timer 30 seconds

Max Timer 1 day

Fault Input 0.4 seconds

Tamper Input 0.2 seconds

Action Input 0.1 seconds

Output hardware defaults

Name Type Default

Period Output 1 second


Appendix B

Reader types and formats

The matrix provided on the following page shows the list of available reader types and the card/token formats that can be used by each reader type.

This relates to firmware associated with SATEON Release 2.10.

The list may change in future as new reader types are added.

Car

dke

y M

agst

rip

e (w

ith

issu

e)

Car

dke

y M

agst

rip

e (w

ith

ou

t is

sue)

Car

dke

y W

iega

nd

Car

dke

y W

iega

nd

(w

ith

issu

e)

CA

SI W

iega

nd

(2

8 b

it)

Co

tag

2A

Wie

gan

d (

32

bit

)

Co

tag

43

Mag

stri

pe

Co

tag

58

Wie

gan

d (

49

bit

)

Dei

ster

Wie

gan

d (

64

bit

)

G4

S 3

7 b

it

Gen

eric

Mag

stri

pe

Gen

eric

Mag

stri

pe

(Alt

ern

ate)

Gro

sven

or

Mag

stri

pe

HID

37

bit

BC

D

HID

DSX

Wie

gan

d (

33

bit

)

HID

H1

03

06

1A

(3

4 b

it N

o S

C)

Sim

ple

x 3

6-b

it’

Ind

ala

Wie

gan

d 3

4 b

it

Mag

stri

pe

(Tra

nsp

ort

Po

lice

Form

at)

Mif

are

F W

iega

nd

32

bit

Mif

are

R W

iega

nd

32

bit

Sho

rro

ck 5

6 b

it W

iega

nd

Tyco

Wie

gan

d 3

4 b

it

Wat

erm

ark

Wie

gan

d 2

5 b

it

Wie

gan

d 2

6 b

it (

SC 8

, CN

16

)

Wie

gan

d 3

1 b

it (

Tho

rn)

Wie

gan

d 3

3 b

it (

HID

Gro

sven

or

Form

at)

Wie

gan

d 3

4 b

it

Wie

gan

d 3

5 b

it (

HID

Co

rpo

rate

10

00

)

Wie

gan

d 3

6 b

it (

HID

)

Wie

gan

d 3

7 b

it (

Gro

sven

or)

Wie

gan

d 3

7 b

it (

H1

03

04

)

Wie

gan

d 4

0 b

it

Wie

gan

d 4

bit

PIN

dig

it

Wie

gan

d 5

bit

PIN

dig

it

Wie

gan

d 8

bit

PIN

dig

it

Seri

al K

eyp

ad

Seri

al A

SCII

Bar

cod

e

34 34 28 32 49 64 37 37 33 34 36 34 32 32 56 34 25 26 31 33 34 35 36 37 37 40 4 5 8

ASCII Barcode 14 S X

Cardkey Magstripe 11 C/D X

Cardkey Magstripe (with issue) 50 C/D X

Cardkey Wiegand (34 bit) 4 W (Inv D) X

Cardkey Wiegand (with issue) 42 W (Inv D) X

CASI Wiegand 5 W X X X

Cotag 2A Wiegand 17 W X X X

Cotag 43 Magstripe 8 C/D X

Deister Prox. (Grosvenor) 15 W X X X

G4S 33 bit (should say 37 bit) 66 W X X X X

Generic Magstripe 20 C/D X

Generic Magstripe (Alternate) 7 C/D X

Grosvenor Magstripe 2 C/D X

Grosvenor Magstripe (Inv Clk) 13 C/D (Inv C) X

Grosvenor Magstripe (Inv Data) 10 C/D (Inv D) X

HID 1000 and Others 72 W X X X X

HID 36 bit Wiegand 38 W X X X X X X

HID 37 bit BCD 23 W X X

HID and CodeGuard 55 W X X X X X

HID Corporate 1000 (35 bit) 48 W X X

HID DSX 33 76 W X X X X X

HID Grosvenor Format (33bit) 58 W X

HID H10304 (37 bit) 68 W X X

HID H103061A 74 W X X X

HID Prox. Wiegand 15 W X X X

Simplex 36-bit 69 W X X X X

Indala Wiegand 9 W X X X X X

Keypad 16 W or S X X X X X X X

Magstripe and GTL iClass 81 W X X X X X

Mifare F Wiegand 32 bit 0 W X X X X

Mifare R Wiegand 32 bit 51 W X X X X

NCS Wiegand (25 bit) 6 W X X X

Shorrock 56 bit Wiegand 24 W X X X

Thorn Wiegand (31 bit) 18 W X

Tyco 34 bit 75 W X X X

Watermark Magstripe 3 Wmk X

Wiegand 34 and 26 bit 45 W X X X X X

Wiegand 40 bit 78 W X X

READER TYPE

SATEON Reader Type / Token Format Matrix

TOKEN FORMAT

Rea

der

Typ

e N

ame

Rea

der

Typ

e In

dex

Nu

mb

er

Dat

a lin

es (

W -

Wie

gan

d, C

/D -

Clo

ck &

Dat

a,

S -

Seri

al)


Appendix C

Door unlocking using keypad

It is possible to configure Sateon to support Keypad Door Unlocking only, i.e. enabling a door to be unlocked by entering a token number at the associated reader keypad, rather than by a standard token read.

This section explains how to set up the required data within Sateon.

Important notes • This feature is supported on EZ boards only.

• The firmware version needs to be at least version ZP131016 (later dated firmware is OK).

• If you want to use standard tokens as well, ensure the other reader port on the board uses the other reader type. The reason for this is that token data will not be downloaded to the controller unless Sateon thinks it is needed.

• This feature is not the same as PIN Confirmation – requiring personnel to enter a PIN in addition to their token being read in order to gain access. However, it is possible for both Keypad Entry and PIN confirmation to be used together.

• The reader must have a Wiegand output – the keypad output should be a 4-bit burst.


Setting up Sateon data You need to set up a new token type, specify this token type on the appropriate reader(s) and ensure personnel are assigned tokens of the correct type. Follow these steps:

Creating a new token type • Create a new Token Type: (Personnel > Token Type) called Keypad only.

• Select a Technology Type of Sateon and a Reader Type of Has Keypad:

Editing the reader details • Set up the required Reader (Access Control > Device Management > Reader).

• Change the Reader Format Type to Has Keypad


Note: Do NOT select the Has Keypad box on the Reader record unless personnel are required to enter a PIN as well.

Creating and issuing tokens Do the following for each person who will use Keypad Door Unlocking:

• Select the person from the Personnel page.

• Click Manage Tokens.

• On the token page, click Create Token at the bottom of the page to set up a new token.

• The Token Data is the number that is entered at the keypad. It can be up to 12 digits. The Token Type must be the one you created in Creating a new token type on page 72 above.


Once Keypad Door Unlocking is configured, it can be used as follows at the appropriate readers:

• The Token Data/Card number must be entered at the keypad, followed by the # key to submit the PIN. If the correct number is entered, the door is unlocked.

• If an error is made, the * key can be pressed to clear the buffer.

Note: It is possible to use Keypad Door Unlocking in conjunction with personal PIN confirmation. In this case, the Has Keypad settings on the Reader record must be configured and a PIN must be set when creating and assigning the Token. When this is set up, to gain entry at appropriate readers, personnel will need to enter the Token Data/Card Number, press # and then enter the PIN.

Date post:	02-May-2018
Category:	Documents
Upload:	lamnguyet
View:	214 times
Download:	1 times

Access Control Module Guide - Grosvenor Technology · No part of this document may be reproduced in...

Documents