Cisco Physical Access Manager User Guide, Release 1.4.1
Configuring Personnel and Badges
Downloads: This chapterpdf (PDF - 4.25MB) The complete bookPDF (PDF - 61.78MB) | Feedback

Configuring Personnel and Badges

Table Of Contents

Configuring Personnel and Badges

Contents

Configuring Personnel

Downloading Credential Changes to the Gateway Modules

Viewing Audit Records and Events for Personnel Records

Viewing Audit Records

Viewing Recent Events

Editing Organization and Department Lists

Importing Personnel Records Using a Comma Separated Value (CSV) File

Using a SnapShell License Scanner to Create Personnel Records

Install and Configure the SnapShell Scanner

Scan a License to Create a New Personnel Record

Configuring Badges

Configuring Badge Templates

Badge Properties

Badges Module: General

Badges Module: Cisco Access Policy

Badges Module: Advanced Gateway

Badges Module: HSPD-12 Badge Extension

Badges Module: Audit Records

Badges Module: Recent Events

Badge Authentication

Usage Notes

Limitations

Using the Badge Designer

Printing Badges

List of Recommended Badge Printers

Printing Individual Badges

Printing Multiple Badges

Printing High Resolution Images

Changing the Default Badge Printer

System Configuration Settings for Badge Printing

Setting Up Image and Signature Options for Personnel Records

Enabling Image Capture Devices

Enabling Signature Capture Devices


Configuring Personnel and Badges


This chapter describes how to create the personnel records and badges used to access doors in the Cisco Physical Access Control system.


Note For instructions to synchronize Cisco PAM with personnel records from another database, see Chapter 14 "System Integration".


Contents

Configuring Personnel

Downloading Credential Changes to the Gateway Modules

Viewing Audit Records and Events for Personnel Records

Editing Organization and Department Lists

Importing Personnel Records Using a Comma Separated Value (CSV) File

Using a SnapShell License Scanner to Create Personnel Records

Install and Configure the SnapShell Scanner

Scan a License to Create a New Personnel Record

Configuring Badges

Configuring Badge Templates

Badge Properties

Badge Authentication

Printing Badges

Setting Up Image and Signature Options for Personnel Records

Configuring Personnel

Use the Personnel module to manage personnel records. Personnel records contain information on the site's personnel, such as employees, contractors, and visitors. A personnel record may have associated credentials, such as badges or logins.


Tip Personnel records are unique based on the ID number of the record. If a record is imported with the same ID number, then the current record is updated with the new data.


This section describes how to manage personnel, including adding an image, a badge, and an associated access level.


Step 1 Select Personnel from the Users menu, as shown in Figure 9-2.

Step 2 To add a personnel record, choose Add (Advanced)....

To modify an existing record, select the entry and click Edit.

To edit all records displayed in the list, click Group Edit.... See Using Group Edit for more information.

To disable a record, select the entry and choose Disable. This is equivalent to setting the Status to Inactive.

Figure 9-1 Personnel Module: Main Window


Tip You can also scan a drivers license to create a new record with information on the card. See the "Using a SnapShell License Scanner to Create Personnel Records" section.


Step 3 Enter the information in the General tab, as shown in Figure 9-2. See Table 9-1 for field descriptions. The first name, last name, and SSN/FIN/ID fields are required.

Figure 9-2 General

Table 9-1 Personnel Module: General Tab 

Field
Description

Title

(Optional) The person's formal title. Select a value from the drop-down menu (such as Dr., Mr., or Ms.) or enter the text manually.

First name

(Required) The person's given name.

Middle name

(Optional) The person's middle name.

Last name

(Required) The person's surname (family name).

Suffix

(Optional) The suffix at the end of the person's name. Select a value from the drop-down menu (such as I, II, III, Jr., and Sr.) or enter the text manually.

Date of birth

(Optional) The person's birth date.

SSN/ID#/FIN

(Required) Select the type of ID number used from the drop-down menu, and enter the actual number in the field to the right.

Note Personnel records are unique based on the ID number of the record. If a record is imported with the same ID number, then the current record is updated with the new data.

Comments

(Optional) Any additional comments or notes about the personnel record.

Site

(Optional) The site associated with the personnel record.

Import...

(Optional) Click Import... to add an image to the record (select a JPEG image from a local drive and click OK).


Step 4 (Optional) Add an image to the personnel record:

a. Click the Capture... button to open an image capture device interface.

If a picture has already been taken, click the Import... button and browse to the desired JPEG image for the person's picture and click the OK button and skip to step 8.

If the Capture... button is grayed out, enable the capture device in the properties section (see Enabling Image Capture Devices).

b. Use the built in tools to pan, tilt and zoom to the appropriate location. Once satisfied with the camera settings click the Capture button to take a picture. After clicking the Capture button a preview of the picture will be displayed.

c. Click the Save button to save the picture or the Capture button to take another picture. Once the Save button is selected the Capture Image wizard will open. Using the mouse move the highlighted box to the appropriate location. The area within the highlighted box will be saved within the personnel record.

d. Click Next to preview the finalized image. Click the Finish button to close the wizard and preview the image within the new personnel record.

Step 5 (Optional) Add a signature to the personnel record. See Enabling Signature Capture Devices for more information.

Step 6 Enter the Occupational Information for the personnel record, as shown in Figure 9-3. See Table 9-2 for field descriptions.

Figure 9-3 Occupational Information

Table 9-2 Personnel Module: Occupational Information Fields 

Field
Description

Title in organization

The person's title within the organization. For example, Director of Engineering.

Employee number

The employee number, if applicable. Generally, but not required to be, unique.

Personnel Type

The type of employee. Options include the following:

Contractor

Employee - Full Time

Employee - Part Time

Other

Visitor

Status

The status of the employee. Options include the following:

Active

Inactive

On Leave

Retired

Terminated

Organization

The organization name to which the person belongs. Select a pre-defined value from the drop-down menu, or type a name in the field. To edit the pre-defined options, see Editing Organization and Department Lists.

Department

The department name within the organization to which the person belongs. Select a pre-defined department name from the drop-down menu, or enter a name in the field. To edit the pre-defined options, see Editing Organization and Department Lists.

Date of hire

The date the employee was hired.


Step 7 Enter the Contact Information for the personnel record, as shown in Figure 9-4. See Table 9-3 for field descriptions.

Figure 9-4 Contact Information

Table 9-3 Personnel Module: Contact Information Fields 

Field
Description

Address

The physical and/or mailing address(es) of the person. Each record can contain up to three different addresses:

Work

Home

Other

Phone numbers

The telephone number(s) for the person. Each record can contain up to five different phone numbers:

Work

Home

Mobile

Fax

Other

Email address

The email address(es) for the person. Each record can contain up to three different email addresses:

Primary

Secondary

Other


Step 8 Add a badge to the personnel record.

a. Click the Badges tab

b. Click the Add... button to open the badge template window.

c. Select a template from the menu and click OK.

To configure a badge without using a template, select None.

See Configuring Badge Templates to create or modify the templates.

d. Enter the Card # and PIN (required) in the badge properties window, as shown in Figure 9-5.

e. Modify the other badge fields, if necessary, as described in Badge Properties.

f. Click Save and Close to save the badge settings.

g. (Optional) Activate the changes. Changes to credentials (badges) are downloaded to the Gateways on a regular schedule. To activate the changes before the next scheduled download, do one of the following.

To immediately download the changes to the doors, select Hardware from the Doors menu, right-click on the Access GW Driver, and select Apply Credential Changes. This activates the changes on all doors. The badge is ready for use.

To change the interval that credential changes are automatically downloaded to the doors, select System Configuration from the Admin menu, and then select Cisco Settings. In the field Credential download frequency (mins), enter the number of minutes between downloads. To activate changes to the Cisco Settings, you must restart the Cisco PAM appliance. See Cisco Settings for more information.

Figure 9-5 Personnel Record: Badges General Window

Step 9 Click the Logins tab to edit the logins and profiles assigned to the person. Multiple login usernames can be associated with a personnel record.

a. From the main window for the Personnel record, click the Logins tab.

b. Click the Add... or Edit... button to open the Logins window, as shown in Figure 9-6.

Figure 9-6 Personnel Record: Logins Window

c. Complete the General settings. For field descriptions, see Creating User Login Accounts and Assigning Profiles.

d. Complete the Profiles fields to define the access privileges for the login. For field descriptions, see Creating User Login Accounts and Assigning Profiles.

e. Click Save and Close.

Step 10 Click the Custom tab to edit the custom-defined fields for the personnel record. This window includes text and date fields to hold information specific to an organization (see Figure 9-7).

Figure 9-7 Personnel Record: Custom Window

Step 11 Click Save and Close in the Personnel Record window to make the changes permanent.


Downloading Credential Changes to the Gateway Modules

By default, any changes to user credentials are automatically downloaded (applied) to the Gateway modules every 60 minutes. If credential changes need to be downloaded sooner, use the Apply Credential Changes command on the Gateway driver. This command is useful if you want the changes to be immediately applied. For example, to immediately grant or deny user access to a door.

Procedure


Step 1 Select Hardware from the Doors menu.

Step 2 View the Credential Download Status.

a. Select the Access GW Driver.

b. Click the Credential Download Status tab in the Extended Status field, as shown in Figure 9-7.

c. Click the box next to the Gateway name to show or hide additional information, including the following:

Gateway Name: the name of the Gateway module.

Status: the status of the download. For example: In Progress or Success.

Time Stamp: The time of the status change. For example, the time the download changed to In Progress or Success.

Figure 9-8 Personnel Record: Custom Window

Step 3 (Optional) To immediately download any outstanding credential changes for all Gateways, right-click the Access GW Driver, and select the Apply Credential Changes command, as shown in Figure 9-7.

Otherwise, credential changes are automatically applied to all Gateways every 60 minutes.


Tip To reapply the complete credential configuration for a specific Gateway, right-click the Gateway icon and select the Download All Credentials command. This command ensure the data is correct and should be used only if a problem exists



Viewing Audit Records and Events for Personnel Records

This section describes how to view a list of audit records and events for personnel records.

Audit records are generated when a record is added, deleted, or modified, and display information about the change. Events are records of actions, such as attempts to gain access to an access point.

This section includes the following information:

Viewing Audit Records

Viewing Recent Events

Viewing Audit Records


Step 1 Select Personnel from the User menu.

Step 2 Double-click an entry (or select the entry and click Edit).

Step 3 Select Audit Records, as shown in Figure 9-9.

Step 4 Double-click an entry to view details for the item. Table 9-4 describes the audit record fields.

Figure 9-9 Personnel Audit Records Window

.

Table 9-4 Personnel Module: Audit Records Fields 

Field
Description

Time

The time and date when the modification occurred.

Time Received

The time and date when the modification was saved.

Site

The site where the modification occurred. A site is a single instance of a Cisco PAM database.

Type

The type of change.

Log code

An abbreviated code uniquely identifying the type of change.

Priority

A priority used for sorting events and alarms. Positive priorities are above normal priority, while negative priorities are below normal priority. Zero is normal.

Description

A description of the change.

Device

The workstation name where the modification occurred. Click View to display details for the device where the change was made, including the IP address of the workstation device.

Credential

The username used when the modification occurred. Click View to display and revise details for the username.

Personnel record

The name of the operator associated with the modification (if the login was associated with a personnel record at the time).

Data

Additional information about the modification.

View Current...

Opens a new window displaying the current settings.

View Before...

Opens a new window displaying the settings before the change was made.

View After...

Opens a new window displaying the settings after the change was made.


Viewing Recent Events


Step 1 Select Personnel from the User menu.

Step 2 Double-click an entry (or select the entry and click Edit).

Step 3 Select Recent Events.

Step 4 Double-click an entry to view details for the item. Table 9-5 describes the fields. Use the View, Report and Filter buttons for increased functionality.

Table 9-5 Personnel Module: Recent Events Fields 

Field
Description

Time

The time and date when the event occurred.

Description

A description of the event.

Device

The device associated with the event.

Address

The address of the device.

Personnel Record

The personnel record associated with the event.

Data

This field displays detailed information about the event, the exact value and meaning of which depends on the type of event. This field is generally for advanced or troubleshooting use. If the event is associated with an attempt to gain access to an access point using a badge that is not in the database, this field contains the card number.

Credential

If the event has an associated credential (such as a badge or login), the identifying information of the credential (such as a card or username) is displayed in this field.

Site

The site where the event occurred.


Editing Organization and Department Lists

Personnel records include an organization and department for the user (see the Occupational section of Personnel configuration, as described in Configuring Personnel, Step 6).

To define the organization and department selections, do the following:


Step 1 Select Organization from the Users menu, as shown in Figure 9-10.

Figure 9-10 Organizations: Main Window

Step 2 Select one of the following options:

To add a personnel record, choose Add....

To modify an existing record, select the entry and click Edit. You can also double-click the entry.

To delete an entry, select the item and click Delete.

Step 3 If adding or editing an item, the General window appears, as shown in Figure 9-11.

Figure 9-11 Organizations: General Settings

Step 4 Enter the name of the organization an optional comments to describe the entry.

Step 5 Click the Department tab to edit the list of departments for the organization (Figure 9-12).

Step 6 Click Add to create a new department entry. To edit an entry, select the item and click Edit, or double-click the entry. To delete an item, select the item and click Delete.

Figure 9-12 Organizations: Departments Window

Step 7 Click Save and Close to return to the main window.

Step 8 Click Save and Close again to save the organization and department changes and close the main window.


Importing Personnel Records Using a Comma Separated Value (CSV) File

Large amounts of personnel records can be added to Cisco Physical Access Manager using a comma separated value (CSV) file. A CSV file can be extracted from all common database vendors. This is the recommended method for the initial transfer of records into Cisco PAM.

Before You Begin

Review the following notes before creating EDI projects:

To avoid system delays, do not import more than 5,000 personnel records at a time. If necessary, create multiple import files of less than 5,000 records each, and then import each file.

Personnel records are unique based on the ID number of the record. If a record is imported with the same ID number, then the current record is overwritten with the new data.

When organization and department values are included in an imported personnel record, those values must already exist in the Cisco PAM configuration. Add the Organization values by manually creating them or through a data import. See Editing Organization and Department Lists for more information.

Once a personnel CSV file is extracted from a database it can be added to Cisco PAM using the following process:


Step 1 Enable the CSV personnel import wizard.

a. Select System Configuration in the Admin menu.

b. Select the Data Entry/Validation - Personnel tab (Figure 9-13).

Figure 9-13 Data Entry/Validation -Personnel

c. Select the check box for Use CVS personnel import wizard.

d. Click Save.

e. Log out and log back in to the Cisco PAM application to activate the changes (select Logout from the Options menu).

Step 2 Select Personnel from the User menu.

Step 3 Select CSV Import Wizard... from the Add... button drop-down menu (Figure 9-14).

Figure 9-14 CSV Import Wizard

Step 4 In the File Selection window, select the file to import into Cisco PAM, as shown in Figure 9-15.

a. Click the Browse... button and locate the CSV file.

b. Select the checkbox for File has a header row if the CVS file includes data for a header row.

c. Select a file for Rejected records output file.

d. Click Next.

Figure 9-15 CSV File Selection

Step 5 In the Column Configuration window (Figure 9-16), the top window contains entries from the CSV file with generic column headings such as Column 1, Column 2, etc. The bottom left-hand window displays the currently select column number in the CSV file and the name of the CSV field.

Figure 9-16 CSV Import Column Selection


Note The header row entry will be blank if the File has header row check box is not checked in the previous step. The bottom right-hand of the window, labeled Import as: contains field names from the Cisco PAM database.


Assign a Cisco PAM field for each CSV field to be imported (Figure 9-16). Personnel records are unique based on the ID number of the record. If a record is imported with the same ID number, then the current record is overwritten with the new data.

a. Select a CSV column in the top window. By default, Column 1 will be selected, as is shown by the diamond symbol to the left of the column name.

a. Select the Import as field in the lower right-hand window. This defines the Cisco PAM field that corresponds with the selected CSV field.

b. Assign all CSV columns to an Import as field.

c. Click Next. The Next button is not enabled until all CSV fields are assigned.


Note Personnel photos in the .jpg format can be imported. The CSV field assigned to the Cisco PAM photo field must contain the name of the photo file. In Windows, if a fully qualified path is not specified in the CSV field (e.g. c:\photos\123456789.jpg) then the location of the photos will be assumed to be on the desktop (e.g. C:\Documents and Settings\Desktop\123456789.jpg).


Step 6 In the Preview window, verify the records and fields before importing, as shown in Figure 9-17.

Figure 9-17 CSV Preview

New Records and Updated Records tabs: Select of deselect the checkbox to include or exclude the personnel record from the import.

Click View to display a preview of the imported personnel record that will be created.

Click Back to revise the settings if necessary.

Invalid Records tab: displays personnel records that cannot be imported, including the reason for the failure.

Click Export to save the invalid records to a CSV file so they can be modified and re-imported.

The export file is defined in the File Selection screen (see Step 4). Click Back to revise the settings if necessary.

Step 7 Click Finish to complete the import and add the personnel records to the system.


Using a SnapShell License Scanner to Create Personnel Records

Complete the following instructions to configure and use a SnapShell scanner to scan and import personnel information from a standard driver's license.

Install and Configure the SnapShell Scanner

Scan a License to Create a New Personnel Record


Note SnapShell scanner is supported only on a PC running Windows XP.


Install and Configure the SnapShell Scanner


Note Do not connect the scanner USB cable to the PC until the scanner installation and configuration is complete.


To install and configure the SnapShell scanner software and drivers on a client PC, do the following:

Procedure


Step 1 Download and install the SnapShell drivers.

a. Log on to the Cisco PAM Server Administration utility.

b. Select Downloads, and then click SnapShell Driver.

c. Save the SnapShell-Driver.exe file to a local drive.

d. Double-click the file on your local drive to run the installer.

e. Follow the on-screen instructions to complete the installation.

Click Run, Continue, OK, or Next when prompted to accept the default settings and options.

f. Restart the client PC.

Step 2 Download and install the SnapShell SDK software.

a. Log on to the Cisco PAM Server Administration utility.

b. Select Downloads, and then click Snap Shell SDK.

c. Save the SnapShell-SDK.exe file to a local drive.

d. Double-click the file on your local drive to run the installer.

e. Follow the on-screen instructions until you reach the Destination Location window (Figure 9-18).

Click Run, Continue, OK, or Next when prompted to accept the default settings and options.

a. In the Destination Location window (Figure 9-18), record the directory where the software is installed.

For example: C:\Program Files\Card Scanning Solutions\SDK


Note The installation directory path is used to update the Windows environmental variables to recognize the new scanner, as described in the following steps.


Figure 9-18 SnapShell Scanner Destination Location


Note If you choose a different destination folder, record the new directory path.


b. Select Next or Install to accept the remaining default install options and begin the installation process.

c. Click Continue, Allow or OK for any Windows security warnings.

d. Wait for the installation process to complete.

e. Click Finish.

Step 3 Add the scanner destination folder to the Windows environmental variables.

This allows Windows to recognize the scanner. You must have the directory path, as shown in Figure 9-18.

a. Right click My Computer.

b. Select Properties.

c. Select Advanced.

d. Click the Environmental Variables button (Figure 9-19).

Figure 9-19 Windows Environmental Variables

e. Select Path from the System Variables list (Figure 9-19).

f. Click Edit (Figure 9-19).

The Edit System Variables window appears (Figure 9-20).

Figure 9-20 Edit System Variables

g. Use the right arrow button on your keyboard to move the cursor to the end of the existing text that appears in the Variable Value field.

h. Enter a semi-colon (;).

i. Paste or type the full directory path after the semi-colon (;).

For example:

;C:\Program Files\Card Scanning Solutions\SDK


Note Include the full directory path, including \SDK.


j. Click OK repeatedly to close the Windows Properties windows.

Step 4 Connect the scanner USB cable to a PC USB port.

Step 5 Enable the scanner in the Cisco PAM System Configuration.

a. Launch the Cisco PAM desktop client.

See the "Logging in to Cisco PAM" section.

b. Select Preferences from the Options menu.

c. Select Personnel Info Scanner (Figure 9-21).

Figure 9-21 Preferences for the Personnel Info Scanner

d. Select SnapShell Drivers License Reader from the drop-down menu.

e. Select Is present.

This indicates that the scanner is connected to the client PC.

f. Select an option for Store License in.

Select ID# to record the license number in the personnel record ID field.

Select Do not store if the license number should not be recorded.


Note If the license number is not recorded, you must manually enter a value in the new personnel record ID# field. This field is required.


g. Click OK to save the changes and close the window.

h. Log out and log back in to the Cisco PAM application to activate the changes (select Logout from the Options menu).


Scan a License to Create a New Personnel Record

Complete the following procedure to create a new personnel record by scanning drivers license.

Procedure


Step 1 Install and configure the personnel scanner, as described in the "Install and Configure the SnapShell Scanner" section.

Step 2 Log on to the Cisco PAM desktop client.

See the "Logging in to Cisco PAM" section.

Step 3 Select Personnel from the Users menu.

Step 4 Insert the license into the scanner with the information you want to scan flat against the scanner surface.

See the scanner documentation for more information.

Step 5 Select Add and then Scan Wizard (Figure 9-22).

Figure 9-22 Scan Wizard in the Personnel Module


Note The Scan Wizard menu option only appears if the scanner was enabled. See the "Install and Configure the SnapShell Scanner" section.


Step 6 Select Start Scan (Figure 9-23).

Figure 9-23 Scan Wizard

Step 7 Wait for the scan to complete.

Step 8 Verify that the personnel record was created and the information from the scanned license is correct.

Step 9 If the scanner Preferences are set to not store the license ID, enter a value in the ID# field (required).

Step 10 Continue to the "Configuring Personnel" section to complete the personnel record configuration.


Configuring Badges

Badges are assigned to personnel records. Use badge templates to define common settings for badge types. In the personnel record, select the badge template to quickly populate the badge fields, and then make additional changes, if necessary.

This section includes the following information.

Configuring Badge Templates

Badge Properties

Badge Authentication

Printing Badges


Tip Use the Personnel module to assign badges. Use the Badges module to view a summary of all the badges in the system. or to assign unassigned badges. Use the optional Badge Designer to create custom designs for your badges.


Configuring Badge Templates

 
To do this

Step 1 

Select Badge Templates from the User menu.

Step 2 

Click Add, or select an existing template and click Edit.

Step 3 

a. Enter the template name.

b. Click Edit Template.

Step 4 

a. Enter the badge properties. See Badge Properties for field descriptions.

b. Click OK.

Note When a location restricted user reuses a badge template that has an unprivileged access policy associated to it, then the policy is not listed.

Step 5 

Click Save and Close. The template is listed in the main window.

Badge Properties

This section describes the badge menus and settings. These settings are available in the Personnel, Badge Template, and Badges windows.

Use the Personnel module to create and assign badges.

Use Badge Templates to create pre-configured templates of common settings.

Use the Badges module to view a summary of all the badges in the system. or to assign unassigned badges.

This section includes the following information:

Badges Module: General

Badges Module: Cisco Access Policy

Badges Module: Advanced Gateway

Badges Module: Audit Records

Badges Module: Recent Events


Badges Module: General

The General tab includes basic information about the badge.

Table 9-6 Badges Module: General Fields 

Field
Description

Card #

(Required) Also known as a badge. A type of credential encoded with a card number, generally on a magnetic stripe or internally like a proximity card, and used to enter access points.

Tip If unsure what the card # is on the card, use the card in the access-control system reader. Open the Events module and view the event with the description Access denied: Card not in database. The Data field of the event displays the card number read from the card. See Viewing Audit Records and Events for Personnel Records.

PIN

(Required) Personal Identification Number. A badge has a PIN associated with it, which, depending on the configuration of an access point, is entered into the keypad on the access point's reader.

Hot stamp

(Optional) The number physically printed or embossed on a badge. This number is generally independent of the Card Number. Not all badges have a hot stamp number.

Facility code

(Optional) A segment of bits encoded on a card that represent a number for a facility. Often all cards issued for a single facility have the same facility code.

Exempt from Anti-passback

(Optional) If the access point is configured for anti-passback, the badge is exempt from anti-passback enforcement.

Grant One Free APB Pass

(Optional) The badge holder will be anti-passback exempt during the next reader use only.

Badge Type

The type of badge. The options are:

Standard

Temporary

Visitor

Assigned to

(Optional) The personnel record the badge is assigned to.

Validity

(Optional) The current status of the badge. Only the Active option provides access for the badge. The options include:

Active: Must be set to this value for access to be granted.

Inactive: Access is denied for all access points in system.

Lost: Access is denied for all access points in system.

Stolen: Access is denied for all access points in system.

Destroyed: Access is denied for all access points in system.

Effective

(Optional) The beginning date the badge can be used in the system. If blank, badge access begins immediately.

Note If a date is entered, the badge can be used at 12.00 AM on the specified day.

Expires

(Optional) The date the badge expires. If blank, the badge never expires.

Note If a date is entered, the badge expires at 12.00 AM on the specified day.

Site

(Optional) A site is a single instance of a Cisco PAM database.

Comments

(Optional) Any additional comments or notes about the badge.


Badges Module: Cisco Access Policy

Select the door access policies for the user badge. See Configuring Access Policies.

Figure 9-24 Badges: Cisco Access Policy Selection


Note In Cisco PAM 1.4.1, when a user assigns access policies to a badge, the access policies up to the root of the location hierarchy of the logged in user as well as the policies in the location of the user is available for selection. This feature is applicable only if the profile enhancement feature is set in the configuration settings. see (Data Entry/Validation - Login)


Badges Module: Advanced Gateway

Table 9-7 describes the advanced settings for the Cisco Physical Access Gateway.

Table 9-7 Badges Module: Advanced Gateway Fields 

Field
Description

Credential template ID

The Credential Template for the badge. This allows the badge to be recognized by the Cisco Physical Access Gateway as a valid badge.

See Configuring Credential Templates for more information.

Temporary deactivation date

(Optional) The start date to temporarily deactivate a badge. Click on the entry field to open a pop-up calendar, and then double-click to select a date.

For example, to deactivate a badge for a one-week vacation beginning January 1, select the date from the pop-up calendar, and then enter 7 in the following duration field.

If a date is entered, the badge deactivation begins at 12.00 AM on the specified day.

Temporary deactivation duration

(Optional) The duration of the temporary deactivation, in days. For example, to deactivate a badge for a 7 day vacation, enter 7.

Use limit

(Optional) The maximum number of times a badge can be used. When the limit is reached, the badge is deactivated.

Role

(Optional) The role of the person who carries the badge: Employee, Contractor, Vendor, Temporary,Employee_full_time,Employee_part_time,Intern,Visitor or Other.

Executive credential

If checked, specifies that the badge belongs to an executive.

PIN exempt

If checked, the badge holder is not required to enter the PIN for a reader in Card and PIN mode.

ADA access enable

If checked, the badge will use the ADA door strike time, allowing the badge holder more time to pass.


Badges Module: HSPD-12 Badge Extension

Table 9-7 describes the HSPD-12 Smart Card badge extension settings.


Note The HSPD-12 badge extension is experimental and may be changed or removed in future Cisco PAM releases. For this reason, the extension should not be used in a production setting.


Table 9-8 Badges Module: HSPD-12 HSPD-12 Badge Extension Fields 

Field
Description

Agency Code

Identify the government agency issuing the credential.

Site Code

Identifies the site code associated with the credential.

Credential Number

The number encoded by the issuing agency.Only one credential number can be active in a system.

Expiration Date

The date the credential expires and is deemed invalid.

Card Type

The specified Smart Card credential type. The currently supported type is PIV.

FASC -N

The Federal Agency Smart Credential Number. This data is in the BCD (binary encoded data) format and is comprised of fields such as Agency Code, System Code, Credential Number, Credential Series, Individual Credential Issue code, and other fields.

Credential series

Credential series code used to reflect major system changes.

System code

Identifies the system that issued the card.

ICI

Individual Credential Issue code. Initially it is set to 1 and incrementally increased by 1 if the card is replaced, damaged, or lost. For example, the ICI for a replacement card would be 2.

CRL initial date

Date when the CRL (Certificate Revocation List) was first updated.

CRL latest date

Date when the CRL (Certificate Revocation List) was last updated.

Transport PIN

The PIN code associated with the credential.

CUID

The Card Holder Unique Identifier.

Full name

The full name of the card holder.

SHA -1 hash

The SHA-1 Hash Code of the FASC-N.


Badges Module: Audit Records

When an operator adds, deletes, or modifies a record, an audit record is generated. The following information is included in each audit record:

Table 9-9 Badges Module: Audit Records Fields 

Field
Description

Time

The time and date when the modification occurred.

Time Received

The time and date when the modification was saved in the application.

Site

The site where the modification occurred.

Type

The type of change made.

Log code

An abbreviated code uniquely identifying the type of change.

Priority

A priority used for sorting events and alarms. Positive priorities are above normal priority, while negative priorities are below normal priority. Zero is normal.

Description

A description of the modification: what type of record was modified, and whether it was inserted, updated, or deleted.

Device

The name of the workstation device where the modification occurred.

Address

The address of the workstation device where the modification occurred.

Credential

The login that the operator was logged in with when the modification occurred.

Personnel record

The name of the operator associated with the modification, if the login was associated with a personnel record at the time.

Data

Additional information about the modification.

View Current...

Opens a new window displaying the current settings.

View Before...

Opens a new window displaying the settings before the change was made.

View After...

Opens a new window displaying the settings after the change was made.


Badges Module: Recent Events

Lists the recent events of the selected badges. Use the View, Report and Filter buttons for increased functionality. The following fields are listed in the recent events list:

Table 9-10 Badges Module: Recent Events Fields 

Field
Description

Time

The time and date when the event occurred.

Description

A description of the event.

Device

The device associated with the event.

Address

The address of the device.

Personnel Record

The personnel record associated with the event.

Data

This field displays detailed information about the event, the exact value and meaning of which depends on the type of event. This field is generally for advanced or troubleshooting use. If the event is associated with an attempt to gain access to an access point using a badge that is not in the database, then this field contains the card number.

Credential

If the event has an associated credential (such as a badge or login), the identifying information of the credential (such as a card or username) is displayed in this field.

Site

The site where the event occurred.


Badge Authentication

The Authenticate Credential door command is used to check if a specified badge ID will be authenticated at a future time.

Procedure


Step 1 Go to Doors -> Hardware.

Step 2 Right-click the door and select Authenticate Credential.

Step 3 Enter the badge ID and timestamp.

Figure 9-25

Authenticate Credential

Step 4 Select the Gateway option to perform badge authentication at the Gateway. A Grant Access or Deny Access message is displayed. or

Select the CPAM option to perform badge authentication at the Cisco PAM server. A Grant Access or Deny Access message is displayed.

Usage Notes

The Authenticate Credential command supports only a future date & time.

Doors without an associated anti-passback (APB) policy can verify badge authentication at both the Cisco PAM server and the Gateway (one at a time).

Doors configured with an APB policy can only verify badge authentication at the Cisco PAM server.

The Authenticate Credential command can be issued on APB doors only for APB exempt badges. If the APB rule is enforced for a badge, the command response is always "Access denied".

This command is not available for the doors configured under Two Door Policy.

Limitations

The Authenticate Credential door command does not support facility code based authentication (if the door is configured based on facility code authentication).

The command does not authenticate the badge based on a Badge ID and Pin Number combination.

The command does not support Pin Exempt and ADA features.

The command does not support any properties associated with the door (such as door schedules, door admin down, door admin up), its associated devices & its properties (such as Reader configurations) and door commands (except Deactivate Access Levels and Activate Access Levels commands).

The Authenticate Credential door command does not validate based on APB entry/exit in the limitation field.

Using the Badge Designer

Use the Badge Designer to create and modify badge designs, as described in the following instructions.


Step 1 Select Badge Designer from the Admin menu. The main window of the Badge Designer module displays all badge templates loaded into the system.


Note This feature requires an optional Cisco license. The Badge Designer menu appears only after the license is installed on the Cisco PAM server. See Obtaining and Installing Optional Feature Licenses for more information.


Figure 9-26 Badge Designer Main Window

Step 2 Do one of the following:

View or modify an existing template:

Click an existing template name to view details of the template. Click the Front and Back tabs in the design window to view both sides of the badge template. Select the checkbox Preview Sample Data to preview the badge template with sample data, if included in the template design.

Click Properties... to edit the name and size of the badge template. Skip to Step 4 for instructions.

Click Design... to edit the graphic design of the badge template. Skip to Step 6 for instructions.

Click Duplicate... to create a duplicate of the badge template.

Click Delete... to delete the badge template.

Click Print... to print a test badge template.

Click Add...: to add a new badge template, as described in the following steps.

Step 3 To create a new template, click Add... to open the SVG Badge Format window, as shown in Figure 9-27.

Figure 9-27 New Badge Format

Step 4 Enter the template properties:

a. Name: Enter a descriptive name.

b. Format: Select if the badge is single sided or double sided.

c. Orientation: portrait or landscape.

d. Card Size: Select a standard size, or enter custom dimensions. Standard size options include:

CR-80 Flush Cut 54 x 85.7mm

CR-80 Lip Seal 48 x 80mm

Badge 67 x 98mm

Badge 79 x 99mm

IBM 59 x 82.5mm


Tip To modify an existing template, select the template name from the main window and click Design button. To edit the properties for an existing template, click the Properties button.


Step 5 Click OK. The Badge Format Editor opens in the format, orientation, and size configured in Step 4. For two-sided badges, there is a separate window for the front and back of the templates, as shown in Figure 9-28.

Figure 9-28 Badge Format Editor

Step 6 Use the Tool Bar icons at the top of the window to design the template. The icons include the following tools (from left to right):


Tip Hold the mouse cursor over an icon to view the icon title.


Color: Click the icon to select a color and then drag and drop the color on a shape to apply that color.

Mouse Pointer Tool: Select and move objects on the badge template.

Rectangle Tool: Draw rectangle objects.

Circle Tool: Draw a circle.

Ellipse Tool: Draw an ellipse.

Line Tool: Draw a line.

Polygon Tool: Draw a polygon.

Polyline Tool: Draw an a polygon with operator defined line lengths.

Text: Add text to the template.

Image: Add an image to the template.

Quadratic Bezier Curve: Create a line between 3 points.

Cubic Bezier Curve: Create a line between 4 points.

Color Picker Tool: Select a color from the palette.

Image Link: Create an image link to the Cisco PAM database. Options include: personnel photos or signatures.

Text Link: Create a text link to the Cisco PAM database. Options include: Personnel and Badge Manager fields.

Properties: Properties available for the selected object.

Resources: Resources of the selected object.

Step 7 Draw a rectangle, as shown in Figure 9-29.

Figure 9-29 Badge Format Editor: Rectangle Tool

a. Click the rectangle button in the tool bar and drag a rectangle on the badge template.

b. To edit the colors of the rectangle, click the Color button on the left side of the Tool Bar.

Step 8 Select a stroke color for the badge. The stroke is the outline of the rectangle.

c. Select the rectangle on the badge template to display blue arrows at each corner.

d. In the Properties section select the Stroke tab.

e. With the Color radio button selected use the Color picker and choose a desired stroke color.

f. Select an appropriate width value. The Width field increases the size of the stroke.

g. Press Enter or click outside of the field to apply the setting.

Step 9 Select a fill color for the badge. The fill is the color of the rectangle.

a. Click the Normal button (displayed as an arrow) in the Tool Bar.

b. Select the rectangle on the badge template. The rectangle is displayed with blue arrows at each corner.

c. In the Properties section select the Fill tab.

d. With the Color radio button selected use the Color picker and choose a desired fill color.

e. Press Enter or click outside of the field to apply the setting.

Step 10 Add a logo to the badge template:

a. Click the Image button.

b. On the template, click and drag a rectangle at a desired location for the logo to open the image browser.

c. Select a valid file type (.jpg,.png, and.svg) on a local drive and click Open. The logo appears in the box, as shown in Figure 9-30.

d. Click and drag the logo to a desired location.

Figure 9-30 Badge Format Editor: Logo

Step 11 To add a dynamic text field to the badge template:

a. Click the Text Link button in the Tool Bar.

b. In the Properties section select the Database Text Link tab, as shown in Figure 9-31.

c. In the field drop-down select the correct text link. This text link extracts the field from the database. For example the Title text link field extracts the personnel title from the database.

d. (Optional) In the Properties section select the other attributes of the text, such as size and font.

e. Click and drag the text to a desired location.

Figure 9-31 Badge Format Editor: Database Text Link

Step 12 To add a dynamic image to the badge template:

a. Click the Image Link button in the Tool Bar.

b. Click and drag a rectangle on the badge temptingly where the image will appear.

c. In the Properties section select the Database Image Link tab.

d. In the field drop-down select Photo, as shown in Figure 9-32. This object extracts the photo from the personnel database.

e. Click and drag the box to a desired location.


Tip Select Optimize Images from the File menu to resize all photos to the area they occupy on the badge. If the photos do not optimize with sufficient resolution, you may need to manually resize photos in an external photo editor to achieve the best possible print quality. See Printing High Resolution Images for more information.


Figure 9-32 Badge Format Editor: Database Image Link

Step 13 Click the File button and select Save All to save changes.

Step 14 Click the File button and select Exit to close the Badge Format Editor. The new template appears in the Badge Designer, as shown in Figure 9-32.

Figure 9-33 Badge Designer With New Template


Printing Badges

To print badges, you must first assign a format to the badge (badge formats are the are the designs created using the badge designer, as described in Badge Authentication).

After a design is assigned to the badge, you can print badges individually, or in groups.


NoteTo print badges, you must first purchase and install the Badge Designer license. See Obtaining and Installing Optional Feature Licenses for instructions.

To print multiple badges at once, you must also enable the batch printing feature. See Printing Multiple Badges for instructions.


This section includes the following information:

List of Recommended Badge Printers

Printing Individual Badges

Printing Multiple Badges

Printing High Resolution Images

Changing the Default Badge Printer

System Configuration Settings for Badge Printing

List of Recommended Badge Printers

The following recommended printers have either been used with Cisco PAM or have been tested and verified as capable printers. To use these printers with Cisco PAM, you must correctly install the printer drivers prior to printing.


Note Cisco PAM sends a simple command to the printer that allows the system to communicate with most printer manufacturers. Before purchasing a printer, verify the printer drivers work with the operating system for your client computer, and with Cisco PAM.


The recommended printers are:

FARGO Printers(www.fargo.com)

HDP600 Card Printer

HDP600 CR100 Card Printer

DTC550 Card Printer

DTC400e Card Printer

DTC400 Card Printer

Persona® C30e Card Printer

Persona® C30 Card Printer

Magic Card Printers(www.ultramagicard.com)

Enduro Card Printer

Rio2e Card Printer

Tango 2e Card Printer

Tango +L Card Printer

Prima 3 Card Printer

Alto Card Printer

Avalon Card Printer

Tempo Card Printer

Opera Card Printer

Evolis Printers(www.evolis.com)

Dualys 3

Pebble 4

Securion

Printing Individual Badges

To print a single badge, do the following:


Step 1 Purchase and install the Badge Designer license to enable badge printing. See Obtaining and Installing Optional Feature Licenses for instructions.

Step 2 (Optional) Create the badge formats (designs), as described in Using the Badge Designer. You can also use one of the designs included with Cisco PAM.

Step 3 To define a badge format for a single badge, do the following:

a. Select Badges from the User menu.

b. Right-click a badge and select Edit from the drop-down menu.

c. Click the Badge Printing tab and select a Format, as shown in Figure 9-34.

Note The Badge Printing tab appears only after the optional Badge Designer license is installed.

d. Click Print.


Tip If a format is already assigned for the badge, you can print from the main window. Click to highlight the badge, and then select Print Selected Items from the Print menu. If a format is not defined, however, the print job will fail. To view the status of print jobs, select Batch Badge Printing from the User menu.


Figure 9-34 Printing a Single Badge

Step 4 Configure a default printer, as shown in Figure 9-34.

These steps only occur if a default printer is not configured.

a. Click Yes to configure the default printer. This defines the printer used to print Cisco PAM badges.

b. In the Select print configuration window, select Create new configuration.

c. In the Print window, select a printer, and click OK.

d. In the Page Setup window, adjust the settings if necessary, and click OK.

e. Enter a name for the printer configuration and click OK. For example: USB Printer.

f. Wait for the badge to print on the selected printer. To view the status in the print job, select Batch Badge Printing from the Admin menu.


Printing Multiple Badges

To print multiple badges in batch mode, do the following:


Step 1 Purchase and install the Badge Designer license to enable badge printing. See Obtaining and Installing Optional Feature Licenses for instructions.

Step 2 (Optional) Create the badge formats (designs), as described in Using the Badge Designer. You can also use one of the designs included with Cisco PAM.

Step 3 Enable batch badge printing.

a. Select System Configuration from the Admin menu.

b. Select Data Entry/Validation - Badge, as shown in Figure 9-35.

c. Uncheck the Disable batch badge printing box.

d. Log out and log back in to the Cisco PAM application to activate the changes (select Logout from the Options menu).

Figure 9-35 Enabling Batch Badge Printing

Step 4 Define the format for the badges to be printed.


Tip If a format is already assigned for all of the selected badges, skip to Step 5. Check the Format column to view the assigned format, if any (Figure 9-36).


a. Select Badges from the User menu.

b. (Optional) Shift-click or control-click to select multiple badges.

c. Click the Group Edit menu and select Group Edit All Items or Group Edit Selected Items from the drop-down menu (Figure 9-36).

Figure 9-36 Group Edit Badges

d. Click the Badge Printing tab and check the Format check box, as shown in Figure 9-37.

e. Select a format and click OK.

Figure 9-37 Badge Printing Format for Multiple Badges

Note Badge Printing appears only if the optional Badge Designer license is installed.

Step 5 Print the badges.


Note If a format is not assigned for any of the selected badges, as described in Step 4, the print job will fail. To view the status of print jobs, select Batch Badge Printing from the User menu.


a. Select Badges from the User menu, if necessary.

b. Shift-click or control-click to select multiple badges.

c. Click the Print menu and select Print All Items or Print Selected Items from the drop-down menu (Figure 9-38).

Figure 9-38 Printing Multiple Badges

Step 6 (Optional) Configure a default printer, as shown in Figure 9-34. These steps only occur the first time you print a badge.

a. Click Yes to configure the default printer. This defines the printer used to print Cisco PAM badges.

b. In the Select print configuration window, select Create new configuration.

c. In the Print window, select a printer, and click OK.

d. In the Page Setup window, adjust the settings if necessary, and click OK.

e. Enter a name for the printer configuration and click OK. For example: USB Printer.


Tip To change the default printer, see Changing the Default Badge Printer.


Step 7 Select a Batch Printing Option, as shown in Figure 9-39.

Figure 9-39 Batch Printing Options

Select Print Now to print the badges immediately.

Select Print Later and enter a Date and Time to automatically print the badges later.

Click OK to print the badges.

Step 8 To view the status of the print job, do the following:

a. Select Batch Badge Printing from the Admin menu, as shown in Figure 9-40.

Figure 9-40 Batch Badge Printing Status

b. Highlight the print job, and click Edit.

c. Select Batch Items in the Badge Print Batch window to view the items included in the print job.


Tip If the State of the print job is Failed, verify that a Format is assigned to every selected badge, as described in Step 4.



Printing High Resolution Images

The highest possible photo print quality is achieved when the resolution of the photo matches the print resolution of the printer: the target width and height of the photo should be multiplied by the printer resolution.

For example, if you are using a 300 dpi (dots-per-inch) printer, the ideal photo resolution that will occupy a 1" x 1" ares is 300 x 300 pixels, a 2" x 2" area is 600 x 600 pixels, and a 2" x 3" area is 600 x 900 pixels.

Mathematically, the ideal resolution can be calculated as (rX, rY) = (w*DPI, h*DPI) where:

(rX, rY) is the resolution of the photo

rX is the number of pixels in width

rY is the number of pixels in height

w is the target width of the image on the badge

h is the target height of the image on the badge

DPI is the resolution (dots-per-inch) of the printer

The Badge Format Editor includes a function to automatically optimize images.

1. Select Badge Designer from the Admin menu.

2. Click the Design button to open the Badge Format Editor.

3. Select Optimize Images from the File menu to resize all photos in the template to the area they occupy on the badge.


Note If the photos do not optimize with sufficient resolution, you may need to manually resize photos in an external photo editor to achieve the best possible print quality.


Changing the Default Badge Printer

The default printer is configured when you print a badge. Complete the following instructions to remove the default printer and select a new printer.


Step 1 Select Preferences from the Options menu.

Step 2 Click the Badge Printers tab.

Note Badge Printers appears only after the Badge Designer license is installed.

Step 3 In the Configurations section, select the printer that displays Badge: Badge Printing in the Applies to section, as shown in Figure 9-41.

Figure 9-41 Removing the Default Badge Printer

Step 4 Select Badge: Badge Printing and click Remove.

Step 5 Click OK to save the changes and close the window.

Step 6 To set a new default printer, print a badge as described in Printing Individual Badges or Printing Multiple Badges. When printing, you will be prompted to select a new default badge printer.


System Configuration Settings for Badge Printing

Options for badge printing are available in two System Configuration screens:

Data Entry/Validation - Badge

Miscellaneous

This section describes the settings and options available in each window.


Step 1 Select System Configuration from the Admin menu.

Step 2 Select Data Entry/Validation - Badge (Figure 9-42).

Figure 9-42 Badge Printing Options in Data Entry/Validation - Badge

Step 3 Select or deselect one or more of the following options.

Field
Description

Allow printing of unsaved badges

Allows printing new badges before the badge is saved. For highest security, leave this unchecked. When allowed (which may be more convenient), it is possible to print a badge without having any record of the badge.

Disable batch badge printing

Enables or disables the batch printing module. See Printing Multiple Badges.


Step 4 Select the Miscellaneous tab (Figure 9-43).

Figure 9-43 Badge Printing Options in the Miscellaneous Settings

Step 5 Select or deselect one or more of the following options.

Field
Description

Use cross-platform page setup dialog for badge printing

Select this option to use the cross-platform Java page dialog if the badge image is truncated. This occurs when using the default printer dialog on some printers (such as the Zebra printer).

Truncate imageable area values used to initialize cross-platform page dialog

If the image is still truncated using the cross-platform Java page dialog, select this option to apply .01 inch margins.

Use Pageable print interface for badge printing

The Java Printable printing interface is used by default. If printing problems occur (such as with the Evolis printer), select this option to use the Java Pageable printer interface.

Rasterize before printing

It converts the watermark into an image internally and prints it on the badge.

Note Ensure that you do not enable this option unless there is an issue with printing the images on the badges.


Step 6 Click Save to save the changes.

Step 7 Log out and log back in to the Cisco PAM application to activate the changes (select Logout from the Options menu).


Setting Up Image and Signature Options for Personnel Records

To add images and signatures to personnel records, enable the features as described in this section:

Enabling Image Capture Devices

Enabling Signature Capture Devices

Enabling Image Capture Devices

Cisco PAM supports capture devices (badging cameras) that use TWAIN drivers. Before proceeding to the steps below, install all necessary camera drivers including TWAIN drivers. If unsure if the camera uses a TWAIN driver contact the camera manufacturer for assistance.


Step 1 Select Preferences from the Options menu.

Step 2 Select the Image Capture tab on the left of the Preferences window, as shown in Figure 9-44.

Figure 9-44 Preferences: Image Capture

Step 3 Check the Is present checkbox.

Step 4 Select the image capture device type from the Type: drop-down menu. The options are:

Video

TWAIN

Step 5 Click the Select TWAIN source from the list button to open a source window. All selected drivers installed on the machine will be displayed. Select the correct driver and click the OK button.

Step 6 If necessary modify the image width, height and scale of the capture device using the following settings.

Final image width: The pixel width of the image capture.

Final image height: The pixel height of the image capture.

Preview image scale: The size of the image preview.

Crop height scale: It's recommended that the crop height and final image height are equal.

Step 7 Click OK to save the settings.

The Capture button is activated in the Personnel module. See Configuring Personnel for more information. Click the Capture button and verify that the TWAIN driver is selected and opens properly.


Enabling Signature Capture Devices


Step 1 Select System Configuration from the Admin menu.

Step 2 Select the Data Entry/Validation - Personnel tab at the left of the window, as shown in Figure 9-45.

Figure 9-45 System Configuration: Personnel Data Entry Window

Step 3 Check the Use signature capture box. Checking this box enables the signature capture capability in the Personnel module.

Step 4 Click Save to save the changes.

Step 5 Log out and log back in to the Cisco PAM application to activate the changes (select Logout from the Options menu).


Note You must log out and log back in for the Signature Capture menu to appear in the Preferences window.


Step 6 Log in to the Cisco PAM application.

Step 7 Select Preferences from the Options menu.

Step 8 Select the Signature Capture tab on the left of the Preferences window, as shown in Figure 9-46

Figure 9-46 Preferences: Image Capture

Step 9 Check the Is Present checkbox and the Type of signature pad from the drop-down. Select the communications port from the drop-down.

Step 10 Click OK to save the settings. The signature detail in the Personnel module now includes an Import and Capture button. See Configuring Personnel for more information.