Keep Object HID Origo Model

Please Note that these features are still in development. This site uses Feenics Model Nuget Package Version: bin.

The following objects are all apart of the Keep object model but for your convenience have been separated into its own section.

From HID Origo Site:

HID Origo was built to accelerate the trend of helping organizations become more secure, efficient and data-driven through cloud technologies. This cloud-based platform provides seamless and consistent service while improving how access control solutions are delivered. In addition, HID Origo opens opportunities for adoption of new, more flexible service subscription models while reducing costs and increasing operational efficiency.

Key Benefits

  • Reliability: Trust a secure infrastructure backed by the world’s leading cloud vendors, validated by industry certifications and delivered via HID Global’s service level agreements and support

  • Connectivity: Access and manage a trusted ecosystem of cloud-connected access control devices, applications and trusted mobile identities in one place

  • Insights: Utilize data to ensure a seamless user experience, provide operational efficiency and make decisions to guide the business forward

Summary

KeepAPI exposes new endpoints / resources and extensions to the existing data model to facilitate integration with the HID Mobile Access Credentials product, Origo. Currently all access to the is through the API, with future plans to incorporate the Origo integration into the Windows and Web Client user interfaces.

Licensing

Origo Integration is a licensable feature. An example license request would be:

{
  "Environment": "DEV",
  "InstanceKey": "{{ WorkingInstance.Key }}",
  "LicensedBy": {
    "CompanyName": "Feenics Inc",
    "EmailAddress": "ralph.shillington@feenics.com",
    "MailingAddress": {
      "Street": "301 - 2310 St. Laurent Blvd",
      "City": "Ottawa",
      "Province": "ON",
      "Country": "CA",
      "PostalCode": "K1G 5H9"
    },
    "PhoneNumber": "613-520-2455"
  },
  "Licensee": {
    "CompanyName": "Feenics Inc - Development",
    "EmailAddress": "ralph.shillington@feenics.co",
    "MailingAddress": {
      "Street": "302 - 2310 St. Laurent Blvd",
      "City": "Ottawa",
      "Province": "ON",
      "Country": "CA",
      "PostalCode": "K1C 5J9"
    },
    "PhoneNumber": "613-520-2426"
  },
  "PurchaseOrder": "RALPH",
  "RequestingComponents": [
    {
      "PrivateProductCode": "ORIGO",
      "ValueAdded": 1
    }
  ]
}

Permissions

Users that will be configuring the Origo integration must have the OrigoAdmin action attached to the Instance object type. Of course administrators with *,* permissions will automatically have this permission.

Configuration

Configuration can be set or updated by with POST method to the endpoint /api/origo/configuration The currently stored configuration can not be retrieved by the API user since it contains sensitive information. Subsequent POST methods will replace the existing configuration.

Setting the Configuration, will automatically register the instance to receive callback messages.

Response Condition Description
401 NotAuthorized failed to find and operation right for the current user with action of OrigoAdmin on the object type Instance
409 Conflict Missing license for this instance.
400 BadRequest Failed to log into Origo with the supplied credentials
400 BadRequest Failed to register the callback endpoint with Origo
200 Ok Configuration has been saved, and the callback endpoint has been registered with Origo

Example setting configuration

In this example, the default defined instance is configured. The example posts the contents of the file origoconfig.json.

The contents of the configuration information is obtained from HID by the customer’s administrator using the HID Origo portal. It’s important to note that the user may have access to both a pre-production and production HID portal

//origoconfig.json
{
  "CustomerId": "1000582",
  "ClientId": "1000582-SRV1620440120",
  "ClientSecret": "password_goes_here",
  "GrantType": "client_credentials",
  "DefaultPartNumber": "MID-SUB-CRD_FTPN_30176"
}

Example using C#

await client.SetOrigoCustomerConfiguration(root, new OrigoCustomerConfiguration {ClientId = "1000582-SRV1620440120", CustomerId = "1000582", DefaultPartNumber = "MID-SUB-CRD_FTPN_30176", GrantType = "client_credentials", ClientSecret = "password_goes_here"});

Normal Operation

Once properly configured, the normal operation of the integration is largely ‘behind the scenes’. There is only one additional Origo specific endpoint that has been added to the PersonInfo resource: /origo/issue.

To issue a mobile credential a cardholder must already exist in the Keep instance. In the case of a Enterprise instances, the card holder may exist in either the root instance, or the shared instance.

Internally the processing of issuing a mobile credential involves several steps:

  1. Confirm the cardholder exists as an Origo user, and if not, then add the user
  2. Create an invitation code, send invitation email, and create credential (all one call to Origo)
  3. Wait for an ISSUED status callback for the requested credential
  4. Create the CardAssignmentInfo object and attach it to the PersonInfo object in Keep.

The ISSUED status will be sent from Origo to Keep (via the preconfigured endpoint that was provisioned at the time of setting the Origo Configuration). This call only occurs after the mobile device has successfully downloaded the credential. It is the callback handler that creates the CardAssignmentInfo object attaches it to the PersonInfo and raises the appropriate event, such that the Mercury Service pushes the Mobile Credential card number to the appropriate controllers.