Understanding Access Control System Differences

Seam's universal API provides the flexibility to manage a variety of ACSs. Variations among ACSs include the methods that you use to assign access permissions to users. For example, some ACSs grant scheduled access to entrances through configured access groups, while others specify entrance permissions and schedules as properties of credentials. Other variations include the following:

• Whether an ACS is cloud-based or on-premises

• The specific licenses, if any, that each ACS manufacturer requires you to purchase

• The manufacturer-specific ACS properties and metadata that you must configure to create and assign credentials to ACS users

To understand the manufacturer-specific nuances of your ACS, see the relevant system integration guide.

Access Control System Installation Variations

Seam supports connecting to ACSs that are either cloud-based or on-premises.

Cloud-based ACSs are hosted on the internet and are accessible by Seam over a secure connection.

On-premise ACSs can also be connected to the internet but are typically protected by a firewall. To integrate with these systems, Seam requires the Seam Bridge, an application installed on a local computer. Once installed, the Seam Bridge acts as a secure intermediary, handling network requests between Seam and the on-premises network, and enables secure communication through the firewall.

For detailed information about installing the Seam Bridge and connecting an on-premises ACS to Seam, see Seam Bridge.

Access Permission Assignment Variations

This section describes various ways in which ACSs handle assigning access permissions to users.

Access Group-based Access Control Systems

Access group-based ACSs use access groups as an efficient way to assign access permissions to ACS users. Each access group contains a list of entrances and the corresponding access schedule. Seam syncs all the access group and entrance information from the ACS.

To assign access permissions in an access group-based ACS, you add ACS users to the access groups. Then, you create credentials to specify the access mechanisms—such as key cards, PIN codes, or mobile keys—and assign these credentials to the ACS users.

The following process describes the configuration steps for your application to grant access in an access group-based ACS:

1. When the ACS connects to Seam, Seam automatically creates the acs_system. Seam also syncs the entrances and access groups from the connected ACS as acs_entrance and acs_access_group resources. Note that because Seam automatically syncs these entrance and access group resources from the ACS, you cannot create, edit, or delete them using the Seam API.

2. Your application creates an acs_user for each user within this ACS. Each acs_user is configured with a set of attributes, such their name, email address, and phone number, as applicable. If you need to grant a single application user access to multiple ACSs—for example, if an application user needs access to multiple buildings, each of which uses a separate ACS, or if a single building has different ACSs for different floors—you can use Seam user identities to link acs_users in different acs_systems.

3. Your application adds each acs_user to an acs_access_group. Note that the access group defines the entrances and access schedules for all the ACS users in this access group.

4. Your application creates acs_credentials with the following attributes:

   • ID of the acs_user to associate with this credential

   • Access method for the credential, such as code, card, or mobile_key

   Depending on the access method and specific ACS, your application can also configure additional credential properties. For more information about manufacturer-specific variations, see the system integration guide for your ACS.

You can also perform other management actions, as needed, such as adding ACS users to and removing ACS users from access groups, assigning and unassigning existing credentials, suspending and unsuspending ACS users, updating ACS users and credentials, and deleting ACS users and credentials.

Credential-based Access Control Systems

In a credential-based ACS, the acs_credential resource contains the list of entrances to which the credential grants access. The acs_credential also contains the schedule that specifies when this access is valid. You specify each schedule by configuring a starts_at and ends_at date and time.

The following process describes the configuration steps for your application to grant access in a credential-based ACS:

1. When the ACS connects to Seam, Seam automatically creates the acs_system. Seam also syncs the entrances from the connected ACS as acs_entrance resources. Note that because Seam automatically syncs these entrance resources from the ACS, you cannot create, edit, or delete them using the Seam API.

2. Your application creates an acs_user for each user within this ACS. Each acs_user is configured with a set of attributes, such their name, email address, and phone number, as applicable. If you need to grant a single application user access to multiple ACSs—for example, if an application user needs access to multiple buildings, each of which uses a separate ACS—you can use Seam user identities to link acs_users in different acs_systems.

3. Your application creates acs_credentials with the following attributes:

   • ID of the acs_user to associate with this credential

   • Access method for the credential, such as code, card, or mobile_key

   • Set of entrances to which this credential grants access

   • Start and end date and time during which this credential grants access

   Depending on the access method and specific ACS, your application can also configure additional credential properties. For more information about manufacturer-specific variations, see the system integration guide for your ACS.

You can also perform other management actions, as needed, such as assigning and unassigning existing credentials, suspending and unsuspending ACS users, updating ACS users and credentials, and deleting ACS users and credentials.

Next Steps

To learn about the manufacturer-specific variations for ACSs, see the corresponding system integration guides.