About cardholder and identity relationships

2022-08-30Last updated

Depending on the type of systems you want to integrate in Genetec ClearID™, you can choose to manage your cardholder and credentials manually or use ClearID to manage them automatically.

For cardholders that are not created by ClearID, ClearID does not initially know which identity the cardholder belongs to. In this situation, ClearID finds different cardholder fields, identifies relationships, and associates them with the correct corresponding identities in the ClearID system.

ClearID compares the following information before creating a relationship between a cardholder and an identity:
The global unique identifier (GUID)
When our system creates a cardholder, we use the same GUID as the identity to create it.
Tip: You can find the GUID in the identity record URL for a ClearID user.
https://demo.clearid.io/techdoc/organization/identities/139e92cd-44b9-427e-8727-bf7681ef0a8d
Where 139e92cd-44b9-427e-8727-bf7681ef0a8d is the GUID.
Email address
If the business email is the same as the cardholder email.
External ID
This field is an external identifier for creating identities in ClearID using the identity service API. The ClearID plugin creates this field in Security Center as a custom field for cardholders.
Best Practice: In Config Tool, check that all your cardholders have a valid business email address or external ID before adding your systems in ClearID. This check ensures that cardholders are correctly associated with the corresponding identities. For more information, see Setting up ClearID with an existing Synergis system.

Scenario 1: Automatically manage cardholders and credentials

Select the Manage cardholders and credentials check box option when you have a Security Center system and you want ClearID to create and manage your cardholders and credentials.

For example, a customer has a new Security Center system that is deployed without any cardholders or credentials already defined. By installing the ClearID plugin and adding access to identities, the corresponding cardholders and credentials are populated in the Security Center system and are automatically synchronized.

Scenario 2: Manually manage cardholders and credentials

Clear the Manage cardholders and credentials check box option when you want ClearID to use existing cardholders and credentials without managing their state. In this situation, ClearID has access to Security Center cardholders and credentials in read-only mode because you want ClearID to know about your cardholders and credentials, but you never want ClearID to modify them.

For example, a customer has Security Center set up with 1000 cardholders and they use the ClearID plugin to connect the system to ClearID:
  • If the System managed cardholder and credentials check box is not selected when they add their systems, none of the cardholders or credentials information is modified or synchronized. Cardholders and credentials must be created and synchronized using other solutions. For example, Lightweight Directory Access Protocol (LDAP), Global Cardholder Synchronizer role, import plugins, and so on.
  • If the Security Center system is already synchronized with an LDAP, they should synchronize ClearID with the same LDAP source.
Tip: Use LDAP or the Global Cardholder Synchronizer role in Security Center to create and synchronize cardholders and credentials.

For more information about global cardholder synchronization, see Global cardholder management.