Home
Managing identities and users
Learn how to manage identities and users.
Granting additional permissions for identities and roles
Some organizations require more access than the default permissions provided for a Genetec ClearID™ user. You can grant identities and roles additional permissions so that they can view or manage all identities in the system.

About ClearID
Learn about the ClearID self-service physical access management solution.
What's new
Check out what's new in the latest update to ClearID.
Deployment preparation
Check your compatibility and deployment requirements.
ClearID plugin
Learn how to download and install the plugin.
Managing identities and users
Learn how to manage identities and users.
- Creating identities
  From time to time you might need to create an identity manually in Genetec ClearID™. For example, for an identity that is not part of the usual mass import process or synchronization of identities using LDAP, One Identity, or API solutions.
- Identity fields
  Use the following information to help you understand the identity fields that are used in Genetec ClearID™. The following table explains which fields are mandatory, which fields are used by Security Center, and which fields are available for use by provisioning rules.
- Granting additional permissions for identities and roles
  Some organizations require more access than the default permissions provided for a Genetec ClearID™ user. You can grant identities and roles additional permissions so that they can view or manage all identities in the system.
- Granting additional permissions for supervisors
  Some organizations require more access than the default permissions provided for a Genetec ClearID™ supervisor. You can grant supervisors additional permissions so that they can manage their direct reports.
- Viewing additional permissions
  You can use the Permissions page to review who (identities or roles) has extra access to view and manage identities. You can also use the Permissions page to verify if supervisors have extra access to manage their direct reports.
- Viewing identities
  You can view identities to check their access control status, general identity information, or verify if they have any supervisors specified.
- Modifying identities
  After you have added identities, you might need to modify the identity details. You can deactivate or activate an identity, or modify identity details after a change in job title, department, company, supervisors, personal information, and so on.
- Deleting identities
  An administrator can delete identities that have become obsolete or are no longer required. For example, when a person leaves the organization, or when an identity was created in error.
- About webhooks
  A webhook is a user-defined HTTP callback. A webhook can be triggered by an event in a web application and can be used to send data or notifications to a third-party Application Programming Interface (API).
- Creating webhooks
  You can create webhooks in Genetec ClearID™ to integrate with third-party solutions APIs so that you can notify interested parties when specific events occur.
- Viewing webhook logs
  To troubleshoot unreceived webhooks or other associated issues, third-party Application Programming Interface (API) owners can use the webhook logs to verify the status of every HTTP callback request sent to the third-party URL.
- Granting access to the web portal
  Before a user can access the Genetec ClearID™ web portal, you must grant them the required User or Administrator permissions for the website.
- Viewing your profile
  You can use the Profile page to view your profile and check your access or role membership in Genetec ClearID™.
- Viewing your site and area access
  You can use the Profile Access page to review your site and area access. This information can be used to help you identify if you need to request more access in your main site or other sites.
- About access request workflow
  An access request workflow is a series of activities associated with an access request. These activities are performed by the system or authorized people during the life cycle of an access request. The activities can change the access request state and properties, affect other entities in the system, or wait for a condition to become true.
- Requesting access
  To request access for yourself, another identity, or a team member, you can use the Genetec ClearID™ self-service portal. Using a self-service portal with area approvers specified simplifies the approval process, and avoids interrupting a chain of people who might or might not be the correct approvers.
- Adding supervisors manually
  To help manage requests from your direct reports, you can manually add supervisors to the relevant identity profiles so that the supervisor approval workflow can be used.
- Viewing direct reports
  From time to time a supervisor might want to view their direct reports to check on their access control status, general identity information, or to provide a list for a security review or audit purposes.
- Managing direct reports
  Supervisors can manage their direct reports access. This can include general identity information, area access, modifying or removing roles, task delegation, and access control.
- Transferring direct reports
  From time to time a supervisor, account administrator, or an identity might need to transfer direct reports. For example, transferring direct reports to a new hire or for a change in supervisor.
- About direct reports report
  In Genetec ClearID™, a direct reports report is a list of identities of employees that report to a supervisor. The report includes information about direct reports, delegated direct reports, job titles, companies, and access control status.
- Resetting user passwords
  If you are unable to authenticate while logging on to an account managed by Genetec ClearID™, you can reset your password.
- About email notifications
  To inform users about specific events in the Genetec ClearID™ system, email notifications are sent.
- About delegation
  In Genetec ClearID™, delegation is the process of transferring Genetec ClearID™ tasks for site owners, area owners, area approvers, role owners, role managers, supervisors, and visit event approvers to someone else in your organization. For example, during a planned vacation, sabbatical, and so on.
- Delegating tasks to another user
  Site owners, area owners, area approvers, role owners, role managers, supervisors, and visit event approvers can temporarily transfer their Genetec ClearID™ task responsibilities to someone else in their organization by delegating their tasks to another user. For example, during a planned vacation, sabbatical, and so on.
- About user activity report
  In Genetec ClearID™, a user activity report is an audit trail of all activities related to users. The report includes timestamp information, activity type, who activity was performed by, and a details section including reason information.
- Viewing a user activity report
  You can view a user activity report to review an audit trail of all user-related activities.
- User levels
  The following information can be used to help you understand which actions the users or roles in Genetec ClearID™ can perform.
- About identity request workflow
  An identity request workflow is a series of activities associated with an identity request. These activities are performed by the system or authorized people during the life cycle of an identity request. The activities can create an individual identity, or multiple identities (using a CSV import), and add each new identity to a role to inherit relevant role access for a specified period.
- Resetting user passwords
  If you are unable to authenticate while logging on to an account managed by Genetec ClearID™, you can reset your password.
- About email notifications
  To inform users about specific events in the Genetec ClearID™ system, email notifications are sent.
- About delegation
  In Genetec ClearID™, delegation is the process of transferring Genetec ClearID™ tasks for site owners, area owners, area approvers, role owners, role managers, supervisors, and visit event approvers to someone else in your organization. For example, during a planned vacation, sabbatical, and so on.
- Delegating tasks to another user
  Site owners, area owners, area approvers, role owners, role managers, supervisors, and visit event approvers can temporarily transfer their Genetec ClearID™ task responsibilities to someone else in their organization by delegating their tasks to another user. For example, during a planned vacation, sabbatical, and so on.
- About user activity report
  In Genetec ClearID™, a user activity report is an audit trail of all activities related to users. The report includes timestamp information, activity type, who activity was performed by, and a details section including reason information.
- Viewing a user activity report
  You can view a user activity report to review an audit trail of all user-related activities.
- User levels
  The following information can be used to help you understand which actions the users or roles in Genetec ClearID™ can perform.
- About identity request workflow
  An identity request workflow is a series of activities associated with an identity request. These activities are performed by the system or authorized people during the life cycle of an identity request. The activities can create an individual identity, or multiple identities (using a CSV import), and add each new identity to a role to inherit relevant role access for a specified period.
- Creating an identity template
  Before you can submit an identity request, you must create your identity templates.
- Requesting identities
  You can use the Genetec ClearID™ self-service portal to request an individual identity, or to request multiple identities using a CSV import. Using the self-service portal with optional approver workflow simplifies the approval process by only notifying the specified approvers.
- Canceling identity requests
  To cancel identity requests, the identity requester must review the pending requests and then decide which requests to cancel.
- Approving identity requests
  To approve identity requests, a supervisor or identity approver must review the pending approvals and then decide which requests to approve.
- About identity requests report
  In Genetec ClearID™, an identity requests report is a list of identity requests for your ClearID account. The report includes information about the identity request date, requester, name, identity template, status, and reviewers.
- Checking the status of identity requests
  Administrators can check the status of identity requests to ensure that the organization is security-compliant, audit ready, and that the requests are processed in a timely fashion.
Managing sites
Learn how to manage sites.
Managing areas
Learn how to manage areas.
Managing visitors
Learn how to manage visit requests and access requests.
Managing visitor watchlists
Learn how to manage visitor access using watchlists.
Role-based access control
Learn about role-based access control.
Connecting to other systems
Learn how to connect ClearID to other systems.
ClearID Self-Service Kiosk
Learn about the ClearID Self-Service Kiosk mobile app that simplifies visitor management and check-in.
Troubleshooting
Troubleshoot common issues that can occur.
Additional resources
Need tech support or product information? Check out these resources.
Glossary

Granting additional permissions for identities and roles

2022-11-25

Some organizations require more access than the default permissions provided for a Genetec ClearID™ user. You can grant identities and roles additional permissions so that they can view or manage all identities in the system.

What you should know

Only an account administrator can add identity and role permissions.

Procedure

From the Home page, click Administration > Permissions .
Click Add permissions.
In the Permissions dialog, select either Identities or Roles to add the permissions you require.
If you selected Identities, complete the following:
1. In the Identities field, enter one or more identities that you want to grant extra access.
  A maximum of 20 identities per request is supported.
2. In the Permissions section, select the permissions you want to add to the identities selected earlier.
  
  Read
  
  Read access to view identities is granted by default.
  
  Write
  
  Select the Write check box to add permissions to modify identities.
  Note: If you make updates to identities that are synchronized with an external data source, the synchronization can overwrite your write permission changes. Write permissions are useful for identities being manually entered into ClearID.
3. In the Reason field, enter a reason why the access was added.
If you selected Roles, complete the following:
1. In the Roles field, enter one or more roles that you want to grant extra access.
  A maximum of 20 roles is supported.
2. In the Permissions section, select the permissions you want to add to the roles selected earlier.
  
  Read
  
  Read access to view identities is granted by default.
  
  Write
  
  Select the Write check box to add permissions to modify identities.
3. In the Reason field, enter a reason why the access was added.
Click Finish to submit your changes.

The specified identities or roles now have the required permissions to view and manage identities.

After you finish

View identities or Modify identities.