Home
Managing identities and users
Learn how to manage identities and users.
Granting additional permissions for identities and roles
Some organizations require more access than the default permissions provided for a Genetec ClearID™ user. Account administrators can grant identities and roles additional permissions so that they can view or manage all identities in the system.

About ClearID
Learn about the ClearID self-service physical access management solution.
What's new
Check out what's new in the latest update to ClearID.
Deployment preparation
Check your compatibility and deployment requirements.
ClearID plugin
Learn how to download and install the plugin.
Managing identities and users
Learn how to manage identities and users.
- Creating identities
  Account administrators can manually create identities in Genetec ClearID™ separately from the mass import and synchronization processes. For example, contractors, system integrators, or other users might need one-off identities.
- Identity fields
  Use this table to understand the identity fields in Genetec ClearID™. It shows which fields are mandatory, used by Security Center, and available for provisioning rules.
- About identity custom fields
  Identity custom fields are user-defined properties that store additional information about identities in Genetec ClearID™, beyond the system’s default fields. Account administrators create and manage these fields in the ClearID web portal.
- Creating identity custom fields
  To collect and store additional information about identities in the Genetec ClearID™ web portal, Account administrators can create custom fields and synchronize them with Security Center.
- Granting additional permissions for identities and roles
  Some organizations require more access than the default permissions provided for a Genetec ClearID™ user. Account administrators can grant identities and roles additional permissions so that they can view or manage all identities in the system.
- Granting additional permissions for supervisors
  Some organizations require more access than the default permissions provided for a Genetec ClearID™ supervisor. Account administrators can grant supervisors additional permissions to manage their direct reports.
- Managing additional permissions
  Account administrators can use the Permissions page to view, verify, and modify which identities or roles have extra access to view and manage identities. They can also verify or modify supervisor access to manage their direct reports.
- Viewing identities
  You can view identities in Genetec ClearID™ to check their access control status, general identity information, or verify if they have any supervisors specified.
- Modifying identities
  After you have added identities, you might need to modify the identity details. You can deactivate or activate an identity, or modify identity details after a change in job title, department, company, supervisors, personal information, and so on.
- Deleting identities
  An administrator can delete identities that have become obsolete or are no longer required. For example, when a person leaves the organization, or when an identity was created in error.
- Synchronizing identity pictures with Security Center
  To manage identity and cardholder pictures in one place, Account administrators can set Genetec ClearID™ as the preferred data source for all cardholder pictures in Security Center.
- About webhooks
  A webhook is a user-defined HTTP callback. A webhook can be triggered by an event in a web application and can be used to send data or notifications to a third-party Application Programming Interface (API).
- Creating webhooks
  To notify interested parties when specific events occur, account administrators can create webhooks in Genetec ClearID™ to integrate with third-party solutions APIs.
- Viewing webhook logs
  To troubleshoot unreceived webhooks or other associated issues, third-party API owners can use the logs can help verify the status of every HTTP callback request sent to the third-party URL.
- Granting access to the web portal
  Before a user can access the Genetec ClearID™ web portal, an Account administrator must grant them the required User or Administrator permissions.
- Viewing your profile
  You can use the Profile page to view your profile and check your access or role membership in Genetec ClearID™.
- Viewing your site and area access
  You can use the Profile Access page to review your site and area access. This information helps you determine if you need to request more access in your main site or other sites.
- Setting request visibility for users
  To manage the types of requests that web portal users can make, you can change the request visibility settings in the Genetec ClearID™ web portal.
- About access request workflow
  An access request workflow is a series of activities performed by the system or authorized people during the life cycle of an access request. The activities can change the state and properties of access requests, affect other entities in the system, or wait for a condition to be met.
- Requesting access
  To request access for yourself, another identity, or a team member, you can use the Genetec ClearID™ self-service portal. By using a self-service portal with specified area managers, you can simplify the approval process and avoid delays from routing requests to the wrong approvers.
- Adding supervisors manually
  To help manage requests from your direct reports, Account administrators can manually add supervisors to the relevant identity profiles so that the supervisor approval workflow can be used.
- Viewing direct reports
  You can check the access control status and general identity information of your direct reports. You can also use the direct report list for security reviews or audits.
- Managing direct reports
  Supervisors can manage their direct reports access. This includes general identity information, area access, modifying or removing roles, task delegation, and access control.
- Transferring direct reports
  From time to time a supervisor, account administrator, or an identity might need to transfer direct reports. For example, transferring direct reports to a new hire or for a change in supervisor.
- About direct reports report
  In Genetec ClearID™, a direct reports report is a list of identities of employees that report to a supervisor. The report includes information about direct reports, delegated direct reports, job titles, companies, and access control status.
- Resetting user passwords
  If you’re unable to authenticate while signing in to an account managed by Genetec ClearID™, you can reset your password.
- About email notifications
  Genetec ClearID™ sends email notifications to inform users about specific system events related to access, identities, roles, and visits.
- About email notifications
  Genetec ClearID™ sends email notifications to inform users about specific system events related to access, identities, roles, and visits.
- About delegation
  In Genetec ClearID™, delegation is the process of transferring Genetec ClearID™ tasks within your organization, for example, due to a vacation or sabbatical. Tasks may be transferred among site owners, area owners, area managers, role owners, role managers, supervisors, and visit event approvers.
- Delegating tasks to another user
  Site owners, area owners, area managers, role owners, role managers, supervisors, and visit event approvers can temporarily transfer their Genetec ClearID™ task responsibilities to someone else in their organization by delegating their tasks to another user. For example, during a planned vacation, sabbatical, and so on.
- About user activity report
  In Genetec ClearID™, a user activity report is an audit trail of all activities related to users. The report includes timestamp information, activity type, who activity was performed by, and a details section including reason information.
- Viewing a user activity report
  You can consult the User activity report to review all user-related activities. Use the report for auditing purposes, download a copy to attach to an audit request to review offline, or manipulate or consolidate data in a spreadsheet for other audiences.
- User levels
  The following information can be used to help you understand which actions the users or roles in Genetec ClearID™ can perform.
- About identity request workflow
  An identity request workflow is a series of activities performed by the system or authorized people during the life cycle of an identity request. The activities can create an individual identity, or multiple identities using a CSV import, and add each new identity to a role to inherit relevant access for a specified period.
- Creating an identity template
  Before you can submit an identity request, you must create your identity templates.
- Requesting identities
  You can use the Genetec ClearID™ self-service portal to request an individual identity, or to request multiple identities using a CSV import. Using the self-service portal with optional approver workflow simplifies the approval process by only notifying the specified approvers.
- Canceling identity requests
  To cancel identity requests, the identity requester must review the pending requests and then decide which requests to cancel.
- Approving identity requests
  To approve identity requests, a supervisor or identity approver must review the pending approvals and then decide which requests to approve.
- About identity requests report
  In Genetec ClearID™, an identity requests report is a list of identity requests for your ClearID account. The report includes information about the identity request date, requester, name, identity template, status, and reviewers.
- Checking the status of identity requests
  As an Account administrator you can check the status of identity requests to ensure that the organization is security-compliant, audit ready, and that the requests are processed in a timely fashion.
Credential synchronization
Managing sites
Learn how to manage sites.
Managing visitors
Learn how to manage visit requests and access requests.
Managing areas
Learn how to manage areas.
Managing visitor watchlists
Learn how to manage visitor access using watchlists.
Role-based access control
Learn about role-based access control.
Connecting to other systems
Learn how to connect ClearID to other systems.
Visitor management devices
Learn about the ClearID Self-Service Kiosk mobile app that simplifies visitor management and check-in.
Troubleshooting
Troubleshoot common issues that can occur.
Additional resources
Need tech support or product information? Check out these resources.
Glossary

Granting additional permissions for identities and roles

2025-09-08

Some organizations require more access than the default permissions provided for a Genetec ClearID™ user. Account administrators can grant identities and roles additional permissions so that they can view or manage all identities in the system.

What you should know

Only an account administrator can add identity and role permissions.

Procedure

From the Home page, click Administration > Permissions .
Click Add permissions.
In the Permissions dialog, select either Identities or Roles.
If you selected Identities, complete the following:
1. In the Identities field, enter up to 20 identities to grant extra access.
2. In the Permissions section, select the permissions to grant.
  
  View
  
  Access to view identities is granted by default.
  
  Manage
  
  Select Manage to allow users to modify identities.
  Note:
  If the identity is synchronized with an external data source, changes can be overwritten during synchronization. Use Manage for identities added manually in ClearID.
3. In the Reason field, explain why the access is being granted.
If you selected Roles, complete the following:
1. In the Roles field, enter up to 20 roles to grant extra access.
2. In the Permissions section, select the permissions to grant.
  
  View
  
  Access to view identities is granted by default.
  
  Manage
  
  Select Manage to allow users to modify identities.
3. In the Reason field, explain why the access is being granted.
To submit your changes, click Add identities or Add roles.

The specified identities or roles now have the required permissions to view and manage identities.

After you finish

View identities or Modify identities.