Skip to main content

RFID Single Sign-On

Workstation access control

With idemeum you can control which of your users have access to which workstations.

Overview

By default when the idemeum desktop agent is installed, it is shared with all users. Meaning, any user who successfully onboards into idemeum with an RFID badge, will be able to login into any shared workstation. There are several ways you can control who has access to what.

Manual workstation assignment

💡
This functionality applies to users who already onboarded into idemeum.
  • Navigate to your RFID tenant admin dashboard
  • Access Devices and then search for device where you want to configure access control
  • Click on ... and choose Share device
  • Now you can remove All users group and assign any users directly to this workstation. Only the users in the list will have access to this workstation.

Attribute-based access control

💡
This functionality works with idemeum cloud directory and can be applied to both onboarded and newly created users.

You can create directory attributes based on which you can control who has access to what workstations.

For example, you can:

  • Create a department attribute
  • Categorize your users by assigning doctor or support attribute values
  • Allow only users with the attribute doctor to access workstations with an RFID badge

Let's see how you can do that:

  • Navigate to your idemeum RFID tenant admin dashboard
  • Access UsersUser source
  • For local directory expand Advanced options
  • In the Custom attributes section create an attribute department
  • Navigate to Groups section and click Add group
  • Give group a friendly name
  • Now choose the attribute that you create in the previous section department and assign the value you want to use doctor. This way all the users with department attribute of doctor will become part of this group.
  • You can create similar groups for other roles
  • Now navigate to Devices, search for device you want to apply access control for, click on ... and then choose Share device
  • Remove group All users and add the group that you created in the previous step

What we have achieved so far is that we restricted device access to only users that are part of the group Groups for doctor access. Now any user who has a department attribute doctor will be able to access this workstation.

The last step is to assign a departmemt attribute to existing or new user records:

  • Navigate to Users section
  • Choose any existing user and click on ... to edit or create a new user
  • At the bottom of the screen you can see custom attributes section with all attributes that you configured, and you can now assign the role to this user record