Background on Anti-passback
Reader-based anti-passback rules are applied to an individual reader. Typically, these rules prevent multiple people from entering using the same card at the same reader, or in the case of a parking lot application, multiple cars entering at the same gate using the same parking pass. Reader-based anti-passback always has a time delay. The card ID and the time of the last granted access request are stored within the reader. If the new access request is for the same card ID, the time delay is checked. If the elapsed time since the last granted access request is less than the time delay, the user is not granted access. In the parking lot application, there may be a time-delay of 10 minutes in which that parking pass may not be used. In this configuration, if the user is granted access at another reader, the history at the first card reader is retained and anti-passback rules still apply at the first reader. For example, the user presents the card at Gate A at 9:42 am and is granted access. The user then presents the card at Gate B at 9:43 am and is granted access. The history of the card would be not removed from the reader at Gate A and the user would not be able to go back to Gate A, present the ID card and be granted access.
BluB0X currently supports three types of Anti-passback modes. "Soft Antipassback. Grant Access and Log APB Violation", "Reader Based Antipassback. Check Last Time on Reader", and "Reader Based Antipassback. Check Last Time Entry in Card Holder Database"
If you are interested in "Hard Antipassback. Do Not Grant Access if Invalid Entry is Attempted" or "Area Based Antipassback" modes please contact firstname.lastname@example.org.
What is "Soft Antipassback. Grant Access and Log APB Violation" mode?
This mode will not prevent a person from repeatedly swiping their credentials at the reader, but will log the action in the Events screen. You can setup Rules that will take an actions when this happens.
What is the difference between the two Reader Based Antipassback modes?
Check Last Time on Reader
The card is checked locally to the reader. Note: A common instance where reader-based anti-passback may not prevent anti-passback violations occurs when an access grant from a different card clears the history of the first access grant. If card ID 5555 is granted access at Gate A, and then card 1234 is granted access at Gate A, card ID 5555 will be able to re-enter Gate A within the specified delay period without violating anti-passback rules.
Check Last Time Entry in Card Holder Database
The card is checked at the security controller. This mode is more robust and solves the problem with the "Check Last Time on Reader" mode. In this configuration, the reader number and time of last access are stored in the cardholder record in the security controller. If the cardholder requests access at a reader that is the same reader that was last used, as stored in the cardholder record and it is within the delay time as specified in the portal configuration, access will be denied.
The directions for setting up either mode is identical, except the "Check Last Time Entry in Card Holder Database" mode has an extra step that will necessitate the resetting and syncing of the controller followed by re-syncing the people again. Depending on the size of the system and number of people this can be a significant amount of downtime, so plan accordingly.
Instructions for Either Reader Based Anti-passback Modes
- Log in and navigate to Portals. Main Menu->Setup-> Portals
- Select the portal you want to set Anti-passback on.
- Select Edit
- Select "Show Advanced Settings"
- Update "Antipassback Mode" to "Reader Based Antipassback. Check Last Time on Reader", "Reader Based Antipassback. Check Last Time Entry in Card Holder Database", or "Soft Antipassback. Grant Access and Log APB Violation"
- Set "Antipassback Delay Seconds" to the length of time you want to prevent the card from re-used.
- Note: If the card is swiped, but the door is not opened/used, this will not start the Antipassback Delay Seconds.
- When finished use the button to finish.
Configure the controller ONLY if you selected "Reader Based Antipassback. Check Last Time Entry in Card Holder Database" as your Antipassback Mode, then do the next steps, otherwise continue to Sync Controller.
- Navigate to Controllers. Main Menu->Setup-> Controllers
- Select your controller from the list
- Select Edit
- Select "More...", in lower left of screen, to expand the fields to be seen.
- Scroll down to "Users Database" area.
- Change "Store Apb Location" from "No" to "Yes"
- Note:When you make this change you will be required to Reset your Mercury controller, Re-sync the controller, and then Sync all the people again. While this is going on the controller will be offline, not responding to card reads or responding to any updates.
- When finished use the button to finish.
- Navigate to Controller-Door-Floor Diagnostics. Main Menu->Setup-> Controller-Door-Floor Diagnostics
- Select your controller from the list of controllers.
- If you DID NOT configured the controller and change the "Store Apb Location" setting, then you will ONLY need to:
- Select "Sync Controller" button, see image in next section.
- You are Done, you can go to the testing section.
- If you DID configured the controller and changed the "Store Apb Location" setting, then you will need to do the following:
Note: The following actions will take your controller offline, so pick a time when the system is not active. Let security know the system is going to be offline.
- Select the "Reset Controller" button
- Select "Sync Controller" button
- Select "Sync Persons" button
How to exempt a user from the Anti-passback
You can select individual people to be exempt from the Anti-passback settings by changing their credential to have the "Antipassback Exempt" setting.
- Go to Administration People
- Select "Card" tab
- Change "User Flag" to include "Antipassback Exempt"
- Select Save
- Swipe a card at the portal you configured.
- Open the portal
- If you do not open the portal then Anti-passback will not consider this entry, so the delay timing will not start.
- Swipe the card again. You should be denied.