User Documentation
User Documentation
Breadcrumbs

HIS Avigilon Unity Access Agent

Prerequisites

  • This document describes all supported versions of the agent.

  • Supported PACS versions: Requirements | Agent X PACS Compatibility matrix

  • An Avigilon user with a role of Super Admin is required to make all settings mentioned in this document.

  • The agent also needs to have a user with a Super Admin role. It’s recommended to have a separate user for the agent.

Configuration

PACS Configuration

Creating the technical user

  • Go to the AUA GUI website.

  • Select Identities in the left menu.

    image-20260105-125911.png

  • Click on Add Identity and keep it without choosing any profile.

    image-20260105-130025.png

  • Fill the account like:

    • First and last name: select whatever you like, API Administrator. It's just for easier finding among other identities because the list is combined with all employees and visitors.

      image-20260105-130348.png

    • Set Status: Active.

    • Fill in the username and password (and confirm password) in the login details section.

      image-20260105-130558.png

  • Click on the Add.

    image-20260105-130636.png

  • Switch to Roles and select Super Admin on the left side (Available) and move it to the right side (Member).

    image-20260105-130856.png

  • Click on the Save Changes.

  • Now, try to log in as the newly created user into AUA. In a private browser window, log out of your current session. The AUA asks for a new password and finishes the account setup once you try to log in as the newly created user.

  • The new account is usable for the agent when all these steps are finished.

Required PACS-side settings

No special settings are needed.

Creating technical custom fields

No special custom fields are needed for the agent itself.

Agent Configuration

General agent startup

Step 1: Download

Download the pacs-agent-{pacs-name} Docker image using the manual described in the SFTP section of the documentation.

Step 2: Create environment

Create a file named .env with the following content:

Agent__TenantId=example-tenant-id
Agent__PacsId=example-pacs-id
Auth__ClientId=your-client-id
Auth__ClientSecret=your-client-secret

In case you are connecting to a different environment than HID production, you need to set the proper URLs:

Auth__AuthNProvider=https://auth.example.com
Agent__PlatformUrl=https://platform.example.com

  • Adjust all file parameters according to your setup.

  • It is recommended to store this configuration on an encrypted drive or delete .env file as soon as the Docker image is executed.

Step 3: Run Docker image 
docker run -d \
  --env-file .env \
  pacs-agent-{pacs-name}:latest
Step 4: Check that the Docker image is running 
docker ps

Environment variables description

  • Agent__PlatformUrl: HID Integration Service URL (https://his.hidglobal.com/ais/v1).

    • This information is provided by HID. Since Genetec agent version 1.1, this is set automatically to the production environment value and does not need to be set manually in most cases.

  • Agent__TenantId: Tenant ID within HID Integration Service.

    • This information is provided by HID.

  • Agent__PacsId: Unique ID assigned to the agent during registration.

    • This information is provided by HID.

    • If you registered your PACS on your own, this would be the ID you gave to the PACS.

  • Auth__AuthNProvider: HID Authentication Service URL (https://auth-us.api.hidglobal.com/idp/t89d23e0b2445510399335/authn).

    • This information is provided by HID. Since Genetec agent version 1.1, this is set automatically to the production environment value and does not need to be set manually in most cases.

  • Auth__ClientId: Client ID obtained during registration.

    • This information is provided by HID.

  • Auth__ClientSecret: Client secret obtained during registration.

    • This information is provided by HID.

Don't forget to replace the {pacs-name} placeholders with the actual name of the pact agent.

Agent-specific configuration

{pacsd-name} = avigilon

Environment variables for Avigilon Unity Access Agent:

  • Avigilon__Api__ServiceUrl: IP address or domain of AUA. E.g., https://10.154.52.146/

  • Avigilon__Api__Username: Username from creating the technical user.

  • Avigilon__Api__Password: Password for the username above.

  • Avigilon__AccessUnit__ExcludedRoles__<n>: It should be a list of roles in a format like Avigilon__AccessUnit__ExcludedRoles__<n>: <ID>, where <n> is just an index in an array - a sequence from 0 to n (0, 1, 2, …) and <ID> is an ID of an Avigilon role — Super Admin, Admin, etc. Please, check the ExcludedRoles section for more details below.

Agent-specific .env file part example:

Avigilon__Api__ServiceUrl=<link-to-web>
Avigilon__Api__Username=<user-name>
Avigilon__Api__Password=<password>
Avigilon__AccessUnit__ExcludedRoles__0=<ID_1>
Avigilon__AccessUnit__ExcludedRoles__1=<ID_2>

ExcludedRoles:

  • Avigilon uses roles for setting system privileges and access privileges through assigning access groups to roles. The ExcludedRoles list is trying to hide the system privileges like Super Admin and Admin and does not show these internal roles in AIS.

  • The ExcludedRoles is a list of role IDs. Role IDs can be found in the AUA GUI at Roles -> Select a role. The URL contains it, e.g., https://10.154.52.146/roles/1/edit, where 1 is the ID in this example.

  • It’s recommended to exclude at least Super Admin and Admin.

Limitations

Unsupported operations

  • CreatePin (Identity/Visit)

  • GetPin (Identity/Visit)

  • UpdatePin (Identity/Visit)

  • RemovePin (Identity/Visit)

  • ActivatePin (Identity/Visit)

  • DeactivatePin (Identity/Visit)

  • Import (Identity/Visit)

Please note that support for batch importing identities and visits has not been added for this PACS yet. It will be coming soon.

Limited operation

Operation

Note

Visit.CheckInAt

Visit CheckInVisit and CheckOutVisit are working, but AUA does not support check-in/check-out dates, which means the flag CheckInAt is always null.

ActivateCredential (Identity/Visit)

A token can only be marked active if the identity/visit is active.

Credential.CardId

Every single token should have a unique internal number per the whole AUA. The internal number is CardId from the AIS Credentials structure. That means each CardId can appear only once in the whole AUA.

Credential.FacilityID

The facility ID is not supported by AUA. The agent ignores the value. And returns 0 in places where it is mandatory.

Credential.Format

The format is not supported by AUA. The agent ignores the value. And returns Token Type in this field.

Credential extension fields (identity/visit)

The extension fields for identity credentials and visit credentials are not supported. Provides the self only.

Naming Mapping

Entities

AIS Entity Name

PACS GUI Term

Identity

Identity (type: Employee)

Visit

Identity (type: Visitor)

Card Format

No entity available

Identity Credential

Token

Visit Credential

Token

Access Unit

Role

Identity Access

Role

Visit Access

Role

Operations

AIS Entity Operation

PACS GUI Term

Check-in

Activate

Check-out

Deactivate

Creation of extension fields

Manual for Creating an EF in the PACS

  • Click on Setup & Settings / User Fields in the left menu.

  • Click on the Add User-Defined Field button.

    image-20260105-131247.png

  • Put the AUA unique field name + type.

    image-20260105-131418.png

  • Click on the Save button.

Supported entities and data types

Entity

Supports EFs

Identity

Yes

Visit

Yes

Credential

No

Access Unit

No

Variable type (AIS)

Variable type (Avigilon)

Note (Avigilon)

Boolean

Boolean


Integer

Integer


Decimal

String


String

String


DateTime

Date

The smallest unit is the second. Anything below a second is cut off on the AUA side.

DateTime

String

It supports units smaller than a second.

Not supported

TextBox