Overview
This guide explains how to configure Global Anti-Passback on the Integriti system. Anti-passback prevents a user from passing their credential to another person to gain unauthorised entry (tailgating). Global anti-passback extends this enforcement across multiple controllers in a multi-controller system.
On Integriti, anti-passback is managed using Locations (for global/multi-controller anti-passback) and Areas (for local/single-controller anti-passback). When global anti-passback is enabled, the system tracks user locations across all participating controllers.
Important: Global anti-passback requires Peer-to-Peer communications configured between controllers with the Locations option enabled.
How It Works
- Doors have an inside and outside location, plus an inside and outside area.
- A user’s location is either a global Location or a local Area — never both simultaneously.
- If a door has both, the user is placed in the Location when they enter.
- When global anti-passback is enabled and doors are configured for anti-passback, the controller looks only at the user’s Location for access decisions. If the user is currently in an area, they are considered to be in no location for anti-passback purposes.
- When global anti-passback is not enabled, the controller looks at the user’s Area. If the user is in a location, they appear as if they are in no area for anti-passback processing.
Prerequisites
- Integriti System Designer with installer-level access.
- Controllers running firmware supporting global anti-passback (V3.2.x or later).
- Peer-to-Peer configured with the Locations option enabled on all participating controllers.
- Users must have Location-based permissions configured (not solely area-based).
Step-by-Step
Enable Global Anti-Passback on Each Controller
- In Integriti System Designer, click the Hardware tab followed by Control Module.
- Double-click a controller to open the Editor Window.
- Under Module Details, expand General Behaviour.
- Tick the Enable Global Antipassback option.
- Save and close the Editor Window.
- Repeat steps 1–5 for all controllers that will participate in global anti-passback.
Configure Peer-to-Peer for Locations
- Ensure Peer-to-Peer is configured on each controller.
- In each controller’s Peer-to-Peer settings, tick the Locations option.
- Verify all controllers share the same encryption key and multicast settings.
Configure Door Locations
-
For each door that should enforce anti-passback, configure the Inside Location and Outside Location fields.
-
Assign appropriate Location permissions to users:
- Users can enter a door if they have the inside location as a permission, even without the door as a direct permission (unless denied on that door).
- Users with a door permission will be denied if they have a deny permission on the inside location.
Note: At the time of writing, there is no Location List. Locations must be aggregated in permission groups if users approach their permission limits.
Important Behavioural Notes
When Global Anti-Passback is Enabled
- Area counting is disabled when global anti-passback is enabled. No area counting occurs if doors have inside and outside areas.
- Users with the location permission inherit access, as the permission serves no other purpose (unlike area permissions which are also for arming/disarming).
- If a user has a door as a direct permission, they will be denied if they have a deny permission on the inside location.
- Doors can still allow/deny based on Menu Group disarm on entry, user area off list, Door Type (disarm entry area, deadlock).
- Users can still arm/disarm areas at a door (pushbutton arm, disarm entry/exit area on egress/ingress, 3-swipe arm) depending on programming and user permissions.
When Global Anti-Passback is Not Flagged (Disabled)
- Users can gain access through a door if they have the inside area (or area list containing the inside area) as a permission, provided that permission has the access area flag set — even without the door as a direct permission (but not if they have a deny on that door).
- Users can gain access through the door if they have the door as a permission (or it’s in their door list permission), unless they have a deny permission with the enter area flag set which includes the inside area.
- Area counting and automatic area arming when user count reaches 0 can be used wherever area-based access control is used.
- When doors are set up for anti-passback, the controller looks at the user’s Area for allow/deny decisions. If the user is located in a location, they appear as if they are in no area for anti-passback processing.
Verification
- Enable global anti-passback on a test door with inside/outside locations.
- Present a credential at the outside reader — user should be granted access and their location updated.
- Present the same credential again at the outside reader — access should be denied (user already inside).
- Present a credential at the inside reader — user’s location should update to outside.
- Verify review events show correct location transitions.
Troubleshooting
| Problem | Resolution |
|---|---|
| Anti-passback not enforcing across controllers | Verify Peer-to-Peer is configured with the Locations option enabled on all controllers. Check the multicast IP and port match across all controllers. |
| Users always denied | Check that users have the correct inside/outside location permissions. Verify no conflicting deny permissions exist. |
| Area counting not working | This is expected — area counting is disabled when global anti-passback is enabled. |