HID Integration
Overview
HID Global is a leading provider of identity solutions. The Integriti platform supports a wide range of HID readers and credentials, allowing for seamless integration of HID’s high-security technologies into the Inner Range ecosystem.
Technical Details
Supported Reader Models
Integriti is compatible with major HID reader families, including:
- HID Signo: The latest high-security series.
- HID iCLASS / iCLASS SE: Standard smart card readers.
- HID Multi-Class: Dual-technology readers supporting both 13.56MHz and 125kHz.
Connectivity Options
HID readers connect to Inner Range host modules (IAC, ILAM, SLAM) via:
- OSDP (RS485 LAN): The recommended secure method for bi-directional, encrypted communication.
- Wiegand: The traditional standard for unidirectional data transmission.
Credential Compatibility
Integriti can be configured to process various HID credential formats:
- HID SEOS: High-security, next-generation smart card technology.
- HID iCLASS: standard encrypted smart cards.
- HID Prox (125kHz): Legacy proximity technology.
- HID Mobile Access: Virtual credentials on smartphones via BLE or NFC.
Configuration (Integriti)
Card Format Setup
To support HID cards, the correct Card Format must be configured in Integriti:
- Navigate to Access Control > Card Formats.
- Create a new format (e.g., “HID 26-bit” or “HID 37-bit”).
- Specify the bit length and bit-offset for the Site Code and Card Number according to the specific HID credential being used.
HID Mobile Credential Integration (v2.3)
The Integriti HID Mobile Credential Integration (v2.3) provides full lifecycle management of HID Mobile Access credentials directly from Integriti.
Licensing & Compatibility
- Integriti Edition: Requires Integriti Professional, Business, or Corporate.
- License Part Number: 996964 — Mobile Credential Management Integration license.
- Minimum Integriti Version: v22.1 or higher.
- Tested Against: HID Origo 2.2.
Port Requirements
- HTTPS Port 443 must be open between the Integriti Integration Server and HID Origo cloud.
Connection Configuration
| Parameter | Description |
|---|---|
| Client Id | User ID of the HID System account (found under ‘System Accounts’ in the HID Administration Dashboard). Not the same as the management portal username. |
| Client Secret | Password configured for authenticating the connection to the HID Mobile Credential service. |
| Organisation Id | Organisation/Customer Id that identifies which credential pools and Users to load. |
| HID Client Portal Version | Set to Custom to use a specific request endpoint URL. |
| HID Client Portal Environment | Select the environment of the HID Client Portal to connect to. |
| State Processing Interval (s) | How often Integriti polls for card state changes from HID (in seconds). |
Logging
| Parameter | Description |
|---|---|
| Log Verbosity | Only logs at or above the selected level are written. |
Invitations
| Parameter | Description |
|---|---|
| Invitation Link | The invitation link configured in the HID Portal’s Mobile Credential settings. The invitation code is appended to this link. |
| Email Custom Field | Custom Field used for the user’s email address when sending invitations. |
| Mobile Number Custom Field | Custom Field used for the user’s phone number when sending invitations. |
| Delete Users With No Credentials | When enabled, users are automatically deleted from the HID system when they have no valid Integriti credentials. |
| Card Template (New Credential) | Card Template applied to new credentials. Existing credentials retain their original template. Can be overridden per child device. |
Credential State Mapping
| HID Credential Status | Integriti Card State |
|---|---|
| Issued | Active — Issued |
| Waiting for User to Claim (Issue Initiated) | Active — Waiting for User to Claim (Issue Initiated) |
| Issuing | Active — Issuing |
| Issuing Failure | Inactive — Issuing Failure |
| Revoked | Inactive — Revoked |
| Revoke Initiated | Inactive — Revoke Initiated |
| Revoking | Inactive — Revoking |
| Revoking Failed | Inactive — Revoking Failure |
| Ready for Mobile ID (Unbound) | Inactive — Ready For Mobile ID (Unbound) |
Core Capabilities
| Feature | Description |
|---|---|
| Generate credentials for a user | Create and populate newly generated credentials into Integriti. |
| Revoke credentials from Integriti | Cancel invitations or revoke existing credentials via UI, deletion, or user removal. |
| Resend Invitations | Send users email invitations to accept new credentials. |
| Auto-generate credentials | Automatically generate credentials when a user change is detected. |
| Auto-revoke credentials | Automatically revoke credentials or cancel invitations on user change. |
| Display Connection Status | Show whether Integriti is connected to HID Origo. |
| Generate Alerts from Mobile Events | Create/restore Alerts tied to credentials or pools on HID events/alarms. |
| Trigger Integriti Actions | Trigger automations in Integriti on HID events/alarms. |
| Entity Synchronisation | Verify and update users and credentials in HID when Integriti user changes. |
Advanced Capabilities
| Feature | Description |
|---|---|
| Populate Credential Pools | Refreshing child devices populates all configured credential pools into Integriti. |
| Show Card Status | Current status of mobile credentials visible directly in Integriti. |
| Show Credential Pool Status | Pool availability visible directly in Integriti. |
| 64-bit Integration Server Support | Runs on the 64-bit integration server. |
| Categorised Review Records | Different review categories for different integration event types. |
Migration from Legacy HID Cloud Credential Handler
Sites using the legacy HID Cloud Credential communication handler can migrate to the new integration. Configure the new integration in parallel (do NOT delete the legacy handler first). Upon refreshing child devices and starting the persisted connection, existing credentials and user data are automatically migrated. The legacy handler is then automatically disabled and can be safely deleted.
Troubleshooting
- Is the persisted connection running?
- Are the HID Origo login credentials correct?
- Are the required Review Transitions enabled in Recorder Editor?
- Is HTTPS port 443 added to the Integration Server’s firewall?
- Has the persisted connection been restarted since generating credentials?
Migration Path
For sites currently using HID-only hardware that wish to transition to the Inner Range ecosystem:
- Phase 1: Install HID Hybrid Signo Readers. These “Hybrid” models read both existing HID credentials and Inner Range SIFER cards.
- Phase 2: Gradually issue SIFER credentials to users for enhanced end-to-end encryption.
- Phase 3: Eventually decommission legacy HID credentials while maintaining the same reader hardware.