Alert EnterpriseWiki

AMAG Symmetry Mobile

AMAG Technology·AE_HSc_AMAGSymmetryMobileConnectorGuide

PACSactiveSymmetry Mobile 1.0
Transports
rest
Direction
bidirectional
Authentication
Access Control System Token
Topology
cloud
Compare with another connector →Open in composer →

Overview

The AMAG Symmetry Mobile connector integrates AlertEnterprise Guardian with AMAG Symmetry Mobile — AMAG's mobile credential issuance and lifecycle product, distinct from the amag PACS connector. Symmetry Mobile issues virtual credentials (mobile passes) to AMAG cardholders' smartphones, replacing or supplementing physical cards.

Architecturally this is a REST-based integration (the amag connector by contrast is SOAP+JDBC). The connector ships as ALNTSymmetryMobileConnector-5.0-SNAPSHOT.jar and registers com.alnt.symmetry.mobile.services.SymmetryMobileConnectionInterface as the extractor class. It targets the Symmetry Mobile REST Service — a cloud or on-prem-deployed service exposed at an Instance URL configured per AE tenant.

Categorized as PACS in the connector catalog because it manages access credentials that authenticate at AMAG PACS readers; functionally it overlaps with credential-provider connectors like wavelynx and hid-mobile-credential but is AMAG-specific.

Architecture

Composed from this connector's actors + edges. Trust zones are color-coded; trust crossings render as thicker lines.

Composing diagram — running ELK layout6 actors · 5 edges

Authentication

1 method supported

Access Control System Token
custom-token

Symmetry Mobile authentication uses a vendor-issued access token generated by the Symmetry Mobile System Administrator under the Access Control System details section of the Symmetry Mobile admin UI. The token is configured as the Specify Access Token system parameter on the AE side, alongside the Instance URL and User Id. The token is sent on every REST call to the Symmetry Mobile REST Service.

Credential storage
Encrypted in AE connector configuration (System Parameters tab).

Prerequisites

Everything that must be in place for this connector to work, with the owner who's responsible.

AMAG Symmetry Mobile service deployed and reachable

customer

An operational Symmetry Mobile REST service. The Instance URL system parameter must point to it and be reachable from the AE application server.

Access Control System Token from Symmetry Mobile admin

customer

The Symmetry Mobile System Administrator must generate an Access Token under the Access Control System details section of the Symmetry Mobile admin UI. This token is what the AE connector uses to authenticate.

SSL certificate trust

ae

The Symmetry Mobile REST service certificate must be imported into the AE host's JVM cacerts keystore. The guide documents the manual keytool -importcert procedure followed by a restart of the Job and API services.

UserIdentifier Key set to CardNumber

ae

The Specify UserIdentifier Key system parameter must be set to CardNumber — this is the field that links the mobile credential back to the cardholder's identity in the AMAG ecosystem.

Companion AMAG SMS connector for cross-system linkage

joint

Mobile credentials only become useful access credentials when associated with an AMAG cardholder. In typical deployments the amag connector handles cardholder provisioning into Symmetry SMS, and this connector handles the mobile credential layer on top. EmployeeNumber/CardNumber alignment between the two systems is the linkage.

Known limitations

Documented constraints to set customer expectations before deployment.

Multiple business fields multiplexed through `description`

informational

The connector uses AE's description field as a vehicle for several Symmetry Mobile system fields (managerEmail, issueLevel, photoApprovalStatus, overrideBluetoothSignalStrength) via the formula-mapping mechanism. This means: (a) the AE-side description carries semantically heterogeneous data, and (b) any downstream consumer that reads description for its normal purpose will see the formula payload. Customers who rely on description as a free-text field should use AE custom attributes instead.

Single-version coverage (1.0 only)

informational

The connector guide documents Symmetry Mobile version 1.0 only. AMAG's broader Symmetry Mobile product roadmap is not reflected here — verify with AMAG before promising support for newer Symmetry Mobile releases.

Data fields

14 fields mapped between AE Guardian and the vendor system.

AE fieldVendor fieldDescriptionDirectionRequired
userIdemployeeNumberSymmetry Mobile's primary user identifier — must match the AMAG SMS EmployeeNumber for cross-system linkage.bidirectionalyes
firstNamenamebidirectionalyes
lastNamesurnamebidirectionalyes
emailemailbidirectionalyes
photophotooutboundyes
statusstatusCardholder status enum.bidirectionalyes
validToexpiryDateoutboundyes
validFrom (formula)photoApprovedDateValidity-start derived from photo approval timestamp (set via formula on AE side).outboundyes
description (formula)managerEmailManager email, propagated through the `description` field via formula.outboundyes
description (formula)issueLevelCredential issue level, propagated through `description` via formula.outboundyes
description (formula)photoApprovalStatusoutboundyes
description (formula)overrideBluetoothSignalStrengthOverride for the BLE signal-strength threshold required for the mobile credential to register at a reader. Used to tune door-open behavior per cardholder. outboundyes
sourceIdcardNumberMobile credential's card number (UserIdentifier Key).bidirectionalyes
roleGroupcredentialGroupSymmetry Mobile groups credentials by Credential Group — analogous to AMAG's Access Groups but specific to mobile credentials.bidirectionalyes

PACS specifics

Cardholder model

Symmetry Mobile users carry the AMAG cardholder identity (employeeNumber, name/surname, email, photo, status, validity dates). Each user holds one or more virtual credentials (cardNumber), assigned to one or more Credential Groups (the mobile equivalent of an Access Group). The connector also captures Bluetooth signal-strength override per user — tunable for unusual reader-mounting environments.

Access rights model

Access is granted by assigning a user to one or more Credential Groups. Each Credential Group maps to a set of mobile-enabled AMAG readers. Validity windows on the credential (validFrom / validTo) gate when the mobile pass is active.

Multi-tenancy

Single Symmetry Mobile instance per AE→Symmetry Mobile connector. Customers running multiple Symmetry Mobile tenants require one connector instance per tenant.

Topology + Events
Topology
cloud
Event model
polling
Anti-passback
unknown
Holiday schedules
unknown
Reader protocols
bluetoothblenfc
Source materials
  • src/connectors/amag-symmetry-mobile/source.pdf Full connector guide — 18 pages, updated 2023-04-11
  • src/connectors/amag-symmetry-mobile/source.pdf p5 — Supported Version
  • src/connectors/amag-symmetry-mobile/source.pdf p7 — Connector Architecture
  • src/connectors/amag-symmetry-mobile/source.pdf p16 — Chapter 5 Security
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.