Alert EnterpriseWiki

Lenel OnGuard

Lenel·AE_HSc_LenelConnectorGuide

PACSactiveLenel OnGuard 2012
Transports
soap
Direction
bidirectional
Authentication
Windows credentials over SOAP/HTTPS
Topology
hybrid
Compare with another connector →Open in composer →

Overview

The Lenel connector integrates AlertEnterprise with Lenel OnGuard, one of the most-deployed enterprise PACS platforms in financial-services environments. The connector handles user/cardholder lifecycle (create / update / delete / delimit), badge lifecycle (add / activate / deactivate / change / delete), badge access-level management, and bidirectional reconciliation (full + incremental).

Topology: AlertEnterprise's Alert Connector Framework (ACF) drives the Lenel Connector, which calls into the Alert Lenel Web Service Agent — a SOAP-based C# service deployed on IIS on the customer's Lenel OnGuard host. The agent in turn invokes DataConduIT (Lenel's native API) to operate the OnGuard system. The SOAP channel between the Lenel Connector and the Agent can be SSL-secured.

Authentication uses Windows credentials (URL + username + password) linked via SSO configuration to Lenel users. The Lenel user account driving the integration must hold the SystemAdmin, CardHolder Admin, MonitorUser, and View Access permission groups.

Note (2026-05-26 source check): the current connector guide documents OnGuard versions through 8.1. Newer OnGuard releases (e.g. 8.2, 8.3) may be supported in practice but require either guide updates or operational verification before being claimed in RFP responses.

Architecture

Composed from this connector's actors + edges. Trust zones are color-coded; trust crossings render as thicker lines.

Composing diagram — running ELK layout5 actors · 5 edges

Authentication

1 method supported

Windows credentials over SOAP/HTTPS
basic

The Lenel Connector authenticates to the Alert Lenel Web Service Agent using a Web Service URL plus Windows username / password. Credentials must correspond to a Lenel user account, linked via Lenel's SSO configuration. The channel can be SSL-secured (recommended in production).

Credential storage
AE connector configuration (encrypted at rest)

Prerequisites

Everything that must be in place for this connector to work, with the owner who's responsible.

Alert Lenel Web Service Agent installed on Lenel host

ae

The Agent is a C# SOAP web service hosted on IIS on the Lenel OnGuard server. It must be installed and reachable from the AE host before the connector can operate. IIS plus a compatible .NET runtime are required on the Lenel host.

Lenel service account with required permission groups

customer

The Lenel user account driving the integration must hold these permission groups: SystemAdmin (System), CardHolder Admin (CardHolder), MonitorUser (Monitor), and View Access (Reports). Lower-privileged accounts will fail at the DataConduIT layer.

SSL configuration between Lenel Connector and Agent (recommended)

ae

The SOAP/HTTPS channel between the Lenel Connector and the Alert Lenel Web Service Agent supports SSL. Production deployments should enable SSL; the guide includes certificate provisioning steps.

SSO configuration linking Lenel users

customer

Lenel users must be linked through SSO configuration so that the Windows credential passed by AE resolves to a Lenel user with the required permissions.

Known limitations

Documented constraints to set customer expectations before deployment.

Connector guide documents through OnGuard 8.1 only

important

The connector guide (last updated 2023-04) lists OnGuard versions through 8.1. Newer OnGuard releases (8.2, 8.3) may work in practice but are not formally documented; treat support claims for newer versions as requiring operational verification.

Custom fields require explicit configuration

informational

Non-default Lenel fields must be created on both sides (Lenel + AE) per the Creating Custom Fields chapter. The connector does not auto-discover custom fields.

Data fields

3 fields mapped between AE Guardian and the vendor system.

AE fieldVendor fieldDescriptionDirectionRequired
UserLenel User / CardholderUser accounts in OnGuard map to AE User entities. Connector creates, updates, delimits, and deletes users.bidirectionalyes
CredentialBadgeBadge records assigned to users. Connector adds, activates, deactivates, changes, and deletes badges, and changes badge access levels.bidirectionalyes
Access LevelBadge Access LevelAccess levels assigned to badges. Connector reads and writes badge access-level assignments during provisioning and reconciliation.bidirectionalno

PACS specifics

Cardholder model

User (cardholder) is the principal entity. Users hold Badges; Badges are assigned Access Levels. Custom fields can extend Users and Badges per deployment.

Access rights model

Access Levels are assigned to Badges (not directly to Users). The connector reads and writes Badge Access Level assignments; OnGuard enforces the model natively.

Multi-tenancy

Segment / Region partitioning supported by OnGuard natively. The connector honors the customer's segmentation model via DataConduIT calls.

Topology + Events
Topology
hybrid
Event model
both
Anti-passback
unknown
Holiday schedules
unknown
Card formats
Custom Card Formats (per-deployment configuration; see Chapter 9 — Creating Custom Fields)
Source materials
  • src/connectors/lenel/source.pdf p6 — Chapter 1, Supported Version
  • src/connectors/lenel/source.pdf p6 — Provisioning Capabilities
  • src/connectors/lenel/source.pdf p7 — Reconciliation Capabilities
  • src/connectors/lenel/source.pdf p8 — Chapter 2, Connector Architecture
  • src/connectors/lenel/source.pdf p23 — Chapter 5, Security
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.