The current Openpath Jira and Confluence instances will be migrated to the MSI On-Premise solution from August 9th-11th, the current platform will be set to read-only and all future usage will be in the Avigilon Instance. Please ensure access to MSI Jira & MSI Confluence, both are accessible through OKTA. For additional information and details please refer to the Atlassian migration page

A setup guide for a basic landlord and tenant configuration

Owned by Chad Fay
Last updated: Oct 31, 2024
3 min read

Zone Sharing allows an organization to share its zones with other organizations. This enables other organizations to grant their users access to your zones, maintaining separate user databases for privacy and reducing the landlord's need to manage individual tenant users.

Warning: Zones with custom entry states cannot be shared between organizations, as these custom entry states are tied to the organization and are not shareable.

Prerequisites

  • At least 1 Avigilon ACU.

  • At least 1 entry with any license.

  • Two or more Avigilon Alta organizations (generally one landlord org, and multiple tenant orgs).

Organization Structure

  • Org 1 - Landlord
    All common area hardware, such as main entry points and elevators, will be assigned to this organization.

  • Orgs 2+ - Tenants
    Each tenant will have its own organization. Tenant organizations may or may not have their own Avigilon Alta hardware; typically, they consist only of users and access groups. In these cases, the partner configuring the organization must enable the Auto-assign Basic feature on the Edit Organization page (located in Partner Center > Manage Organizations). This feature allows the tenant to create up to 500 users at no cost, which is necessary since they will not have any entry licenses.

Zone Sharing Sample Diagram

How to Share Zones

  1. Create a zone with only the entries you wish to share.

  2. Enter the Org ID number in the “Organizations to share with” field, then click Save.

  3. Once the zone has been shared, it will now be selectable by the tenant org, allowing them to provide their Users / Access Groups access to the zone.

Note: To find the org ID, click your profile icon in the top right corner, then hover over the name of the org to which you’re sharing the zone. Org ID is also visible in the browser address bar following “o/”; for example https://control.openpath.com/o/7874/dashboards/activityDashboard

 

Note: Zones that are shared by the landlord to tenants cannot also support non-zone shared entries/zones that have the same users in the landlord org on the same core smart hub.

Reporting

  • The landlord has access to all event history at their entries. The tenants do not have visibility to history unless explicitly given access from the landlord.

  • If a tenant needs access to run reports or view dashboards, the landlord can add the tenant’s user to the landlord organization with restricted permissions, granting access only to dashboards and reports. To keep tenant access limited, it's recommended to organize the landlord organization by sites and create roles for tenant report admins using the “Limit to specific sites” option. This prevents tenants from viewing information for unrelated zones. Note that the “Limit to specific sites” feature requires a Premium or Enterprise license for the landlord organization.

FAQ's

Q: What if the landlord wants control over which users can access an area, such as a fitness center which requires a waiver before users are granted access?

A: The landlord would not share the fitness center zone, and would instead enroll the tenant User.

 

Q: Can the tenant change the entry schedule?

A: No, the tenant user cannot change the entry schedule. Only a user with appropriate role permissions on the landlord org can modify entry schedules. Tenant admins can only modify their employees' user schedules (allowing access from 9-5 for example).

 

Q: Can the tenant run reports or view dashboards?

A: Tenant Admins cannot view event data from zones and entries shared with them, as this data remains under the ownership of the zone owner. If a tenant needs access to reports or dashboards, the landlord can add the tenant’s user to the landlord organization with restricted access, permitting them to view only dashboards and reports. Learn more about roles.

 

Q: Does this mean that tenants can give their users unlimited access to shared zones?

A: Yes, Tenants will be able to create users/access groups and give them 24/7 access. However, the landlord controls the default entry state and entry schedules for their entries. These can be set up in such a way that they can deny specific Unlock Trigger Methods such as cards and/or mobile credentials (configured in Sites > Entry states) on a scheduled basis. For example, the landlord could create an entry schedule for the main entrance which requires a user with override permission or 2FA after business hours. Tenant users could be configured to meet these criteria, but most credentials/users are generally not configured for override permissions. Learn more about entry states.

 

Related Pages:

How do I share Zones?