Skip to main content
Version: 6.12

ICA User Setup

This document assumes that the Patriot ICA module has been installed. This document covers setting user access levels and giving users access.

The Internet Client Access (ICA) module allows users access to their site information via the internet using a standard web browser. Patriot contains flexible configuration settings for allowing different levels of access to your users. This works by setting up one or more web-access security group(s) and then assigning one or more of these groups to each user that requires web access.

Create Web-Access Security Group(s)

Security > Operators > Security Groups

Web/Mobile Client Security Group

You can insert a new web access security group in exactly the same way you would insert a new operator security groups - the only difference between the two group types is whether you choose to check "Web/Mobile Client" as a supported client app. When you choose "Web/Mobile Client" as the only supported alp, a reduced set of security rights are available, which corresponds to the features currently available via the ICA website. Also note, that there are special considerations to be made when hiding and viewing tabs from the ICA that are listed under Security Right Definitions at operator security group because the ICA website is not an exact mirror of the Windows client interface.

Web Access Level

There are four levels of web access:

  • Level 1: Standard

    Read-only access. View general client data and history, and generate client and log reports.

  • Level 2: Edit Client

    Adds additional features:

  • Level 3: Extended Access

    As well as the Standard and Edit Client features above, this adds additional features:

  • Level 4: Monitoring

    As well as all the features above, this adds additional monitoring features:

    • Current Activations
    • Ability to Sleep, Complete or Release Current Activations
    • Add or Edit operator notes on Current or Completed Activations

Licensing Requirements

Each user that you grant one of four Web Access levels detailed above will count against your license limit. There is an ICA Module corresponding to each Web Access Level. When an ICA Module is added to your license it comes with a user limit and you will be able to grant up to that number of users web access to the level of the ICA Module or to a lower level. If you have multiple ICA Modules on your license then your web access users will be spread between your ICA Module limits such that every user counts against the module limit corresponding to its access level or to a higher level.

For example, if you have the ICA Edit module and the ICA Monitoring module, each with a limit of 5 users then your license could be spread across your web access users in many different ways including:

  • 5 users with Monitoring level web access and 5 users with Edit level web access
  • 10 users with Edit level web access
  • 10 users with Standard level web access
  • 5 users with Extended level web access, 1 user with Edit level web access and 4 users with Standard level web access
  • 1 user with Monitoring level web access, 1 user with Extended level web access, 1 user with Edit level web access and 7 users with Standard level web access
  • etc.

The Web Access Level is set on the Security Group. When a user is assigned multiple security groups with different web access levels then the user's licensed web access level is determined by the assigned security group with the highest access level.

Help menu access to ICA usage
Web Access level is controlled by the Group Type setting of the Security Group.

To see exactly which users and operators count towards your usage, you can click on one of the ICA modules in the Help Menu.

Help menu access to ICA usage
ICA Usage counts can be accessed via the Help Menu.

This will display all the users and operators listed beneath each Web Access Level heading. Please beware that operators with Windows Client & Web Client access always count against the Monitoring Access level total.

Extended Access usage count. Notice that 5 engineers only add 1 to the total.

Dealers and Engineers

There are some special licensing rules for engineers with remote access. The table below shows how license limits are calculated for a single dealer user, depending on how many engineers are assigned to them.

No. of Engineers AssignedLicense count
01 ICA License. License level will match that of the security group.
1 - 41 ICA Extended License.
5 - 92 ICA Extended Licenses.
10 - 143 ICA Extended Licenses.
x > 0x / 5 + 1 ICA Extended Licenses

General rule: When 1 or more engineers are assigned to a dealer, each block of 5 engineers adds 1 to the total usage, and they are all counted as ICA Extended Licenses.

Global User Protection

ICA users with view/edit access to a client's user listing by default gain this level of access to all assigned users equally. But this can be problematic as a client's user listing usually consists of a mix of Local Users such as key holders, and Global Users such as Patrols. Global users are assigned across many clients, often across bureaus, and typically require edit (and sometimes view) protection from most ICA users. For this reason Patriot has a concept of Protected Users. Access to protected users is controlled by the Protected Users security right (child right of Client User List). A user can be given protected status in a number of ways:

  • Directly, by assigning a User Type with the Protected option enabled.
  • Directly, by assigning a User Grouping with the Protected option enabled.
  • Directly, by assigning the user to a User Grouping that is listed under Protected User Groupings in the Security Group Settings.
  • Indirectly, by assigning the user to any client or template to which an ICA user does not have access.

Protected users, types, and groups are indicated visually with a padlock icon beside their name.

note

The Installer (a.k.a Dealer or Bureau) User Type has an extra layer of protection and cannot be edited by any ICA user without the Dealer Maintenance security right.

Remote Action Plan Filtering

Remote Action Plan Filtering configured through security groups applies to web/mobile client users only (windows client operator action plan filtering of pending activations is configured via operator preferences) and will determine what historic signals and activations are displayed to the web user. You can choose to exclude some action plans, or to only include some action plans. For performance reasons, pick the option which requires the fewest action plans to be selected.

ICA security group
The example "Gold Access ICA" group gives members full access to all ICA features.

ICA Report Access

To allow reporting in ICA, you should assign the security group rights for Report Shortcuts:

Permissions
Permissions

You can also decide which specific reports each security group has access to, out of the following options:

Report TypeStandard / Edit ClientICA Extended / Monitoring / Administrators
Incident Report
Log Report
Activation List Report
Client Report
Client List Report
Client Notes Report
Client With Response Report
Incident Extended Report
Log Analysis Report
Polled Client List Report
Reason Analysis Report
Type Report
User Report
Work Order Report
Zone Report

Provide ICA Access to User

ICA User settings
ICA User settings

User's ICA settings will be visible when "Allow Web Access" is enabled:

  • User Name: The login user name.
  • Password: The login password, which only visible to the operator when setting up user for ICA for the first time and when resetting the password. To improve security, password set by the operator should be treat as a temporary password, the user should change the password in ICA once login.
  • Account Recovery Email: The email address to receive password reset code, which can be used for operators to reset their password.
  • Security Group: The security group the user should be assigned to.
  • Access Type: Two options available: "Client Groupings" and "Client Assigned". "Client Groupings" allows the user accessing clients that have been assigned to one of the "Accessible Site Groupings" below, even when the user hasn't assigned to the site, while "Client Assigned" limited to clients that the user has been assigned to, regardless their Client Grouping. Note that Monitoring level doesn't support "Client Assigned" as the access type.
  • Accessible Site Groupings: User will have access to these Site Groupings. This setting only available when the Access Type is "Client Groupings".
  • Accessible Action Plans: User will have access to these Action Plans. This setting only available when the Security Group is a Monitoring level Security Group.

Patriot Desktop Client Linking

Patriot control room operators with dual Windows and Web/Mobile client access rights can quickly switch between the two interfaces by clicking the "Open in Patriot Client" link button which appears in the action button tool bar throughout the ICA interface. Clicking this button opens the same data in the Windows destop client.

The Windows client link buttons are only shown in ICA when the logged in user:

and

  • Is currently logged into a Patriot desktop client.
note

Corresponding ICA link buttons can be shown in the Patriot Windows client, when the Enable ICA Links setting is enabled in the System Wide Client Settings. Please note that this feature doesn't have the ability to disable the link buttons in ICA.

Patriot Desktop Client Linking
Patriot Desktop Client Linking
Patriot Desktop Client Linking for client, event view and guard tour. The live camera link button is on the top right of the client page.
Patriot Desktop Client Linking for client, event view and guard tour. The live camera link button is on the top right of the client page.

If an operator is currently logged into multiple Patriot desktop clients then they may set which desktop client should be used to open ICA links from the main menu bar of the ICA interface.

Patriot Desktop Client Linking
Patriot Desktop Client Linking