Some of the technical content on this site is only available in English.

Assigning keys to users in Nebula Beta

Overview

Salto Nebula supports multiple types of contactless key technologies. In addition to physical keys such as fobs, keycards or wristbands, you can also assign digital keys to users for them to use on their mobile devices.

Each key, whether physical or digital, securely encodes the same access rights that are specific to each user and configured under the corresponding user profile in Nebula. For this reason, you must first create user profiles and configure their access rights before assigning keys to users.

Supported key types

You can assign four different types of keys to your users:

TypeDescription
KeyA physical contactless key such as a fob, keycard or wristband.
App keyA digital key residing in the Salto Nebula mobile app on an iOS or Android phone.
Apple Wallet keyA digital key residing in Apple Wallet, on either an iPhone or an Apple Watch.
PasscodeA numeric code that allows users to gain access via locks that are equipped with keypads.

Assigning keys

Once you've created a user and configured their corresponding access rights, click on the user's name to display the user profile screen and view the list of available key types.

Assigning keysYou can see key status and the available key types on the user profile screen

Physical keys

You can assign different types of physical keys to your users such as fobs, keycards and wristbands.

There are 2 ways in Nebula to assign physical keys:

  1. Auto-assign: keys are automatically assigned to users by presenting them to an online access point.
  2. Using an encoder device.

These are described in more detail below:

Auto-assign

To auto-assign a physical key, enter the UID or serial number printed on the fob, card or wristband in the UID field located in the Key section of the user profile.

Auto-assign key optionAuto-assign key option

Once you've entered the UID, the user's key becomes marked as Pending activation. The key will be automatically activated when it's presented to an online electronic lock for the first time.

Key pending activationThe key remains pending activation until the user presents it to an online access point

Make sure you use the correct 14-digit hexadecimal UID when auto-assigning a physical key. If you enter an incorrect 14-digit code, you may see that the key is marked as Pending activation. However, if the code is incorrect, when the user presents their key to an online access point it will not be activated.

In the same way, if you enter a UID that is already being used by another key, an error message displays indicating that the key cannot be assigned.

Note that if you use the auto-assign feature and you have an encoder in the system, you can also activate the key by placing it on the encoder and pressing the Update button. The Auto-assign / Encode tab only displays if there is an active encoder in the system.

Encode

The Encode option allows you to assign a physical key using an encoder device like the Salto NCoder. Before you can assign keys using an encoder, you must first set up and configure the encoder. The Encode option only displays if you have one or more encoders created in your installation.

Encode key optionEncode key option

See the section on creating encoders for more details.

Once your encoder is configured correctly, it will display in the Encoders list in the Encode tab of the Key section.

To assign a key using the encoder do the following:

  1. Select the correct encoder
  2. Place the user's key on top of the encoder
  3. Press Assign

Note that keys assigned using an encoder become Active from that moment onwards. Unlike with the Auto-assign option, the user does not need to present the key at an online access point to activate it.

Once a user's key has been encoded, the UID of that key will display in the activity section in the Key type detail, as below.

Key type activityAn encoded key displays the UID in the activity section

App keys

The Salto Nebula app allows users to use their iOS or Android phones as their key, by opening the app and presenting their device to the electronic locks in an installation.

To assign an app key to a user, click on the Assign button located in the App key section of the user profile.

Assign app key optionThe user must have a valid email address for you to be able to assign an app key

Upon clicking the button, the user will receive an email with instructions on how to download the app and activate their app key.

The user must have a valid email address in order to be assigned an app key. If no email address is set up in the user profile, selecting Assign opens a dialog box prompting for an email address.

Apple Wallet keys

This feature is only available on iOS devices. Please contact sales for more details.

Salto Nebula integrates with Apple Wallet to offer a seamless digital key experience on iPhone and Apple Watch. Apple Wallet keys allow users to use their iPhone or Apple Watch as a key to unlock electronic locks, in a similar manner as with a contactless fob, keycard or wristband.

To assign an Apple Wallet key to a user, click on the Assign button located in the Apple Wallet key section of the user's profile.

Doing so displays a series of options to send the key, depending on the browser you're using. Nebula uses Web Share functionality so that you can share the key via your preferred secure channel.

For example, if you use Safari, you could share the key via Mail, Messages or AirDrop as shown in the below image:

Apple Wallet key share in SafariExample of assigning an Apple Wallet key using the Safari web browser

Note that other browsers and operating systems display different sharing options.

If your browser does not support Web Share, the below default sharing options are available:

Apple Wallet key default shareAssigning an Apple Wallet key using the default options

  • Send via email

An email message containing a link to the key is automatically created in the default email application on the device you use to manage Nebula. For example, this might be Mail if you use a Mac.

Check that the recipients's email address is correct before sending the email, or add a new one if the user does not already have an existing email address in Nebula.

  • Copy link

This option copies a link to the user's key to the clipboard. You can then send the link to the user via the secure channel of your choice, such as email, Messages or WhatsApp, by composing a new message and pasting the link in the body of the message.

Use this option if you don't have a default email application set up on the device you use to manage Nebula.

Sending a link to an Apple Wallet key via Messages or WhatsApp may cause the link not to be clickable on the recipient's device, if the phone number used to send the link is unknown by the device (that's to say, it's not in the user's contacts). To ensure the best user experience, we recommend sharing the link via email.

For more information about adding a key to Apple Wallet, please visit the section on adding Apple Wallet keys.

Passcodes

Passcodes are intended to be used with locks that have keypads, for example, the Salto DBolt Touch, where a user inputs a numeric code to gain access.

Passcodes in Nebula are six-digit codes that are randomly generated by the software. You cannot enter a custom code in the Passcode field.

To assign a new passcode, press the Assign button. A six-figure code displays in the Passcode field.

Using the copy icon, you can then share the code with the user via your preferred secure channel (email, WhatsApp, etc.).

Passcode examplePasscodes are only visible once and do not display again once you move away from the user's profile screen.

Note that the number displayed in the Passcode field is only visible once. If you navigate away from the user profile page and come back to it, the number will no longer be shown.

If a user forgets their passcode, or their passcode is compromised, you need to generate a new one using the Generate button. By doing so, the previous passcode that was assigned to the user becomes invalid for that user.

Keypad disabling

For electronic locks equipped with keypads, like the DBolt Touch, the keypad is disabled for a specified amount of time if the user enters an incorrect passcode. In Nebula, by default, keypads are disabled for 90 seconds after 3 incorrect passcode attempts.

Once 90 seconds have passed, the keypad is again disabled with each incorrect attempt until a valid passcode is entered.

When the keypad is disabled, the LED of the lock blinks red and emits a short beep.

Canceling keys

You can cancel any type of key at any time to prevent it from being further used to access an installation.

Examples of cases where you should consider canceling a key include:

  • A user loses a physical key or a mobile device that holds an app key or an Apple Wallet key, or reports either as stolen.
  • A user reports that they did not receive the link to obtain an Apple Wallet key, or is unable to add the key to Apple Wallet from the link they received.

To cancel a key, click on the Cancel button located beside the key you want to cancel on the user profile screen.

  • Canceling any type of key causes the key to no longer grant access to any electronic locks on the installation.
  • When you cancel any type of key the status changes from Active to Not assigned.
  • When you cancel an Apple Wallet key, the user receives a notification from Apple Wallet indicating that the key has been disabled.

Updating keys

When you make changes to access data, such as removing an access point from an access right, an Update required message is displayed alongside the key.

Users can update their physical keys at any online access point in your installation. As a manager, you can also update user keys using an encoder. As well as assigning keys, encoders can update keys with new access point data, such as users' access rights to specific access points.

Key status

The following table is a summary of the possible key statuses that could display in Nebula. These statuses also depend on the types of keys that are assigned.

StatusApplicable key typesDescription
Not assignedKey
App key
Apple Wallet key
Passcode		The key is not assigned to the user.
Pending activationKeyA physical key that's assigned using the auto-assign feature remains pending activation until the user presents it to an online access point. If you use auto-assign and an encoder is already in the system, you can also activate keys using the encoder.
Update requiredKeyAn update to the system has been applied and the key needs to be updated. For example, a user's access rights have changed. The update can be done either at an online access point or by using an encoder.
ActiveKey
App key
Apple Wallet key
Passcode		The key has been assigned correctly and is available for use. It does not require any updates.
Contents

Salto Systems, S. L. uses third-party data storage and retrieval devices in order to allow secure browsing and gain a better understanding of how users interact with the website in order to improve our services. You can accept all cookies by clicking the "Accept cookies" button or reject their use by clicking the "Reject cookies" button. For more information, visit our Cookies Policy