Expiration and validity in Nebula Beta
Overview
In Salto Nebula there are two broad ways of defining the validity of users and their keys:
- User validity: giving users time-limited access to the system.
- Key validity: either through the Key renewal duration option or the Card key updater option.
This section of the user guide explains these options in more detail.
User validity
You can give users time-limited access to the system using the Valid from and Valid until fields on the individual user's profile page.
See the section on creating users for more detailed information.
Key renewal duration
The key renewal duration option allows you to define the maximum time a key is valid before requiring an update. For this option, "key" can refer to different types of keys. For example, it could be a physical key such as a keycard, fob or wristband, or a digital key, like an Apple Wallet key or an app key. This duration defines the effective lifespan of a key, after which it must be updated to maintain access privileges.
This option improves overall security as it makes sure users have to present their key at an online access point within the defined period to keep having access to an installation. At the same time, whenever their key is presented to an online access point, their access rights and other associated data are updated to reflect the latest changes in the system.
For example, if key renewal duration is set at seven days, access rights are extended for another seven days every time the user presents their key at an online access point, even if the key has been updated the day before.
Key renewal duration is set by default to seven days, but you can change this to 14 days, if required.
Key renewal duration is crucial for ensuring security in the system, as it determines how frequently keys need to be renewed. Be aware of the security implications of extending the duration to 14 days.
This is a global setting which applies to the entire installation. You can find it in the Settings > General section of Nebula.
As it's a global setting, Key renewal duration applies to all active keys in an installation. It cannot be applied on a per user or per access point basis.
Card key updater
Card key updater is an option that can be enabled or disabled on specific access points in the system. It refers to SVN-Flex updates that are activated by an electronic lock when a user presents a physical key like a keycard, fob or wristband.
SVN-Flex
Before detailing the card key updater feature, it's important to have some understanding of Salto's SVN-Flex system. Based on Salto's BLUEnet wireless communications technology and SVN core technology - which was introduced in the Salto Space platform, the SVN-Flex functionality extends and increases the number of updating points to any access point in the system.
This means that any online access point in your installation can be an updater point, so that users can use them to update their keys. For example, an employee presents their keycard at a staircase access point, this gives them new access rights to use a meeting room on that floor.
This option is not applicable to access points where their associated devices are offline.
For example, a user who passes through an online perimeter access point (a controller with a reader) updates their key. If a manager then disables this option, when the user passes through the same online point again, the system won't launch an SVN-Flex update again on that specific lock.
When the SVN-Flex process is turned off, the user experience when unlocking access points is improved. For example, users don't need to wait for the process to complete when they hold their physical keys at the reader on the lock. See also the section on unlocking best practices.
However, you should be aware of the security implications when disabling this option on specific access points. Also, in a number of cases, updates to an installation's access plan are not continuous, so the SVN-Flex update process has no effect.
Disabling card key updater
The Card key updater option is enabled by default for online access points in Nebula. To disable it, go to Devices and select the individual device that you want to apply it to in the Access point section of the associated device. Uncheck the option.
See also the devices section of the user guide.
Be aware that the more access points that have the Card key updater option disabled, the more insecure your system can become.