image_pdfimage_print

One of KIWIRE key technology feature is the ability to unify and integrate with external 3rd party identity source and data, this include Microsoft Active directory, Industry leading Property Management System such as Oracle Micros opera , FCS , JDS , LDAP, Radius, Social network and 3rd party database server and via industry standard API interface via XML, SOAP and other network protocol. Using integrations module you are able to deploy Kiwire solutions into your organisation network at ease.

4.1 Radius

The radius integrations module let you authenticate users connecting to your network with an external Radius servers. The external Radius servers must be available on the network and accessible to the Kiwire platform to authenticate the account login or perform accounting by add Kiwire platform IP address as  an NAS client on the external Radius server. Kiwire support authentication with multiple radius server or single server with multi profile by using realm suffix. Kiwire support 2 mode of radius integration ,radius pass thru and override profile. Kiwire also have an feature that check if the attribute replied by external radius server match with the realm , this is useful in event you have multiple profile for each users group , using profile checks we will be able check if the realm suffix requested by user match the correct realm.

 

Mode of operation & How it work.

4.1.1 Radius Pass Thru

The radius pass thru mode, let you authenticate your users with the external radius and carry forward the restriction & profiles over to the kiwire, if the user have 30 minutes credit left from the external radius , the user will also have the same 30 minutes restrictions when authenticating .

  1. User Send username and password
  2. External Radius reply authentication status and associated profiles from the external radius
  3. Kiwire will check if user and password is approved to connect , a temporary profile will be created on Kiwire Profiles database , Kiwire will optional perform a secondary check if attribute response matched with keyword set during add radius connection setup.
  4. Kiwire will send the attributes it received from the external radius to the NAS and let user connect to network
  5. Kiwire will send accounting information to the external radius server . In event of user disconnected from network , the temporary profile will be erased.

 

4.1.2 Override Profile

In the Override profile mode ,kiwire will only use external radius as authentication host only, the user if authenticated successfully will be assign a locally created kiwire profiles when login ,this is useful for multi group , single external radius server setup or if you wish to provide an different profile  for users when they connect to networks.

  1. User Send username and password
  2. External Radius reply authentication status
  3. Kiwire will check if user is authenticated successfully . A locally assigned profile to the realm will be attached to the users authentication. Kiwire will optional perform  secondary check if attribute response matched with keyword set during add radius connection.
  4. Kiwire will send the local assign profiles to NAS and let user connect to network
  5. Kiwire will send accounting information to the external radius server.

radius

Column listing

  • Realm : The realm of radius
  • Authentication Host : The accounting host for the external radius server
  • Accounting Host : The accounting host for the external radius server
  • NASID : The assume NAS ID of kiwire to the external radius server
  • Status : Enable or disabled entry
  • Action : Edit or delete the entry.

4.1.3 Add/Edit Radius

to add or edit radius entry click on the  Add Radius Connection 

Field Function
Realm Define a realm which user will use to that will trigger authentication with 3rd party radius
eg : domain, then username@domain will authenticate with the selected radius server as username / password
Authentication host The IP Address of the external Radius Server for use with authentication query
eg : 192.168.0.5:1812
Accounting Host The IP Address of external Radius Server for accounting host
: eg : 192.168.0.5:1813
Secret The shared password between NAS and the external Radius Server.
Nas Identifier The NAS client identifier for KIWIRE that will use for communication to the external radius
Profile  If no profile is selected, Kiwire will use Pass thru mode for the radius integration , if a local profile is selected, it will use local profile override mode.
Expiry The expiry date assign to the user when they 1st login to network successfully
Keyword keyword for kiwire to perform checking on the external radius reply on the attributes received. leave blank if you do not need to check for attributes match checking function
Data type The data type of the attributes.
Zone restriction Default Zone restriction assign to user that login thru external radius when they login , leave it to “none” if you do not wish to assign restriction to users.
Enabled Enable or disable this function

 

4.2 Microsoft Active Directory Authentication

The Integration module for Microsoft active directory let you authenticate network user access via their credential with your existing Microsoft Windows server active directory.  In Active Directory, objects are organised in a number of levels such as domains, trees and forests. At the top of the structure is the forest. A forest is a collection of multiple trees that share a common global catalog, directory schema, logical
structure, and directory configuration. In a multi-domain forest, each domain contains only those items that belong in that domain. Global Catalog servers provide a global list of all objects in a forest. Kiwire allow you to map active directory user associated groups with a local kiwire profiles.

How it work

msad

  1. User Send username and password to Kiwire ,Kiwire will connect to Microsoft active directory services and perform authentication
  2. if request is to primary forest tree domain , active directory will check with its domain for correct node to perform authentication.
  3. Active directory will revert the authentication status .
  4. A locally assigned profile will be attached to the users authentication. Kiwire will send the local assign profiles to NAS and let user connect to network
  5. the Profile and authorisation will be send to the nas and user will be able to connect.

For Kiwire to authenticate with your Microsoft Active directory, you are required to provide an read only Domain administrator privileges account in order to to authenticate user active directory credential. To access active directory integration module go to Integrations > Active Directory.

Field Function
Domain Controller Hostname or IP Address of Active directory server
Note* please ensure kiwire is using the active directory DNS setting to ensure compatibility.
Account Suffix Account suffix for your domain.eg:@mydomain.local
Domain Admin Username The account that have Administrator access level to the Active directory
Domain Admin Password The Password of the Administrator access account
Base DN the user and group base DN
Link with profile Default profile assign to active directory users login , however you can map active directory users groups with local profile using the group maping function, user group that are not mapped will be default to the default profile.
Zone restriction Default Zone restriction assign to user that login thru external radius when they login , leave it to “none” if you do not wish to assign restriction to users.
Enabled Enable or disable this function

Note :

  • you can use Diagnostic active directory to verify if your configuration are successful. if there is connection or credential issue the error will be displayed.
  • To determine your Base DN . please refer to your active directory setup .
    DC_information

 

 

 

 

 

 

 

 

 

 

 

 

4.2.2 Active directory Mapping

One of kiwire new feature is capability to map active directory users groups with a local profile , this allow you assign relative local profile such as different groups with different profiles. The mapping screen will list all associated Active directory groups [ Group name ] with the local profile [ Link to profile ] . If a user is a member of multiple groups the priority will determined which profile the user will be assigned to. Please save the Active directory configuration pior using the Mapping function.

To add new group mapping , click on the ” Create Group Mapping ” button.

Field Function
Group Name Click on the select box , Kiwire will connect to the active directory server and load the available group from active directory services.
Link to profile The Local profile assign to the selected group
Status Enable or disable the mapping
Piority The piority of the group mapping order , used when users is member of multiple groups
Zone restriction Default Zone restriction assign to user that login , leave it to “none” if you do not wish to assign restriction to users.

4.3 LDAP

Kiwire The Lightweight directory access protocol (LDAP ) connector module  let you authenticate user credential using a LDAP version 3 server.To access the LDAP intergration module go to integration -> LDAP

itx_ldap

Field Function
LDAP IP/Hostname Host name or IP Address of ldap server
LDAP Port Ldap server port
Relative distinguished names (RDN ) The rdn ldap setting for the ldap server , refer to your network or organisation ldap administrator for schema . For more information on RDN refer to notes bellow.
Link with Profile Integrate with a default profile when user first login.  *see account*
Enabled Enable or disable this function

 


Note : RDN/DN

The LDAP integration references an LDAP object by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas.

An RDN is an attribute with an associated value in the form attribute=value; normally expressed in a UTF-8 string format. The following table lists typical RDN attribute types.

itx_ldap_info

A LDAP entry is made up of a collection of attributes that have a unique identifier called a Distinguished Name (DN). A DN has a unique name that identifies the entry at the respective hierarchy. In the example , John Doe and Jane Doe are different common names (cn) that identify different entries at that same level.

A DN is also a fully qualified path of names that trace the entry back to the root of the tree. For example, the distinguished name of the John Doe entry is:

cn=John Doe, ou=People, dc=myldap.com

A Relative Distinguished Name (RDN) is a component of the distinguished name. For example, cn=John Doe, ou=People is a RDN relative to the root RDN dc=myldap.com.


4.4 Social Network Integration

The popularity of social network has make popular social network such as facebook , wechat and other social network become a source of identity integration. Kiwire social network integration enable you to authenticate user with their social network account prior login to system this is an popular option for public internet access as you are able to gather user profile instead of sign up page. To access Social network integration go to integration > Social Network. Popular social network supported are

  • Facebook
  • Instagram
  • WeChat
  • Google+
  • Twitter
  • Vk+
  • more coming soon.

How it work edx_sns

  1. User will connect to network ,  captive login screen will be displayed with social login options
  2. User select social network login and login
  3. Kiwire will connect to respective Social Networks and perform authentication , Kiwire will perform data pull with users approval for demographic information
  4. Kiwire will authorised user to login with a selected profiles & policy.

Field Function
Enable Facebook Login Enable or disable Facebook login
Facebook Page Your organisation facebook page  if you have
, please type the pagename only, eg if your facebookpage is www.facebook.com/synchrowebtech, the page name will be “synchrowebtech. if this is set, user will have option to like your page during authentication.
Google+ Enabled Enable or disable this Google+ social network
Twitter Enabled  Enable or disable Twitter login
Twitter Page  your twitter profile/page
Instagram Enabled Enable or disable Instagram login
VK Enabled Enable or disable VK social login
Wechat Enabled aaa Enable or disable Wechat login
Wechat App ID your wechat page app id
Wechat App Secret key Your wechat page secret key
Wechat App Shop Id Your wechat page Shop Id
Link with Profile Link with a assign profile , user will automatically be assign to this profile when the login in.

 


Note : Social login require list of domain or ip address of the social network to be in white list / wall garden in order for the authentication to work.


Video example

video example on Configure integration -> social and use page maker to create a social login page

4.5  Microsoft / Office 365

The Microsoft / Office 365 module let you authenticate users using Microsoft / Office 365 services.

Field Function
Enable Microsoft / Office 365 Login Enable or disable the authentication services.
Link to profile The Local profile assign to the selected group
Zone restriction Default Zone restriction assign to user that login , leave it to “none” if you do not wish to assign restriction to users.
Domain Allowed Set the domain from Microsoft/Office 365 services allowed to login to restrict to your allowed domain users.

4.6  Email

The mail module let you integrate & synchronise kiwire collected email account with popular cloud e-mail marketing software such as madmini and mailchimp. when user sign up using the email will be collected and send to the e-mail marketing system and visitor data record.To add more field to be capture during sign up , please use the visitor record data field to add.

How it work

edx_mail

  1. User will perform account sign up and login to network
  2. Kiwire will authorised the user to login to network
  3. The define profile and policy will be applied to users.
  4. Kiwire will send user’s sign up email address to cloud mail provider.

4.6.1 Mail Chimp

The first cloud email marketing engine supported are Mailchimp.

Screen Shot 2017-01-05 at 3.14.30 PM

Field Function
MailChimp API key Your Mailchimp api key, refer to note bellow on setup
MailChimp List ID Your mailchip list id , refer to note bellow on setup.
Enabled Enable or disable this function

 


Note :  Setup for Mailchimp

  1. Login to your mailchimp account, click on extras-> API keys for api Keys
    mailchimp1
  2. Click on “Create A Key” to create your api key.
    mailchimp2
  3. For list id , enter the list under setting , there will be the list id.
    mailchimp3

4.6.2 : Madmini

Screen Shot 2017-01-05 at 3.15.13 PM

Field Function
Mad mini email/username Your mad mini account username
Mad Mini API Your Mad mini API , refer to note1
Mad Mini List The mail list which user email will be added to
Enabled Enable or disable this function

 


Note : Setup for  madmini

  1. Login to your mad mini dash board , select “add things”
    mad_mini
  2. Under Mailer API , click on “ON” and click “Go set it up”
    mad_mini2
  3. You find your madmini api key here .
    mad_mini3

 

4.7 SMS

The SMS module let you setup SMS gateway over the internet.  The sms module are use for any sms sending operation on Kiwire  such as sms campaign , as well as sms login function . Using SMS module ,  you can option for user to use OTP as password, OTP to complete the SMS sign up as well as a new OTP code for every login .

Note : depending on your configuration of password security setting at Configuration -> Setting , if its set to high , all OTP code generated is alphanumeric and if set to low all the OTP code will be numeric only.

How it work :

edx_sms

  1. User perform signup , kiwire will determine if the login box is sms to verify the account creation or mobile as mobile no , sms will be the user password.
  2. Kiwire will create a SMS message with the message composition under SMS setting
  3. SMS gateway will send the SMS to user mobile no
  4. user will key in the SMS code .

Field Function
Enabled Enable or disable the SMS intergration function
Cloud SMS Platform  Select the Cloud SMS gateway platform from “Twillio” or “Synchroweb” or “Generic”
Mode Select operation mode

  • Send 1 SMS during registration : user will use the same code/password for subsequent login or use the SMS code as verification.
  • User need to login every time with new code/password : a sms will be send for every login. User will be required to key in the code every time they login.
Message The SMS message , the generated password/code will be attach at the end of the text.
Link with Plan Integrate with a define plan *see account*
Expiry The expiry for new account sign up.

4.7.1 : Twillio Cloud SMS gateway

The Twillio Cloud SMS option let you configure twillio as your cloud sms gateway.

itx_sms_twillio

Field Function
Twilio Phone No The phone no associated with your Twilio account
Twilio SID Your Twilio SID
Twilio Token Your Twilio Token

4.7.2 : Synchroweb

The Synchroweb tab is for configuration of Synchroweb cloud sms gateway.itx_sms_synchro

Field Function
Synchroweb Cloud SMS Account no Your Synchroweb Cloud account no
Synchroweb Cloud SMS Key Your Synchroweb Cloud Cloud Key.

4.7.3 Generic

Due to the complexity and availability of other numerous cloud or internet sms gateway around the world, The generic sms tab let you adapt and use those internet sms gateway as your sms gateway, a common sms protocol around all sms gateway provider is the support of “post” and “get” sms sending API. by configuring the Generic tab to suit your sms provider you are able to utilise our open interface. Please saved the Generic tab first in order to be able to select the generic provider from the drop down of sms gateway provider.

itx_sms_generic

Field Function
Provider Name  The name given for the sms provider , it will be displayed drop down selection of sms cloud gateay list
Request Method The method to access your sms provider either via “GET” or “POST” protocol , refer to your sms gateway provider.
Full URI The url of the sms gateway to send sms , refer to your sms gateway provider . Additional variable can be insert by adding to the url  as url variable such as “account=var1&pass=var2”
Variable name for message The variable for message encapsulation , refer to your sms gateway provider. The content of the message will be generated by kiwire system
Variable for phone no The variable for phone no encapsulation , refer to your sms provider.

Example

In this example we assume our sms provider is call acme sms gateway,and the http get method to trigger sms sending is ” http://gateway.acmesms.com/sendsms.jsp?accountno=[accountno]&password=[password given]&mobileno=[phoneno]&msg=[sms text] ”
where the account no given is “myaccount” , password is “pass123” . the setup for the acme gateway will be as follow , kiwire will append the replace the msg and mobile no as per tag and generate the full url and send the actual sms

4.7.4 : SMS Prefix

The SMS prefix , let you add prefix which user can be used during registration this ensure only allowed prefix are allowed to register. It also allow you to control which country phone no are allowed to use the sms functionality.

itx_sms_prefix

4.7.5 : video example

4.8 PMS : Oracle Micros

The PMS : Oracle Micros connector is a dual channel connector for Oracle Opera Front office system .This enable you to let guest/user to login using their room no and password using information provided during check-in process via the PMS ( Property management system) software and post charges to the guest folio. This module also let you automatically activate or deactivate the room account based on check-in and checkout information.

How it work

edx_pms

  1. user check into the hotel
  2. Front desk will check-in the guest into Hotel PMS software
  3. PMS software will send guest check-in information ( name , vipcode , status ) to Kiwire Platform
  4. Kiwire will perform policy & profile update to the room no account as well unlock the room no account
  5. User when connect to network will be authorised to connect.

itx_pms_opera

 

Field Function
Micros System Host/IP The Hostname or ip address of the micros system to connect to.
Micros Port The port of Micros TCP for connector to connect to
Guest Password Setting Refer to table bellow
Predefine Password if Guest password setting is set to predefine , fill in the predefine password here.
Password Match Percentage Set the percentage of SMART password match engine, a higher value will require more words or
character to be matched. a lower value will allow a more relaxed password matching , this is useful if you set guest name as password, the guest can use any part of its name as password
Default check in login page function Enable or disable a default plan or login page to be associated with the user when check in
Default Login Page If enabled “ Default check in Login page” the page/plan used.
Enabled Enable or disable the module
Status Running or Off

Note : you can shutdown the interface by clicking on “Shutdown interface Button” , the “Database Swap Button ” is to initialize database swap / synchronization where it will pull latest information from Oracle Micros .

Guest Password Setting
User Define Password Set a predefine password where guest will use as password when room is check-in
Room-no as password Set the Room no as password when room is check in Eg : room 1001 , password 1001
Guest Firstname Uses Guest first name as password, KIWIRE has built in smart password matching
engine where a guest name as long percentage of the name is match the password will be accepted
Guest lastname Uses Guest last name as password. KIWIRE has built in smart password matching
engine where a guest name as long percentage of the name is match the password will be accepted
Guest Fullname Uses Guest full name as password, KIWIRE has built in smart password matching engine
where a guest name as long percentage of the name is match the password will be accepted
System Generated System will generate a Random password for the guest, Password generated a vocal based eg “ vovola” to enable ease of entry.

 

Note :  You are required to create the ROOM no as users pior initial connection to PMS , PMS will only send status of check-in , check out , room move and information change to kiwire, it will not create room on demands. room no that does not exist Kiwire platform will be ignore by Kiwire platform when PMS send the information over.

opera_interface_code
Note :  Kiwire Opera Interface Code

4.9 PMS

For organisation that use property management system. The PMS module let you integrate your PMS software via tcp/ip socket or over the cloud. With the PMS module ,  Guest check-in will synchronise the PMS software guest check in with kiwire system. To let guest/user to login using their room no and password using information provided during check-in process via the PMS ( Property management system) software. The module also support payment posting to PMS system and this module also let you automatically activate or deactivate the room account based on check-in and checkout information.  To set this please go to
Integration > PMS. Supported PMS are

  • Cloud
    • IDB
    • Generic
  • Socket
    • JDS :Winpac
    • FCS :Hospitality
    • 3CJ : PMSI

itx_pms

Field Function
PMS Type  Select the PMS type of either “Cloud” or “Socket” adn the correct type.
Guest Password Setting Refer to table bellow
percentage of password match Set the percentage of SMART password match engine, a higher value will require more words or
character to be matched.
Default check in login page function Enable or disable a default plan or login page to be associated with the user when check in
Default Login Page If enabled “ Default check in Login page” the page/plan used.
Enabled Enable or disable the function

 

Guest Password Setting
User Define Password Set a predefine password where guest will use as password when room is check-in
Room-no as password Set the Room no as password when room is check in Eg : room 1001 , password 1001
Guest Firstname Uses Guest first name as password, KIWIRE has built in smart password matching
engine where a guest name as long percentage of the name is match the password will be accepted
Guest lastname Uses Guest last name as password. KIWIRE has built in smart password matching
engine where a guest name as long percentage of the name is match the password will be accepted
Guest Fullname Uses Guest full name as password, KIWIRE has built in smart password matching engine
where a guest name as long percentage of the name is match the password will be accepted
System Generated System will generate a Random password for the guest, Password generated a vocal based eg “ vovola” to enable ease of entry.

4.9.1 : Cloud PMS

The cloud PMS tab let you configure your cloud pms interface .

itx_pms_cloud

Field Function
Cloud PMS URL The Url of  cloud pms system for your organization
Cloud Project ID The Project ID for your cloud PMS system
Cloud Token The token for your IDB cloud PMS system

4.9.2 : Socket PMS

The socket PMS tab let you configure your tcp/ip based communication  PMS software.

 itx_pms_socket

Field Function
Listening PORT The Kiwire  listing port no which PMS software  will connect to
HOST/IP Address The Ip address of the PMS software
TCP Port The Tcp port which PMS software listen to.
Enabled Enable or disable the function

4.9.3 : VIP Code

This VIP code tab let your override the default charges or profile when guest check in via PMS, this vip code is correspondence to the PMS VIP code system. This is useful if you want to provide different level of services or charges based on the profile of the check in guest.

itx_pms_vip

4.10 PMS Guest Queue

This module will report and track the guest check-in record. The record can be filter by room no , name and by date duration of check in. The default will list the last 24 hour of guest check in . use the date selection option to search for record of the selected date.

Screen Shot 2017-01-05 at 3.22.58 PM

4.11 Omaya / LBS

The Omaya / LBS option let your integrate your Kiwire Platform with your Omaya / LBS (location based services) account. Omaya / LBS is an wifi / beacon location services that track users based on their smart devices such as mobile phone or smart watch.

itx_omaya

Field Function
Enabled Enable or disable this function
Client ID your omaya account client ID.
Secret Key your omaya account secret key.


4.12 Kiwire API

Kiwire have built in API ( application protocol interface ) that let you connect and manipulate user credential data from your own develop application. For technical information on the Kwire API specification please refer to Kiwire API resource
Screen Shot 2017-01-05 at 3.25.23 PM

Field Function
Enabled Enable or disable api access
Authentication Key Shared secret key between the your application and kiwire when communicate, type in a shared key or use “Generate Key” button to generate one.

 4.12.1 API permission

itx_api_perm
The api permission tab let you configure the api permission given to the connecting host.