Skip to content

Access Control

The Access Control module integrates CautaReside with the physical access systems at your facility — gate barriers, pedestrian turnstiles, lift floor-locks, lobby doors. When a resident's status changes (moves out, suspended for non-payment, lease ends), their physical access updates automatically.

What residents see

Residents have an Access tab if your facility uses access control:

  • My credentials — RFID cards, keypad codes, or biometric enrolments tied to their account.
  • Last access — most recent gate / lift / door event.
  • My household — credentials for family members or domestic staff registered to their unit.
  • Request a card / code — for new household members.
  • Report a lost card — immediately revokes; system issues a replacement workflow.

What facility admins do

Connect a hardware integration

Settings → Access Control → Integrations:

CautaReside supports common access-control vendors via webhook integrations (your CautaReside operator can confirm which ones — current first-class integrations: ZKTeco, Hikvision, Dahua). Additional vendors can be added per facility on operator request.

Each integration is configured with: - Vendor + product - Endpoint URL (the local controller's IP, or a cloud relay endpoint) - Authentication credentials - Sync frequency

Once connected, CautaReside syncs: - New residents → enrolled with credentials - Suspended residents → access revoked - Move-outs → credentials disabled on the lease end date - Visitor passes → temporary credentials for the visit window

Issue credentials

Access Control → Issue Credential: - Pick the resident - Pick the credential type (RFID card, PIN, fingerprint) - For RFID: scan the card to register the UID - For PIN: system generates a secure random PIN - For fingerprint: enroll at the facility's enrolment terminal - Set expiry (typical: aligns with lease end + 30 days)

The credential immediately provisions on the access controllers.

Revoke / replace

For lost cards or terminated tenancies: - Revoke → controller stops accepting that credential within seconds - Replace → revokes old + issues new in one step

Visitor credentials

When a visitor pass is issued (Visitors module), the system can optionally issue them a temporary access credential: - One-time PIN, valid for the visit window - Or temporary RFID card (collected at the gate)

This avoids the guard manually buzzing every visitor in.

Reports + dashboard

Access Control → Reports: - Access events — who entered/exited where, when - Failed attempts — declined credentials (revoked card used, wrong PIN, after-hours attempt) - Tail-gating events — multiple entries in quick succession through one credential (suggests credential sharing or piggy-backing) - After-hours access — entries outside permitted hours

A Dashboard tab sits alongside Reports with KPI tiles + charts for the current period: devices online vs offline, scan events per hour, top entry points, denials per category. Same period selector pattern as other module dashboards.

IP allowlist (admin access restriction)

For facilities that want to lock down which networks can reach the CautaReside admin surface (separate from the device + credential flows), Settings → Access Control → Admin IP allowlist lets mgmt pin the admin login + dashboard to a set of allowed public IPs / CIDR ranges. Useful when the facility office sits behind a fixed-IP business connection and you want to refuse admin sessions from arbitrary networks.

  • Empty list = no restriction (any IP can attempt login, subject to the normal credential + 2FA gates).
  • Populated list = only the listed IPs / CIDRs can reach the admin endpoints; all others get an opaque 403.
  • A facility default allowlist is also available — operator- level — that applies across new facilities until they configure their own list.

Compliance

  • GDPR / Ghana Data Protection Act — biometric data is encrypted at rest and accessible only to your designated DPO.
  • Retention — access events default to 12 months, configurable in Settings → Access Control → Data Retention.
  • Audit — every credential issue / revoke is logged with who, what, when.

Common workflows

Move-in

  1. Resident's lease starts in CautaReside.
  2. Issue credentials in the Access Control module.
  3. Resident receives card / PIN at handover.
  4. System auto-tests: verify card registers an entry on first use.

Move-out

  1. Lease end date reached (or move-out workflow completed).
  2. Credentials auto-disable on the configured cutoff (default: lease end + 7 days for grace).
  3. Cards collected at handover; the system flags any that weren't returned for follow-up.

Suspension for arrears

If a resident's account goes 60+ days past due (configurable): - Credentials are not revoked automatically (legal risk). - A warning is logged + management notified. - Manager can choose: keep access, restrict to certain doors only (e.g. resident can enter their unit but not the gym), or revoke.

The exact policy is set per facility — talk to your CautaReside operator about your jurisdiction's legal constraints.

Tips

  • Test integrations regularly — controllers occasionally lose network connectivity to CautaReside. Schedule a monthly verify to ensure sync is current.
  • One credential per person, even within a household — when there's a security incident, you want to know exactly who entered.
  • Don't share PINs — even between spouses. Issue both spouses their own PIN. The audit log only tells you who's PIN was used, not who used it.
  • Lose-card workflow > deactivation — if the resident reports a lost card, revoke immediately even if you suspect it's misplaced rather than stolen. Re-issue on recovery is easy.
  • Access events feed your security incident reviews — if there's a break-in or theft, the access logs from that day are your first point of investigation.

Process flows

End-to-end procedures the security / mgmt team runs day-to-day. Steps are anchored to the actual UI labels.

Grant a user gate access

New resident moves in, or staff member is hired.

  1. Access ControlUsers+ Grant access.
  2. Pick the user from the facility-user dropdown (residents and staff are both eligible).
  3. Pick which gates the user may transit — tick all that apply (most residents need only the main gate; staff often need service + main).
  4. Pick a credential method:
  5. PIN — system generates a 6-digit code; user receives it by email + SMS.
  6. RFID — physical card; mgmt scans the card at the desk to bind it to the user.
  7. Mobile — push-based unlock, requires the resident app installed.
  8. Set an auto-revoke date if the access is temporary (lease end-date, contract expiry).
  9. Save → access is live within ~15 seconds at every selected gate.

Revoke gate access (offboarding)

Resident moves out, or staff member is terminated.

  1. Access ControlUsers → search for the person.
  2. Tap the row → Revoke.
  3. Pick a reason (Move-out / Termination / Lost credential / Other) — drives the audit trail and any optional automatic actions (notify HR, etc.).
  4. Confirm. The credential is invalidated immediately; subsequent attempts log as Denied — revoked.
  5. If the revocation is temporary (e.g. resident on holiday), use Suspend instead — preserves the credential for future reactivation.

Audit who has access to a specific gate

Periodic security review, or a board / HOA request.

  1. Access ControlGates → pick the gate.
  2. The right-hand panel lists every active credential for that gate, the user it's bound to, and the last-used timestamp.
  3. Use Filters to narrow by role (residents only / staff only) or by last-used (≥ 30 days idle is a candidate for review).
  4. Export CSV for the board / HOA write-up.
  5. Spot-revoke any stale credentials directly from this view.