The Passport service is configured in the Hub Service console to communicate with the HID Global Origo Management Portal service and to communicate with your on-premises C•CURE physical access control system.

Figure 1. Hub Services Passport Architecture Flow
Hub Services Passport architecture

If the PACs system is deployed within your internal network and is not normally exposed publicly, the recommended approach is to place a reverse proxy in the DMZ. The reverse proxy allows the Passport service to be placed on an IP-based or domain-based allowlist and connect securely to the internal PACs. See the SaaS IP address ranges used for network configuration KB article.

External Systems Required to Be in Place in Your Organization

To use the Passport service, your organization must deploy the following access control infrastructure.

  • Software House C•CURE 9000 version 2.7 Physical Access Control (PACs) service
  • For digital IDs
    • SaaS tenant in the HID Origo Management Portal
    • HID Signo, iCLASS SE or multiCLASS SE Bluetooth capable readers

VMware Workspace ONE Platform Component

If Workspace ONE UEM is configured, Workspace ONE UEM must be version 2008 or later to configure Hub Templates in Hub Services.

Mobile Devices

  • Android version 4.4 or later with Workspace ONE Intelligent Hub app 20.05 or later
  • iOS version 11 or later with Workspace ONE Intelligent Hub app 20.05.1 or later