Subscriber Discussion

Avigilon ACM Doesn't Allow Deleting Token Pin Codes In Identities

RK
Rashid Khan
Jun 03, 2018

Avigilon ACM doesn't allow deleting Token Pin codes in identities.

This is routed as a design security feature as pin codes are treated as password. Yet an administrator can delete and change any user's password.

There are only 2 ways of getting rid of a pin code (for a Card+PIN or PIN only configuration for example) once it's been defined:

1) Delete the token & recreate it.

2) Export the identities & tokens, make changes & import them back in.

Both solutions are ridiculous & unacceptable in my opinion as this will affect the transactions and history not to mention issues & huge time waste in bigger and or complicated systems where the user base is large.

Avigilon mention to report that as feedback & if enough people demand it then the product design team might make the change but currently it's a "feature".

What do you guys think? Do other systems allow changing pin codes?

Avatar
Brian Rhodes
Jun 03, 2018
IPVMU Certified

In most systems, PINs can be changed as a field in the identity record, or changed like a credential.  If I understand what you're explaining, ACM requires you to destroy existing PINs before adding a new one, or manually export, change, then import?

JH
John Honovich
Jun 05, 2018
IPVM

Avigilon response:

The use case that is described in the discussion will be addressed in an upcoming release of ACM. 

Timing is expected within a month.

(1)
JH
John Honovich
Jun 05, 2018
IPVM

Also, Avigilon just contacted us with an immediate workaround:

A PIN can be deleted today by entering a single digit in the PIN field and backspacing it out and selecting save.

A ‘clear pin’ function will be added in the next release.

(2)
New discussion

Ask questions and get answers to your physical security questions from IPVM team members and fellow subscribers.

Newest discussions