What is an "SMB tag"?: "SMB tags" refers to the available physical credentials, which are SMB Key Tags and SMB cards. The functionality and configuration for the different tag types are the same; the only difference is their physical shape and size.
An SMB tag (i.e. Key Tag or card) provides an alternative credential to the Gallagher SMB app, should the user not want to use their phone.
An SMB tag can also be used to arm and disarm a site. Using an SMB tag, a single badge at the reader disarms the site and a double badge at the reader arms it.
A tag can also be used by someone who doesn’t want to (or can’t) bring a phone to site. Examples are courier drivers, gate access, locker access, shared facility access, or access to an area or site that is not armed (24-hour site).
SMB tags are assigned to users using the Gallagher SMB app. A tag can be assigned when the user is created or assigned to an existing user. Any user role can be assigned a tag: Site Manager, Site Admin, or Site Member.
Tags are purchased from your install partner. Only Gallagher SMB Tags can be used with the SMB solution.
Tags must be enabled for your site by your Technician, for you to assign them.
Tags must be assigned using a mobile device, not via the browser version of the app, to ensure secure provisioning of the credential.
Only Site Managers can assign tags. The Site Manager must log into the Gallagher SMB app (authenticate themselves) before a tag can be assigned.
When a tag is assigned, the Gallagher Cloud will encode site-specific data to the tag using the phone’s NFC. Most Android phones support NFC. NFC must be enabled on the Android phone and enabled for the Gallagher SMB app. Only iPhone 7 (or later) supports NFC. iOS 13 (or later) is required.
A user can be assigned only one tag per site. If the user exists across multiple sites (the same email address is used, and the Site Manager confirms this is the same person), then the one tag can be used for multiple sites.
Assigning a tag to a new user
To assign a tag while creating a new user, perform the following procedure:
Navigate to the My Team screen within the SMB app.
Select the + ADD USER button. The New User screen displays.
Populate the required fields.
Note: If the user does not need to use the app (i.e. they only use tags or User Codes), uncheck the Mobile App User check box. For example, for a cleaner or a courier, or when the user of the tag is not always the same person.
Select the NEXT button.
The Privilege screen displays.
If you are a Site Manager for more than one site, a list of sites appears. Toggle on the Sites for which this user requires privileges.
Select whether the user is a Site Manager, Site Admin or Site Member (for Access Control only). See User Privileges for more information on what each role can do.
If you selected 'Site Admin', select which areas of the site they can arm and disarm. If you selected 'Site Member', select which areas they can access. Site Managers have privileges for the entire site.
Select the SAVE button.
The Credentials screen displays.
Select the ASSIGN TAG button.
Notes: - This button allows you to assign all types of tags, i.e. Key Tags and cards. - This button is only available for Site Managers in the mobile app if the site has tags enabled. Enable the 'Site uses tags' option in Site Details.
The 'Ready to Scan' pop-up displays.
Present an SMB tag to the phone. If the assignment is successful, the tag will show as assigned to the user.
The tag can now be used to request access at the doors that enter into the user’s privileged areas.
If the user belongs to multiple sites, you must use the multi-site feature to switch sites and assign the tag to the user within each site.
Assigning a tag to an existing user
To assign a tag to an existing user, perform the following procedure:
Navigate to the My Team screen within the SMB app.
Search for the user and click the downward arrow on their user card for more options.
Select the Credentials button.
The Credentials screen displays.
Select the ASSIGN TAG button.
Notes: - This button allows you to assign all types of tags, i.e. Key Tags and cards. - This button is only available for Site Managers in the mobile app if the site has tags enabled. Enable the 'Site uses tags' option in Site Details.
The 'Ready to Scan' pop-up displays.
Present an SMB tag to the phone. If the assignment is successful, the tag will show as assigned to the user.
The tag can now be used to request access at the doors that enter into the user’s privileged areas.
If the user belongs to multiple sites, you must use the multi-site feature to switch sites and assign the tag to the user within each site.
If the user belongs to multiple sites, one tag can be used for multiple sites. Simply switch sites in the Gallagher SMB app and assign the tag to the user within each site.
The user must have the same email address across all sites.
The same tag cannot be assigned to different users on different sites.
If a Tag Only user belongs to multiple sites, they require a separate tag for each site. This is because the system cannot verify the identity of a Tag Only user, as an email address has not been entered.
A Site Manager can remove a tag from a user at any time. When the tag is removed, it can no longer be used on the site. The removed tag can then be assigned to another user.
To remove a tag from a user, perform the following procedure:
Navigate to the My Team screen within the SMB app.
Search for the user and click the downward arrow on their user card for more options.
Select the Credentials button.
The Credentials screen displays.
Select the Remove button.
The tag is removed from the user.
If the user belongs to multiple sites, you must remove the tag within each site.
If a tag has been misplaced or left in an insecure location, a Site Manager can disable the tag. A disabled tag can no longer be used on the site. When the tag is located, it can be enabled.
To disable a tag, perform the following procedure:
Navigate to the My Team screen within the SMB app.
Search for the user and click the downward arrow on their user card for more options.
Select the Credentials button.
The Credentials screen displays.
Select the Tag - Active toggle.
The tag is disabled and can no longer be used on the site. When enabled, the tag can be used again.
If the user belongs to multiple sites, you must disable the tag within each site.
If the Site Manager has an internet connection, they can modify the privileged areas that a Site Admin or Site Member can access at any time. Changes take immediate effect. The Site Manager need not interact with the user or their tag.
A Site Manager can identify a tag's owner by simply scanning the tag at their phone. This is useful when distributing tags to users, searching for a user within the system, or challenging the tag holder.
To scan a tag, perform the following procedure:
Navigate to the My Team screen within the SMB app.
Select the SCAN TAG button.
The 'Ready to Scan' pop-up displays.
Present an SMB tag to the phone.
If scanning is successful, the tag owner’s name will display with a link to navigate to the user’s details.
If you are a Site Manager for multiple sites, the site name will display below the tag owner’s name. Navigate to that site to modify the user’s details.
FIDO Alliance (Fast Identity Online Alliance) is an internationally recognised organisation with an open standard, which Gallagher has implemented to enable fast, simple, and secure logon to the Gallagher SMB app. Behind the scenes, each user has a credential stored on their phone as part of the onboarding process. This credential is a security mechanism that allows our app to verify that the person accessing the cloud service is using an authorised device.
As part of the onboarding process, each user chooses a second means of authentication for logging into the app (the first means of authentication is the credential stored on their phone). The options presented to the user will depend on the options supported by their mobile phone. These include a passcode, or a biometric logon such as a fingerprint or facial recognition.
The value of FIDO authentication is that it provides a high level of security while being very simple to use. Each invited person chooses a means of logging into the app, which they are already familiar with because they already use this to unlock their mobile phone (e.g. a PIN, passcode or fingerprint).
FIDO’s main purpose is to provide a secure and simple means of authenticating from a mobile app to internet-based servers. They particularly wanted to remove the need for people to use passwords on the web, as weak or hacked passwords are known to be a major reason for security breaches.
There are three user roles within the system, each with different levels of privileges. These are Site Manager, Site Admin, and Site Member.
Site Managers have full access to the system. They can:
Receive alarm activation notifications and the optional Late to Arm reminder notification.
Manage an alarm incident, including claiming and silencing the alarm, requesting a guard, and closing an incident.
Add, edit, and remove users, and manage which areas Site Admins and Site Members have privileges for.
Lock and unlock doors remotely.
See the History Log.
Set the Late to Arm notification time.
Do everything Site Admins and Site Members can do.
A Site Admin can be given restricted or full access to the site. They can:
Arm and disarm the system remotely, for the areas they have privileges for.
Gain access through doors they have privileges for.
Start the door unlock schedule by being the first to request access at the door during the period it is scheduled to be unlocked.
They can also be given the following privileges by a Site Manager:
Remote lock/unlock doors to selected areas.
Remote arm/disarm selected areas.
Without the above two privileges the use must be onsite and at a reader to complete the actions.
The Site Member is the most limited user role. They can access a locked door only if the site is already disarmed.
Only a Site Manager can delete a user within the SMB solution.
Note: The key account holder entry cannot be deleted. However, the account holder’s details can be updated.
Navigate to the My Team screen within the SMB app.
Search for the user and click the downward arrow on their user card for more options.
Click the DELETE button.
A 'Delete User' confirmation pop-up will appear showing all the sites to which this user has access.
Click CONFIRM to delete the user or CANCEL to go back to the 'My Team' screen.
Once a user is deleted
Deleting a user removes the user's privileges to all sites that you are a Site Manager for and can see that they are assigned to. If you are not the Site Manager for a site the user is allocated to, their privileges to that site are not removed.
When a user is deleted, any historical event records associated with that person will retain the person's name and the date and time the action occurred. This includes incidents they have claimed or closed and interactions they had with the security system to arm or disarm areas.
Only a Site Manager can disable a user within the SMB solution.
Navigate to the My Team screen within the SMB app.
Search for the user and click the downward arrow on their user card for more options.
Select the Privileges button.
Disable the toggle next to the site for which you want to disable this user's access.
Click the SAVE button.
Once a user is disabled
Disabling a user removes the user's privileges for the site on which the toggle was disabled.
The Gallagher SMB security solution provides customers with the ability and flexibility to allocate different roles and credentials to different users across different sites, to meet their security and operational needs. Customers can create an unlimited number of users at no additional cost (except for SMB Key Tag users, as tags must be purchased).
The three user roles all have different levels of privileges. These are Site Manager, Site Admin, and Site Member.
.
The four types of credentials are Mobile Credentials via the SMB app, SMB Key Tags, User Codes, and SMB Cards.
Site Managers can add new users to the solution through the Gallagher SMB app or the . The web app is only supported by the Chrome and Safari web browsers.
Navigate to the Team screen within the SMB app.
Select the + ADD USER button.
Enter the new user's first and last name, email, and mobile phone number.
Notes:
The Mobile App User check box is selected by default. The user must be a Mobile App User in order to be a Site Manager.
'Email' and 'Phone' are required for all App Users.
The email address must be for an inbox that the user can access on their phone. The email address is used to link the user across sites; if they require access to multiple sites from the SMB app, the same email address must be used.
Select the Next button.
The Privileges screen displays.
If you are a Site Manager for more than one site, a list of sites appears. Toggle on the sites for which this user requires privileges.
For each site, select whether the user is a Site Manager, Site Admin or Site Member (for Access Control only). See for more information on what each role can do.
Select the user's schedule for the site, to determine when they may gain access. Refer to to create a new User schedule, if required.
Notes:
The 'Schedule' option does not display if you have not .
If you select 'No Schedule', the user is granted access at all times (default access behaviour).
Only one User schedule can be assigned to each user.
Optionally select the date and time when the user can start gaining access from the Start Date field.
The user will only be permitted access from this date and time. If left blank, the user can gain access immediately.
Note: If the 'Start Date' is set to a future date, Mobile App Users still receive an invitation to register on the app immediately. Once registered, the app just displays a message indicating when they will be given access and lets them change their settings.
Optionally select the date and time when the user will stop gaining access from the End Date field.
The user cannot gain access on and after this date and time. If left blank, the user will not be stopped from gaining access.
If you selected the 'Site Admin' Role, select which areas of the site they can arm and disarm. If you selected 'Site Member', select which areas they can access. Site Managers have privileges for the entire site.
Select the SAVE button.
Once saved, an invitation is sent to the user's email address. The new user now needs to follow the steps in the email to complete their registration. The new user appears in the Team list with 'Response Pending' next to their name. This message will disappear when they log in for the first time. See below for a description of this process.
The new user now needs to follow the steps in the email to complete their registration.
Download the Gallagher SMB app.
Select the Complete Registration link in the email invitation.
Enter the 6-digit code from the text message you receive.
The Complete Registration link will expire after a few days. If it does, a Site Manager can send another from the app.
If a new user's invitation link expires or they didn’t receive the initial invitation email, it can be re-sent by the Site Manager.
Navigate to the Team screen within the SMB app.
Search for the user and click the downward arrow on their user card for more options.
Select the Invite button.
Ensure the Use a Mobile Device option is selected. For additional security, select the Require SMS verification check box.
Click the SEND button.
A new invitation is sent to the user.
There are three options for users who want to resume using the SMB app on a new mobile phone:
Sending their own invitation If the user still has access to their previous phone and they are a Site Manager, they can send themselves a mobile device invitation from the SMB App on the old phone.
Complete the above procedure "Resending the SMB Registration invitation".
On the new phone, complete the above procedure "Gallagher SMB app registration".
On the old phone, go to the My Account screen in the SMB app and select REMOVE next to the old device.
Requesting an invitation If the user still has access to their previous phone and is not a Site Manager, they can ask a Site Manager from their site to send them a mobile device invitation.
After the Site Manager has resent the mobile device invitation, on the new phone, complete the above procedure "Gallagher SMB app registration".
On the old phone, go to the My Account screen in the SMB app and select REMOVE next to the old device.
Requesting a credential If the user does not have access to their previous phone and they cannot contact a Site Manager, they can use the 'Request Credential' process to get a credential for their new phone.
Note: To use this method, the user must have apps and app settings backed up on their old phone. Otherwise, use one of the above methods.
After opening the SMB App on the new phone, the 'Request Credential' screen displays.
Enter your email address and phone number to request a credential for the new phone. The email and phone number must be entered exactly as they were initially entered in the system (e.g. including any leading zeros).
A new Complete Registration link is sent to the user's email address.
On the new phone, select the Complete Registration link that is sent to the user's email address.
Mobile devices are user-specific, not site-specific. If a user’s device is removed from the 'Credentials' section on one site, this device will be removed from all sites with which the user used the device. The devices listed on the ‘Credentials’ screen are all devices assigned to the user.
Gallagher SMB User Codes are a way of providing access to the site, as an alternative to other credential types. User Codes are unique for each user. Site Managers can generate a User Code during the user creation process or edit an existing user’s credential and generate a code. The length of newly generated User Codes is determined by the '' set by the Installer. User Codes can be deleted directly from the SMB app to revoke access if required.
SMB User Codes can be used for access. Additionally, User Codes can be used to disarm the area prior to accessing it, if the user has the privilege to disarm the area associated with the door. User Codes can also be used to arm an area.
Hardware requirement: A site must have a Gallagher T30 Keypad installed to enable the use of SMB User Codes. Once the T30 Keypad is installed and the site is activated, all User Code options will appear in the customer SMB app (including creating, viewing, and using User Codes). If the T30 Keypad is removed from the site, all User Code options are hidden in the customer SMB app. If the T30 Keypad is ever added back again, any previously-configured User Codes will remain and can be used again.
SMB User Codes are generated using the Gallagher SMB app. Any user role can be assigned a User Code; Site Manager, Site Admin, or Site Member. A User Code can be generated when the user is created, or for an existing user.
There are two options when generating a User Code; To View or To Send.
To View: The Site Manager can view the User Code and communicate it to the required recipient.
To Send: The Site Manager cannot view the User Code. The User Code is sent to the user directly via SMS. The code is sent to the mobile number entered against the user.
User Codes are automatically generated by the system. Their length is determined by the 'User Code Length' set by the Installer.
An unlimited number of users can be created, and one unique User Code generated for each of them.
Site Managers can use both the smartphone and browser versions of the app to generate User Codes.
Only Site Managers can generate User Codes. The Site Manager must log into the Gallagher SMB app (authenticate themselves) before a User Code can be generated.
A User Code is only valid on the site it was generated from. The same User Code cannot be used across multiple sites.
Site Members can only access an area using a User Code if the area is disarmed. Users with the privilege to disarm areas can disarm and access areas using a User Code.
User Codes can be generated and viewed by the Site Manager, or generated and sent directly to the user via SMS.
Assigning a User Code to a new user
To assign a User Code while creating a new user, perform the following procedure:
Navigate to the My Team screen within the SMB app.
Select the + ADD USER button.
The New User screen displays.
Populate the required fields.
Note: If the user doesn’t want to use the app, deselect the Mobile App User check box.
Select the NEXT button.
The Privilege screen displays.
If you are a Site Manager for more than one site, a list of sites appears. Toggle on the Sites for which this user requires privileges.
Select whether the user is a Site Manager, Site Admin or Site Member (for Access Control only). See User Privileges for more information on what each role can do.
If you selected 'Site Admin', select which areas of the site they can arm and disarm. If you selected 'Site Member', select which areas they can access. Site Managers have privileges for the entire site.
Select the SAVE button.
The Credentials screen displays.
Select the GENERATE CODE button.
You can either view the User Code or send it to the user without viewing it.
Select the desired option:
Select TO VIEW to view the user code so you can manually provide it to the user. Select the eye icon (View Code icon) to view the User Code.
Select TO SEND to send the user code directly to the user's assigned mobile number. You will not be able to view it. Note that the number of • symbols does not reflect the length of the User Code. Review the user's name and mobile number and click OK to send the User Code, or click CANCEL to not generate or send a User Code.
The User Code can now be used to request access at the doors that enter into the user’s privileged areas.
Assigning a User Code to an existing user
To assign a User Code to an existing user, perform the following procedure:
Navigate to the My Team screen within the SMB app.
Search for the user and click the downward arrow on their user card for more options.
Select the Credentials button.
The Credentials screen displays.
Select the GENERATE CODE button.
You can either view the User Code or send it to the user without viewing it.
Select the desired option:
Select TO VIEW to view the user code so you can manually provide it to the user. Select the eye icon (View Code icon) to view the User Code.
Select TO SEND to send the user code directly to the user's assigned mobile number. You will not be able to view it. Note that the number of • symbols does not reflect the length of the User Code. Review the user's name and mobile number and click OK to send the User Code, or click CANCEL to not generate or send a User Code.
The User Code can now be used to request access at the doors that enter into the user’s privileged areas.
Once a User Code is generated, it is immediately available for the user to gain access.
At the T30 Access Reader Keypad, enter your User Code.
Push the button with the green tick.
If the User Code is entered correctly, the LED squiggle on the T30 reader flashes green, and access is granted.
If the User Code is entered incorrectly, the LED squiggle on the T30 reader flashes red, and access is denied.
If the area is armed, the user must have disarming privileges for the User Code to work. If they have the correct privilege, the area disarms and access is granted. If the user does not have disarming privileges, access is denied.
To arm the site with a User Code, users must press the shield icon button on the T30 Keypad before entering their User Code and pressing the green tick button.
For Arming Readers only, if the shield button on the T30 Keypad is red, the area the door is associated with is armed; if the shield button is green, the area the door is associated with is disarmed.
A Site Manager can remove a User Code from a user at any time. When a User Code is removed, it can no longer be used to gain access or arm/disarm a site.
To remove a User Code from a user, perform the following procedure:
Navigate to the My Team screen within the SMB app.
Search for the user and click the downward arrow on their user card for more options.
Select the Credentials button.
The Credentials screen displays.
Click the delete icon (Remove Code icon) next to the User Code.
A pop-up will appear to confirm you want to delete the code.
Select Yes.
The User Code is deleted from the user and the controller.
A new code can be generated for the user if required.
If the Site Manager has an internet connection, they may modify the privileged areas that a Site Admin or Site Member can access from anywhere, at any time. Changes take immediate effect. The Site Manager need not interact with the user or the physical keypad onsite.
The History Log will show Access Granted and Arm/Disarm events related to User Codes.
Note: If you have allocated the maximum combination of user codes, you will see an error. Increase the site's .
Note: If you have allocated the maximum combination of user codes, you will see an error. Increase the site's .