Submit a ticket
Welcome
Login  Sign up
  1. Solution home
  2. General information
  3. Getting Started

Kantech EntraPass user management

Alan Garduna
Modified on: Sun, 23 Nov, 2025 at 7:52 PM

Prerequisites

  • Privileges: Ensure you’re logged in with an account authorized to create, edit, and delete users and cards.
  • Access levels ready: Confirm predefined Access Levels exist (e.g., Office only, Shop only, Full Access), so you can assign them quickly.
  • Card details: Have the card type and card number (or fob number) for issuance.
  • Policy alignment: Follow least-privilege principles and password hygiene; don’t share accounts and expire temporary accounts. These are recommended security hardening practices for Kantech deployments.

Add a new user in EntraPass workstation

  1. Open the Users module

    • Action: Log into EntraPass workstation. Select the Users tab (lower set of tabs), then select the Card tab.
    • Why: The Card tab is where you issue and assign access to user credentials.

  2. Enter card information

    • Action: Enter the Card/Fob number and press Enter.
    • Tip: Confirm the card type if your site uses multiple formats.

  3. Set user identity

    • Action: Type the User Name in the “Card user name” field.
    • Optional: Add a 5-digit access code under the Miscellaneous tab if your workflow requires PINs.

  4. Assign access level(s)

    • Action: Open the Access Level tab and select the appropriate access (e.g., Shop only, Office only, Full Access).
    • Tip: Use least privilege; only grant what’s needed.

  5. Save and test

    • Action: Click Save (orange floppy disk icon). Test the card at the designated door to confirm access works as expected.

Adding multiple user cards (batch load)

  • Open batch load: Click the Batch load card icon (red icon on the far right) from the Card tab.
  • Configure: Select the Door from the dropdown, click Refresh on access granted, then Save on new card.
  • Run cards: Present the desired number of cards to the reader, click Save, then Close. Assign names and access levels as above.

Add a new user via EntraPass web client

  1. Open Users via Operations

    • Action: Click User under the Operations tab at the top of the window.

  2. Create user

    • Action: Click Add, complete the User Name, and enter the Card Type and Card #.

  3. Assign access

    • Action: Select the correct Access Level for each site the user should access.

  4. Photo capture (optional)

    • Action: Click the blue avatar to upload or take a photo for the user profile.

  5. Save and verify

    • Action: Save the user and confirm the credential works at a door tile; adjust access if needed.

Remove or deactivate a user

  • Disable the credential:

    • Action: Open the user’s Card record and set Status to disabled or remove the card assignment.
    • Why: Immediate revocation stops door access while retaining audit history.

  • Remove access levels:

    • Action: Clear or adjust the Access Level assignments to eliminate site permissions.
    • Why: Ensures no residual access paths remain.

  • Delete the user (if policy allows):

    • Action: Use Delete on the user entity once audits and retention requirements are satisfied.
    • Tip: Many organizations prefer disabling over deletion for recordkeeping.

  • Web client (similar flow):

    • Action: From Operations > User, select the user, remove card details or access levels, then save. Use delete only when approved by policy.

Best practices

  • Least privilege: Grant only what the role needs; avoid broad “Full Access” unless justified.
  • Account hygiene: Don’t share accounts; change passwords every 90 days; use strong passwords with mixed case, numbers, and special characters.
  • Temporary users: Set expirations for contractors or temporary staff to auto-revoke on end date.
  • Audit trail: Record who issued, modified, or removed access, referencing the request/ticket ID.

Troubleshooting

  • Card not working after add:
    • Check: Wrong card type, incorrect card number, or missing Access Level. Test at a known-good reader and review door schedules.
  • User can access too many doors:
    • Check: Overly broad Access Level assignment; tighten to site- or role-specific profiles.
  • Web client changes not reflected:
    • Check: Refresh the client, confirm you saved changes, and verify communication with the controller/doors.

References

  • Kantech KT-4 installation guide — security hardening and user account best practices: https://docs.johnsoncontrols.com/kantech/r/Kantech/en-US/KT-4-Four-Door-Controller-Installation-Guide/C/Security-hardening-guide/Managing-users
  • Phase 3 Security — EntraPass workstation steps for adding/removing users and batch card loading: https://www.phase3security.com/access-control
  • Reed Security — EntraPass web client user creation workflow: https://support.reedsecurity.com/portal/en/kb/articles/how-to-add-a-user-to-kantech-entrapass-corporate-edition-access-control-web-client
A
Alan is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Related Articles