TANLock Onboarding
1. Login to TANLock with Default Credentials
Access the lock’s web UI using its IP address:
http://<lock-ip>
Login using the default credentials:
name:
apipassword:
lab
⚠️ After onboarding, default credentials should be restricted or replaced as per security policy.
2. Create an Integration User (Applies to All Locks)
Create a dedicated user for Genea–TANLock integration.
Navigate to - RBAC → All Managementusers → Add Managementuser
Add user name, password and roles → add
User Details
Username:
genea-tanlock-integrationPassword: Secure, system-generated password
Roles: api_rest_v1, api_snmp,api_web_v1,root ,web_ui
Required Roles / Permissions
Assign the following roles to ensure full integration functionality:
api_rest_v1
api_snmp
api_web_v1
root
web_ui
✅ These roles must be identical on all locks for consistent behavior.
Integration Credential Sharing (Mandatory)
Share the integration credentials with the Genea Team.
The Genea Team will configure these credentials in the Genea Gateway.
These credentials are used for:
Authentication between Genea-Gateway services and TANLock
Secure API communication
Event ingestion and remote operations
The same credentials must be configured on all locks.
3. Network Configuration (DHCP)
Navigate to Settings → General
Set IP Assignment to:
enable DHCP → Set Network
The lock must be reachable from the Genea Gateway network.
4. Time Configuration (Mandatory)
Accurate time sync is critical for:
Event timestamps
Access validation
Audit logs
Navigate to Settings → General
Option A – NTP Server (Recommended)
Go to NTP Configuration
Configure:
Interval : 5 NTP Host: <gateway-ip> OR company NTP server
Save configuration → Set NTP
Option B – Manual Time Sync
Manually set:
Year
Month
Day
Hour
Minute
Second
Time zone
Set Time
Optionally can directly ‘Sync With Browser’ without manually setting above fields.
5. Discovery & Heartbeat Configuration
Navigate to Settings → Discovery
Configure: Add following details
Target URL: http://<genea-gateway-ip>:3500/heartbeat Interval: 60 seconds HTTP Method : POST Body Configuration- Content type (MIME) : application/json HTTP Body (limited to 256 bytes): {"name":"{{name}}","ip":"{{ip}}","mac":"{{mac}}","location":"{{location}}","version":"{{version}}","state":"{{state}}","secure":"{{secure}}","timestamp":"{{ts}}"}To save configurations click on ‘Set’
6. Event Monitoring (HTTP Push)
Enable HTTP Event Monitoring
Go to:
Settings → Event Monitoring → HTTP
Enable HTTP Event Monitoring
After enabling → set Enabled
Reboot Lock to load the configuration
Settings → Reboot → Reboot
Configure HTTP Target
Once the Lock is rebooted, navigate to Settings → Event Monitoring → HTTP on the lock interface.
Enter the required HTTP target details
Target Address : http://<gateway-ip>:3502/events/tanlock
b. Save configuration - Click Set Config to apply and save the settings.
7. LDAP Configuration
Enable LDAP
Navigate to:
Media → LDAP → Server Configuration
Enable LDAP
Reboot Lock to load the configuration
Settings → Reboot → Reboot
Do following Configuration once the lock is rebooted
Host URL : ldaps://<genea-gateway-ip>:636 User : cn=admin,dc=tanlock,dc=system Password : Password provided by genea Base DN : dc=tanlock,dc=system STARTTLS : OFF Check Certificate : ON
Save configuration
Medium Lookup
Medium Queries
Query 0 Attributes : owner Base : dc=tanlock,dc=system Filter : (&(cn={{medium.value}})(description=ACTIVE)) Scope : sub Query 1 Attributes : cn Base : ou=groups,dc=tanlock,dc=system Filter : (roleOccupant={{res[0].attr.owner}}) Scope : one Query 2 Attributes : cn Base : cn={{name}},ou=locks,dc=tanlock,dc=system Filter : (|(owner={{res[0].attr.owner}})(owner={{res[1].dn}})) Scope : base Query 3 Attributes : cn Base : {{res[0].attr.owner}} Filter : (&(objectClass=*)(description=ACTIVE)) Scope : baseMedium Mapper
{ "uid": "{{res[3].dn}}", "identifier": "{{medium.value}} of {{res[3].attr.cn}} as {{res[1].attr.cn}} on {{res[2].attr.cn}}", "start": true, "next": 0, "login": "{{res[3].attr.cn}}" }User Lookup
User Queries
Leave it Blank
User Mapper
{ "uid": "{{medium.uid}}", "active": true, "login": "{{medium.login}}" }LDAP Certificate
Navigate to:
Settings → SSL → LDAP Trustet CAs
Upload the LDAP certificate provided by Genea
Apply Changes
Reboot the lock
Settings → Reboot → Reboot
8. Medium Implementation
Navigate to:
Settings → Medium Implementation
Activate the default Card Config-
11_card_desfire
16_card_legic_prime
17_card_iclass_uid
18_card_legic_uid
19_card_uid
Apply Changes
Reboot the lock
Settings → Reboot → Reboot
Gateway Deployment Steps
Start by copying the latest Docker image archive to the gateway. Place
tanlock-gateway-images.tarunder~/geneaon the gateway machine.Load Genea Tanlock Docker images on the Gateway
cd ~/genea docker load -i tanlock-gateway-images.tar
Copy deployment files to the Gateway
scp docker-compose.yml .env user@gateway:~/genea/
Create required directories
mkdir -p ~/genea/data ~/genea/logs
Start containers
docker compose up -d --remove-orphans
Run database migrations (CRITICAL!)
docker exec tanlock-gateway npx knex migrate:latest
⚠️ Do not skip this step — the gateway may start but fail at runtime without migrations.
Verify deployment
docker logs tanlock-gateway --tail 50 docker logs hearbeat-server --tail 50
Validation Checklist
✔ Lock is reachable via DHCP
✔ Time is correctly synced
✔ Heartbeat interval set to 60s
✔ Lock appears Online in Genea Portal (within 2 mins) if both Gateway and Lock are configured properly.
✔ HTTP events received by Gateway
✔ LDAP authentication active
Once the locks are configured, follow this article to add the locks to Genea.
If you need help setting up the locks or have any questions, contact Genea Support (acsupport@getgenea.com.)