Overview
SofiaLocks is a mobile-first smart lock system powered by Jago Cloud. The Nexudus integration automatically provisions customers in your SofiaLocks account and manages their access permissions based on their active plans, passes, bookings, and contract desk assignments. Key features:- Mobile app access — customers unlock doors from the Nexudus Passport Whitelabel app
- Credential-based access control — fine-grained permission management via lock tags
- Time-bound visitor access — temporary access codes for guests
- Automatic check-ins — door open events trigger check-ins in Nexudus
Capabilities
| Feature | Supported | Notes |
|---|---|---|
| Pass-based access | ✅ Yes | Primary access mechanism via lock tag mapping |
| Plan-based access | ✅ Indirect | Plans grant access through the passes they include |
| Resource-based access | ✅ Yes | Temporary access during bookings with 15-min lead time |
| Desk/unit-based access | ✅ Yes | Contract-based access with team billing support |
| Visitor access | ✅ Yes | Time-limited credentials with automatic expiry |
| Booking guest access | ✅ Yes | Non-customers can access spaces during booking windows |
| Check-in tracking | ✅ Yes | Door events trigger automatic check-ins (polled every 9 min) |
| Mobile app access | ✅ Yes | Native integration via Nexudus Passport app |
| Remote door unlock | ❌ No | Customers must be physically near doors to unlock |
How It Works
Access Control Model
SofiaLocks uses credential rules to grant access:- Each customer is provisioned as a user in SofiaLocks
- Each door has associated lock tags that control access
- When you map inventory (passes, resources, desks) to lock tags, Nexudus creates credential rules linking the customer to those lock tags
- When the customer opens the Nexudus Passport app, they see only the doors they have access to
Multi-Door Support
A single inventory item (like a pass, resource, or desk) can grant access to multiple doors. For example, a “Full Access” pass might provide access to the main entrance, office floors, and meeting rooms.Prerequisites
Before connecting Nexudus to SofiaLocks, you’ll need:- An active SofiaLocks account with administrative access
- Your Location ID (visible in your SofiaLocks dashboard URL:
api-{location_id}.jago.cloud) - Your SofiaLocks username and password
- At least one smart lock installed and configured in SofiaLocks
Configuration
Step 1: Connect to SofiaLocks
- Go to Settings > Integrations in the Nexudus dashboard
- Find SofiaLocks and click Configure
- Enter your credentials:
- Location ID — the identifier from your SofiaLocks URL
- Username — your SofiaLocks admin username
- Password — your SofiaLocks admin password
- Click Connect
The authentication token is permanent and stored securely. You won’t need to re-authenticate unless you change your SofiaLocks credentials.
Step 2: Configure Presence Tracking
Presence tracking controls which door events trigger check-ins in Nexudus. For each door, select an action:| Action | Behavior |
|---|---|
| Nothing | Door opens don’t trigger check-ins (default) |
| Check In | Opening this door checks the customer in |
| Check Out | Opening this door checks the customer out |
| Toggle | Opening this door toggles between check-in and check-out |
Door events are polled from SofiaLocks every 9 minutes. Check-ins triggered by door opens may have a short delay.
Step 3: Map Passes to Lock Tags
Passes are the primary mechanism for granting access in Nexudus:- In the Passes section, locate the pass you want to configure
- Select the lock tags for doors this pass should unlock
- Access is automatically limited to the pass’s validity window
- Day Pass → Main entrance only
- 24/7 Access Pass → Main entrance + Office floors
- Premium Access Pass → Main entrance + Office floors + Meeting rooms
Step 4: Map Resources to Lock Tags
Resources (meeting rooms, equipment) grant temporary access during bookings:- In the Resources section, locate the resource
- Select the lock tags for doors related to this resource
- Customers will receive access during their booking window (starting 15 minutes before)
Step 5: Map Desks to Lock Tags
Floor plan desks can grant access to specific zones or floors:- In the Desks / Offices section, find the desk
- Select the lock tags for the zone or floor where the desk is located
- Customers with contracts that include these desks will receive ongoing access
Visitor Access
When you create a visitor in Nexudus:- The visitor is automatically provisioned in SofiaLocks
- They receive time-limited access based on the visit window
- Access expires automatically after the visit ends
- The system removes their access and user profile shortly after expiry
How Visitor Access is Determined
SofiaLocks determines which doors a visitor can access using this priority:-
Booking-based visitors (guests invited to a booking):
- If the booking is for a resource (meeting room), the visitor gets access to that resource’s lock tags
- If the booking includes a desk assignment, the visitor gets access to that desk’s lock tags
- This gives visitors access only to the specific areas they need during their booking
-
General visitors (not linked to a booking):
- They receive access to the default visitor lock tags configured in your SofiaLocks settings
- Use this for reception areas or common visitor zones
Access Time Windows
Visitor access includes a 15-minute buffer:- Access starts 15 minutes before the expected arrival time
- Access ends 15 minutes after the departure time (or midnight following arrival if no departure specified)
- This buffer ensures visitors can enter slightly early or leave slightly late without issues
How Access is Managed
When Access is Granted
Nexudus grants access when:- A contract starts: Customer receives the passes included in the plan, which grant access to configured doors
- A pass is assigned directly: Access granted during the pass validity window
- A booking is created: Access 15 minutes before booking start until booking end
- A contract includes desks/units: Immediate access to lock tags mapped to those desks (both from customer’s own contracts and, for team billing, from the paying member’s contracts)
- An active check-in: If a customer checks in with a specific pass, they maintain access to that pass’s doors even if time-limited
When Access is Revoked
Nexudus revokes access when:- A contract ends or is cancelled: Customer loses the passes from that plan and any desk-based access from that contract
- A pass expires or is fully consumed: Access to those doors is removed
- A booking is cancelled or ends: Temporary resource/desk access is removed
- A desk is removed from a contract: Access to that desk’s lock tags is removed
- A customer is deactivated: All access is revoked
SofiaLocks.NoAccessBehaviour setting).
Mobile App Experience
Customers use the Nexudus Passport Whitelabel app to unlock doors:- Install your space’s branded Nexudus Passport app (iOS or Android)
- Sign in with the email address registered in Nexudus
- The app obtains a SofiaLocks access token automatically
- The app shows only doors they currently have access to based on their active passes, bookings, and desk assignments
- Tap a door to unlock it
- Each unlock triggers a check-in event in Nexudus (if the door is configured for presence tracking)
The Nexudus Passport app integrates with SofiaLocks behind the scenes. Customers don’t need to install or interact with the SofiaLocks app directly.
Troubleshooting
Customer can't see any doors in the app
Customer can't see any doors in the app
Check:
- The customer has an active plan, pass, booking, or contract with desks
- The inventory (passes/resources/desks) is mapped to lock tags
- The customer has signed in to the Nexudus Passport app with their Nexudus credentials
- The customer’s account is active (not deactivated)
- For team billing: If the customer is part of a team, check that the paying member has active contracts with desks mapped to lock tags
Door opens don't trigger check-ins
Door opens don't trigger check-ins
Check:
- The door is configured with a check-in action (not “Nothing”)
- The customer has a valid pass that covers the location
- The customer’s pass has not been consumed or expired
Access not updating after plan change
Access not updating after plan change
Check:
- The passes included in the new plan are mapped to lock tags (not the plan itself)
- The customer has received the passes from the new plan (check their active passes)
- Wait 10-15 seconds for synchronization
- Check the customer’s profile in SofiaLocks directly to verify credential rules
Visitor can't access the space
Visitor can't access the space
Check:
- The visitor record in Nexudus has a valid visit time window
- The host’s booking (if any) is mapped to lock tags
- The current time is within the visitor’s access window
- The visitor has been granted access and can see the doors in the Nexudus Passport app
Monitoring Integration Errors
Nexudus monitors your access control integration and alerts you to any issues that need attention.Business Checkup Dashboard
Access control integration errors are displayed on the Business Checkup page:- Go to Home > Important Items in the dashboard, or
- Navigate directly to dashboard.nexudus.com/dashboards/checkup
- Look for the Access Control Integration tile
- If there are errors, the tile will be displayed in red
What Gets Flagged
- Authentication failures: Expired credentials or invalid API tokens
- Provisioning errors: Failed attempts to create or update customer access
- Configuration issues: Missing or invalid access group/lock tag mappings
- Synchronization problems: Delays or failures in updating access permissions
- The customer affected
- The nature of the problem
- When the error occurred
- Suggested actions to resolve it
Check-In Audit Trail
- Nexudus check-in records: Show when customers accessed the space (if doors are configured for presence tracking)
- SofiaLocks door event logs: Available in your SofiaLocks dashboard showing every unlock attempt
Nexudus automatically retries failed operations. If errors persist, check the Business Checkup page for detailed information and follow the suggested resolution steps.
Security Considerations
- Access is inventory-driven — customers can only access doors if they have active inventory
- No permanent mobile credentials — access is managed by cloud rules, not device tokens
- Automatic expiry — all time-bound access (visitors, bookings) expires automatically
- Audit trail — every door open is logged with customer identity and timestamp
Technical Details
For developers and IT administrators
For developers and IT administrators
API Architecture
- Authentication: OAuth2 Resource Owner Password flow with username/password
- Base URL:
https://api-{location_id}.jago.cloud - Token type: Bearer token (stored in
SofiaLocks.ApiTokensetting) - Credential rules endpoint:
/api/v2/credentialRules - Users endpoint:
/api/v2/users - Smart locks endpoint:
/api/v2/smartLocks - Lock tags endpoint:
/api/v2/lockTags
Synchronization
- Access changes are debounced by 5 seconds per customer to batch rapid updates
- Distributed locking prevents race conditions in multi-server deployments
- Background task polls door events every 9 minutes for check-in tracking
- User provisioning happens on first inventory assignment (lazy creation)
- Credential rules are created/updated/deleted as inventory changes
- Access signature hashing prevents unnecessary API calls when access hasn’t changed
No-Access Behavior
When a customer loses all access, the system can:- Suspend (default): Disable the user in SofiaLocks but keep the account
- Extended Suspend: Same as suspend (for compatibility)
- Delete: Remove the user from SofiaLocks entirely
SofiaLocks.NoAccessBehaviour business setting.External IDs
- Customers:
extIdset to Nexudus coworker ID (integer) - Visitors:
extIdset toNEXVIS-{visitorId}for both user and credential rule - Credential rules:
extIdset to coworker ID for customer rules,NEXVIS-{visitorId}for visitor rules
Lock Tags vs Locks
- Locks (smart hardware) are configured for presence tracking (check-in/check-out actions)
- Lock Tags (logical groups) are used for access control and credential rules
- Inventory (passes, resources, desks) is mapped to lock tags, not locks directly
- One lock tag can represent multiple physical doors
- Multiple lock tags can be assigned to a single inventory item (comma-separated)
Contract-Based Desk Access
- Desk access is determined by active contracts, not direct desk assignments
- Customer receives access to desks in:
coworker.ActiveContracts().SelectMany(x => x.Desks) - For team billing (merged billing), customer also receives access to:
GetPayingMember().ActiveContracts().SelectMany(x => x.Desks) - This is checked via
coworker.PaysInvoicesViaTeam()in the access update logic - Each desk can be mapped to multiple lock tags (comma-separated lock tag IDs)
Visitor Time Window Calculation
- Arrival:
ExpectedArrivalor current UTC time if not set - Departure:
DepartureDateif set, otherwise midnight following arrival in business local time - Buffer: ±15 minutes added to both arrival and departure
- Credential rule uses both date interval (specific dates) and time interval (00:00-23:59)
Business Settings Reference
| Setting | Purpose |
|---|---|
SofiaLocks.Enable | Integration enabled flag (“true”/“false”) |
SofiaLocks.LocationId | SofiaLocks location identifier |
SofiaLocks.Username | Admin username for authentication |
SofiaLocks.Password | Admin password for authentication |
SofiaLocks.ApiToken | OAuth2 bearer token (auto-generated) |
SofiaLocks.GuestRoleId | Role ID for visitors (default: 5) |
SofiaLocks.CompanyName | Company name sent to SofiaLocks |
SofiaLocks.DefaultVisitorLockTagIds | Comma-separated lock tag IDs for non-booking visitors |
SofiaLocks.NoAccessBehaviour | What to do when customer loses all access (Suspend/Delete) |
SofiaLocks.LastEventDate | Last processed event timestamp (epoch millis) |
SofiaLocks.Controller.Id_{lockId}.Action | Check-in action per lock (Nothing/CheckIn/CheckOut/Toggle) |
Next Steps
Check-In Methods
Configure how check-ins are tracked and validated
Passes
Create time passes that control access hours
Plans
Set up membership plans with door access
Visitors
Manage visitor access and approvals