Kantech access control planning
EntraPass software, current KT controllers and encrypted ioSmart credentials
Compare the operating model first, then select the EntraPass edition, KT controller, reader protocol, credential technology, wireless-lock integration and lifecycle plan that match the facility.

Kantech is more than a controller and card reader
A complete Kantech system brings together EntraPass administration, controller intelligence, credential and reader security, door hardware, power, network services, alarm and video integrations, reporting and ongoing support. The correct product combination depends on who administers the system, how many sites and doors must be managed, what happens during outages and which installed components can safely remain.
Current Kantech public information presents three EntraPass software editions and a current controller family centered on KT-1, KT-2, KT-4, KT-Standalone and KT-NCC Gen 2. EntraPass documentation also retains compatibility references for KT-400, KT-300, KT-200 and KT-100. That distinction matters: a supported installed component is not automatically the preferred basis of a new system.
EntraPass Special
Single-workstation entry platform for one supported controller when local administration and a modest door count are appropriate.
EntraPass Corporate
Multi-site platform for growing organizations, with as many as twenty workstations plus video, intrusion and centralized credential functions.
EntraPass Global
Enterprise architecture for large, distributed and high-security systems needing scalable gateways, reporting, integration and resilience.
EntraPass Web and mobile
Browser and mobile tools extend administration, monitoring, credentials and installer workflows; permissions and supported versions must be planned.
KT-1, KT-2 and KT-4
Current one-, two- and four-door choices cover standalone, remote-site and centrally managed designs with different connectivity and expansion needs.
ioSmart and wireless locks
Encrypted smart credentials, OSDP, mobile access, Aperio and Salto can reduce wiring or improve credential security when compatibility is verified.
Typical Kantech system path
Detailed Kantech product guides
EntraPass editions, Web and mobile management
Compare Special, Corporate and Global editions, EntraPass 9.00, Web 9.10, mobile apps, identity, integrations, licensing and upgrade responsibility.
KT controllers, ioSmart readers and credentials
Review KT-1, KT-2, KT-4, KT-NCC Gen 2, retained KT hardware, ioSmart Gen 2, OSDP, mobile credentials, expansion and wireless locks.
Choose the operating model before the hardware
| EntraPass edition | Manufacturer positioning | Planning checkpoint |
|---|---|---|
| Special Edition | Single workstation and one supported KT-series controller; current product information identifies KT-1 or KT-4 for the controller connection. | Use for a truly small locally administered system. Verify door count, controller model, workstation ownership, backup and the future upgrade path. |
| Corporate Edition | Mid-size and multi-site platform with as many as twenty concurrent workstations, centralized credential administration, real-time events, video and intrusion integration. | Count real operators, sites, doors, integrations, web/mobile users and redundancy needs rather than choosing it only by building size. |
| Global Edition | Enterprise platform for geographically distributed and high-security systems, positioned for thousands of doors and users with multi-server architecture, reporting, failover and centralized governance. | Document server roles, gateways, partitions, network paths, high availability, database operations, cybersecurity and enterprise identity ownership. |
| hattrix managed service | Kantech-managed-access architecture for providers that administer customer systems as a service. | Clarify provider responsibility, tenant separation, connectivity, controller migration, data ownership, service levels and exit plan. |
Capacity claims are ceilings, not a design. Count active cardholders, credential records, doors, elevators, alarm points, sites, workstations, browser users, mobile users, video connections, wireless locks and API transactions. Then add documented growth and failure scenarios.
Current controller direction and retained hardware

The current Kantech portfolio highlights KT-1, KT-2 and KT-4 for one-, two- and four-door designs, together with standalone operation and KT-NCC Gen 2 for broader network architectures. The newest four-door product emphasis is KT-4, not the older KT-400.
Existing KT-400, KT-300, KT-200 and KT-100 controllers may still appear in EntraPass compatibility matrices. A reuse decision should identify model, board revision, firmware, communication method, reader interface, enclosure, power, batteries, wiring condition and replacement availability. Use a phased migration plan when retained equipment is supportable but not a prudent long-term standard.
| Controller | Current public product information | Best-fit review |
|---|---|---|
| KT-1 | One-door IP controller; supports entry and exit readers, PoE, embedded browser setup and optional EntraPass enrollment. | Remote or edge door, small standalone opening or a distributed EntraPass design where one-door economics and local wiring make sense. |
| KT-2 | Two-door controller with up to 100,000 users, PoE, Wi-Fi, auto-discovery, embedded browser operation and optional EntraPass integration. | Small standalone site or two-door cluster; confirm reader topology, PoE budget, lock power, Wi-Fi policy and migration to centralized management. |
| KT-4 | Current four-door controller with support for up to 100,000 users, PoE, onboard Wi-Fi, EntraPass integration and modular input/output expansion. | New multi-door work where four-door density, modern connectivity and expansion align with the enclosure, power and network design. |
| KT-NCC Gen 2 | Current network communication controller for centralized and distributed Kantech systems and supported secondary-controller arrangements. | Large or distributed Global Edition architectures; verify supported topology, controller count, release, network design and failover behavior. |
| KT-400 / KT-300 / KT-200 / KT-100 | Still represented in EntraPass compatibility documentation for installed systems, but not all appear in the current five-product controller portfolio. | Inventory exact revision, firmware, interface boards and lifecycle before reuse. Do not treat retained compatibility as proof that an older model is the preferred new design. |
Credential security is a system decision

Current ioSmart readers support MIFARE DESFire EV1/EV2 credentials, mutual authentication, AES-128 reader-to-controller protection, OSDP and selected multi-technology migration configurations. Models include mullion and single-gang formats, with keypad choices for card-plus-PIN workflows.
A secure reader cannot compensate for an undocumented credential key, insecure legacy format or unsupervised communication path. Record every active card technology, format, encryption key owner, reader protocol and mobile-credential workflow. Plan when old proximity formats will be disabled rather than leaving the weakest option active indefinitely.
DESFire credentials
Confirm EV1/EV2 application, keys, encoding, card format, issuance and replacement instead of treating every 13.56 MHz card as equivalent.
OSDP and RS-485
Use supported supervised, encrypted reader communication where practical; document address, baud rate, secure-channel state and cable topology.
Legacy Wiegand
Inventory why it remains, physical cable exposure, credential format and the controlled migration date to a stronger interface.
Mobile credentials
Validate reader generation, Bluetooth/mobile service, enrollment, device eligibility, revocation, replacement and no-phone alternative.
Card plus PIN
Define when two factors are required, PIN reset and privacy rules, duress behavior, accessible operation and after-hours exceptions.
Exterior openings
Verify exact reader environmental rating, seal, mounting, metal effects, lightning/surge protection and approved cable pathway.
Integration choices need version-specific evidence
EntraPass can integrate access events and identities with video, intrusion, directory, wireless-lock and other systems. The current public product pages identify integrations such as Exacq video and DSC intrusion, while EntraPass 9.00 release notes add Salto integration for Corporate, Global and EntraPass Web. Kantech also publishes native ASSA ABLOY Aperio wireless-lock integration.
Video
Define VMS version, cameras associated with each door, event mapping, live/playback permissions, retention, export and failure alarms.
DSC intrusion
Confirm panel model, EntraPass release, controller/gateway combination, supported partitions and virtual-keypad or event workflow.
ASSA ABLOY Aperio
Use supported hubs and lock models for hard-to-wire interior openings; account for battery state, radio design and real-time behavior.
Salto
EntraPass 9.00 adds current integration capabilities, but the guide documents version, migration, encoder, event and schedule limitations that must be reviewed.
Directory and MFA
EntraPass Web 9.10 expands Active Directory group mapping and MFA through supported Microsoft Entra, Active Directory and Okta arrangements.
Custom integration
Name the authoritative database, fields, authentication, error handling, reconciliation, audit, privacy and owner for every data exchange.
Carolina site design and acceptance
- Survey every opening, frame, lock function, free-egress requirement, door contact, exit device and fire-alarm interface.
- Record controller model/revision, reader, credential technology, power supply, battery, network connection and firmware.
- Separate controller and reader power from lock-power calculations and include suppression, voltage drop and standby runtime.
- Test valid, denied, expired, disabled, anti-passback, schedule, lockdown, emergency and operator-command workflows.
- Exercise server, gateway, network, controller, reader, wireless hub, lock-power and utility-power failures.
- Deliver supported-version evidence, licensing, diagrams, labels, backups, test results, training and official support paths.
Official Kantech product and support resources
Use current Kantech and Johnson Controls pages for product specifications, compatibility, release notes, cybersecurity guidance and authorized downloads. Software, firmware and some technical documents require registration or an entitled support account. 360 Technology Group links to those official portals and does not host firmware or software installers locally.
- EntraPass software family
- EntraPass Special Edition
- EntraPass Corporate Edition
- EntraPass Global Edition
- EntraPass 9.00 release notes
- EntraPass Web 9.10 enhancements
- EntraPass and Salto integration guide
- Kantech compatibility matrix
- Kantech support portal
- EntraPass product registration
- Current Kantech controller family
- KT-1 one-door controller
- KT-2 two-door controller
- KT-4 four-door controller
- ioSmart readers and credentials
- Kantech input and output modules
- ASSA ABLOY Aperio integration
- Official Kantech support portal
Build a Kantech design from verified field conditions
We can inventory an installed Kantech system or compare EntraPass, current KT controllers, ioSmart credentials and wireless integrations for a North or South Carolina facility.
Official Kantech software, firmware and support
Use these manufacturer-owned portals for current downloads, release notes, manuals, advisories and technical resources. 360 Technology Group links to official sources and does not copy or host firmware files.
Update carefully: confirm the exact model, region, hardware revision, installed version, prerequisites, required intermediate releases, support entitlement, integrations, backup, maintenance window, rollback limitations and post-update tests. The wrong package or sequence can interrupt service or prevent a downgrade.
Some portals require a customer, dealer, certified-technician or active-support login. Cloud-managed products may update automatically and may not offer a public firmware file.
