Help: How Managing many logins/access to certain devices in multiple rental units?

Hi, apologies if this is the wrong place to post this, I wasnt sure what to search for to find what I need.

I have a multi-unit complex and I want to use smart things to setup a way that I can
easily issue logins to new tenants, so they can control the stuff in their unit.
then also be able to easily reject access when they move out.

EDIT: There will be a different hub in each unit

I want them to be able to login to the mobile app or some simple web app to control their stuff…
but they would be only limited to the stuff in their unit.

Can someone direct me where to research this or what methods to accomplish this?

  1. managing multiple logins
  2. allowing certain logins access to certain device groups
  3. can they use the smartthings iOS app for this?

Is each unit going to have its own smartthings hub?

There are some landlords who have multiple units who will hopefully chime in. I believe @jrivera has a project with more than 100 units.

You can also check the quick browse list in the community-created wiki under project reports for the list on second homes and landlord issues. There are some discussions there that might be of interest to you.

http://thingsthataresmart.wiki/index.php?title=How_to_Quick_Browse_the_Community-Created_SmartApps_Forum_Section#Quick_Browse_Links_for_Project_Reports.2FQuestions

1 Like

@JDRoberts
yes… each unit own hub. thanks for the info i will check those links
but basically you’re saying its doable.

1 Like

Will there be a Hub in each unit? Is there some reason each Tenant can’t have full control over their SmartThings Hub?

The ability to grant permission to family members and perhaps other trusted neighbors, etc., is a common feature request and something we’ve even seen hints of in the SmartThings App.

SmartTiles had this ability to some extent, as will the next generation, ActionTiles … and this will work across multiple Hubs (multiple SmartThings “Locations” which could be your “managed apartment units”). We’ve been thinking about various use cases for this ability, but this is interesting to discuss.

1 Like

Hi, yes … they can have full control.
Briefly looked into smart tiles and i think that looks like something I want to leverage.

2 Likes

I’m saying some people are doing it, but I don’t know if how they’re doing it willmeet your own requirements. It’s not a typical master/subordinate account security structure.

Here’s the official support article. It’s really designed for families, not landlords and tenants. The problem is if they leave you on the account, then you get access to a lot of information that most people would consider private, such as what time they go to bed, when they come and go, all that. You might also have access to their camera feeds, which is not legal for landlords in all states without specific written permissions. So it can get tricky.

And if you only give them smarttiles, then they can’t set up their own rules and schedules.

But at least you can see what other people have done in the past.

1 Like

Yup … that’s why one scenario that might work out for the best is the “reverse” configuration…

Tenants get set up with their SmartThings Hubs (and own Account and control their own password), but during the “onboarding process”, they grant access (via SmartTiles/ActionTiles) to the Landlord Account to only the subset of Things he wants to control or monitor (e.g., smoke alarms, locks).

There is a actually a property management company online here (can’t remember…) who is doing a proof of concept of this with a custom SmartApp.

2 Likes

Right. The laws do vary from place to place, but in the United States in general a tenant has a right to privacy inside the walls of the dwelling, but a landlord has a right to guaranteed access for emergencies like a broken pipe or a fire.

So if you as a tenant set up a security system in an apartment, you have to give your landlord the ability to enter under whatever the laws of your jurisdiction are. Most typically that’s their own pin code if you have a smart lock.

If you as a landlord set up a home automation system in an apartment, that’s when you run into the expectation of privacy laws. The landlord should not be able to tell when people have gone to sleep, how many people are in the bedroom, view video footage, know when people are in the bathroom, really anything about the person’s activities inside the apartment other than getting a notification of a true emergency.

In some places in the US a landlord is allowed to set up cameras in the common areas outside of the apartments, in other jurisdictions a landlord can do so only if a sign is posted saying that cameras are present, and still others no cameras are allowed except in very specific areas like parking garages.

So if the landlord is going to retain the ability to monitor and access home automation systems, they need to check the local law to make sure they haven’t violated expected right of privacy.

At the same time, as mentioned, the landlord should retain the ability to unlock the front door if needed. Even if that just means a copy of the physical key.

2 Likes

Hey @timhon,
Great points made by @JDRoberts and @tgauchat. For transparency, I have over a years worth of experience with multi units and figuring out what works and what doesn’t. Last year we launch our proof of concept using SmartThings at a 310 unit brand new apartment complex. Our setup may be a little bit different than yours as we offer a full Property Management solution where all residents (unless physically unable) are not issued keys to their doors. In that sense we’ve put into place a lot of custom solutions to safe guard our property such as building a web app that will not store user codes in the state of the custom SmartApp, ensuring that access to the units are properly logged, etc. From the network infrastructure down to the smart app. We have a process in place and one that is constantly evolving as we expand to more communities for a multi-family developer.

SmartThings is great, but this is no small feat and in the name of security, safety, and liability. Making use of solely the SmartThings app is not ideal when dealing with the ability to unlock someone’s home and sharing those permissions from individual user accounts. I can’t stress that enough. When you’re dealing with your own home and sharing to family and friends there’s only small things to worry about. When you’re dealing with access to homes, privacy, etc. you have to worry about lawsuits that could cripple your company. i.e. if you don’t remove a user and the next tenant moves in while the previous user still has access to the home to unlock the door.

As landlords you can enter a home in the event of an emergency (fire, maintenance issue that is affecting other units like a water leak, etc.) but you need to have permission to enter the home otherwise. With the default SmartThings app and device handler you don’t get much information on who actually performs the locking/unlocking of the door. For example, if you are sharing an account and your tenant comes into your office and claims that you unlocked the door via the app and left their home wide open while they were away resulting in theft, how do you prove that you didn’t and they did it? How do you prove that you didn’t leave a light on and have to pay the tenant back for “Electricity Costs” (this has happened, hilarious but it has and they expected compensation)? Through the app you can’t prove it. There’s no way to tell who actually unlocked that door, left a light on, etc. when performing those actions from the app.

I’ll answer your questions below, but there’s a lot to consider with liability and security and having the proper team… from the property management to the IT team, iis essential and likely the first place you need to have a plan of action for.

  1. This has to be done from the SmartThings App. No questions. There is no way around it with any public API endpoints. That’s an internal API that I don’t expect ST to make public.

  2. Possibly through a custom smart app but once you share an account, they have the account and all the devices on their app. This includes the graph API. With SmartTiles, Terry is awesome and has a great product. Though I’m not too familiar with it as of late. It likely requires a login as well for the user and through that login they get a SmartThings App login which for any savvy tenant they’ll figure out how to log into the app with it and eventually the graph API. Which would give them access to all devices regardless. ST has not provided granular permissions for sharing.

  3. Yes. Unless you build your own App that utilizes the SmartThings API or make use of SmartTiles they must use this.

Hope that helps!

3 Likes

Great post, Jonathan!

I’ve been curious to learn more about your project and the current status. Looks like you are working through the problems very deliberately.

In ActionTiles (SmartTiles V6), users no longer need SmartThings Logins / Passwords to use a shared Panel (dashboard). … Just like sharing an Amazon Echo (or the Amazon Alexa App) requires you to remain logged into Amazon, after authorizing Things, you never need to know nor see your SmartThings login and password again.

1 Like

Thanks! I’m actually preparing a demo soon, I think the web app is finally ready for beta. I might be able to share some screenshots to ya.

Interesting and cool about ActionTiles. How does it achieve the shared panel without a ST user login?

Ancient Canadian secret. :maple_leaf: :speak_no_evil: :wink:.

The analogy I usually give it that it’s like Amazon Echo’s integration with SmartThings. Once your Echo/Dot is authorized, anyone in the house can use it. So imagine setting up your neighbour’s Echo to connect to your SmartThings account, but not giving them your SmartThings password and not letting them login to the Alexa App. They’d have control over the devices you’ve authorized, but wouldn’t be able to change the configuration.

It’s pretty much like that, but we go a step further and let you only authorize specific dashboards (Panels) to specific people. We have our own logins and our own security layer on the Panels. Users never need to login to SmartThings except to attach Locations to their own ActionTiles Accounts, or to add/remove things from that authorization.

Shared users ride piggy back on that same authorization, but limited by the security firewall of ActionTiles.

1 Like

@jrivera,

Realizing it’s been about one year since there has been activity on this thread, I’m thinking you’ve likely created a solution to your problem. With that said, I’m hoping you’d be able to provide some guidance on a smaller-scale project (much smaller).

I am looking for a similar setup within a three-unit property. There is one primary entrance to the property, which will likely have a Schlage Z-Wave Home Keypad Lever lock, because of local fire code requirements of the lock. We have a Ring Doorbell Pro for each unit, and would like for the lock and doorbells to communicate with one another so the tenants can remotely allow visitors into the property.

From what I’ve found, the best way to get these talking to one another is through SmartThings, but where I haven’t found much information beyond this is related to how many SmartThings hubs I would need in order for this work well, meaning each unit has control over their doorbell and lock combination, but still allows me to have admin access over all three units.

Based on the threads in the SmartThings community, it seems you may have successfully scaled a somewhat similar problem. Do I need a hub for each unit? Is there a better approach to achieve our goal of allowing the tenants remote access to the front door with smart tech?

1 Like

Unless you don’t give the Tenant access to their own “Things” within their unit, then, if you have no mesh network issues a single Hub might work. You can use ActionTiles to give Tenants access to specific dashboard Panels with just the Thing-Tiles they would like to view their own lights and sensors. You would never give them the SmartThings password.

Well… If you just want Door Lock & Doorbell there is likely a simple solution out there – and it might cost more or less. Specialized solutions are often higher priced!

Even if you buy a Hub per Unit (and 3 ActionTiles licences :wink:), you are setting up a foundation for a lot of wonderful “smart home goodness” for your Tenants! That’s a worthwhile investment … maybe?

Hey @mmaldonado,
You’re correct, I did create a solution and scale it. It’s a Smart Home management system for Apartment Communities aka MDU called iQuue ( Shameless plug www.iquue.com) and would be happy to give you some guidance.

Our philosophy at iQuue is to always bring the SmartThings to the tenant’s hands. Just because they live in an apartment there’s no need to limit them or re-invent the wheel for them with a different graphical layer and limitations. We operate at massive #'s of hubs in communities that average 300+ units where residents can add their own “Things”, create routines, add SmartApps, etc. and I can say that there are ways to manage this on a small scale of 3 hubs through SmartThings. If you ever need to scale to a proven SAAS solution, then iQuue may make sense for your MDU operations.

Since it sounds like you’re not needing (yet!) the features that we built like keyless access control, audit trails, resident notifications, user permissions for Property Management staff, etc. I recommend checking out the Shared Location process… A really simplified explanation is to treat each unit as a Hub Location with a master account that your organization controls and you share the location to the tenant…including your Common area lock. The idea is to Share to the residents their Hub so they can be isolated from other tenant hubs. Then share the common area so Residents can switch locations when they need to and receive alerts via the SmartThings app.

2 Likes

@mmaldonado

Often these things come down to tiny details in the set up, so let me ask a couple of questions

A) Is there one shared Wi-Fi network for the entire complex? Or is each ring doorbell on its own separate Wi-Fi network?

B) I’m a little confused about how the gate and the doorbells are going to work together as far as how the people use them. Are the doorbells (and their cameras) on the street side of the gate, all together? So that a person standing in front of one camera would theoretically be seen by all them, and then one of the tenants would recognize the person and unlock the common gate?

In a traditional apartment complex, the doorbells are on the street side of the gate like so:

8E032EE7-EBA3-430F-901F-20FD59AAE95A

And only the tenant whose button is pushed would be notified that someone is waiting to come in through the gate.

Ring doorbells would work quite differently because each doorbell would recognize motion so all the tenants would get notified when anyone arrived.

Or is the doorbell on each separate unit viewing only that unit’s front door, in which case I don’t understand how it is planned to work with the common gate Since I assume the person would have already come through the gate before they got into range of the doorbell’s camera.

C) Do you have to have a lock that has a keypad on it? That’s often a requirement For commercial setups to allow for visitors who need to be given a code to get in but who might not have a smart phone.

@jrivera

If the zwave lock and hub is in the common “location” And there is one ring pro doorbell in each of the three tenant locations, then…

  1. How will the ring pro doorbell for unit one be used to trigger the zwave lock at the common location?

  2. If all three units are on a common Wi-Fi network, doesn’t superlan connect discover all three doorbells and display them for each location? Last time I checked it did this for the Phillips hue bridge and the harmony hub, because it didn’t parse out Wi-Fi devices to the sub accounts. Has that changed?

All of which is to say mixing Wi-Fi devices like the ring pro and Z wave devices like the hypothetical lock seems to me to complicate the management of sub accounts. But maybe I’m not up-to-date on this.

Hey @JDRoberts. Excellent points. All of our installs are treated as isolated networks for reasons that you outlined. Ideally I wouldn’t have a Ring for a common area on the same network as the hubs for an apartment.

Absolutely must be VLAN’d out or else a tenant is going to buy a Hue bridge and find someone else’s Hue Bridge and bring it into their ST.

2 Likes

I’ll be looking into the ActionTiles more once I sort out how many, if any, Hubs I need.

I took the first step to find out more. :slight_smile:

After some more research and speaking with a Best Buy Smart Tech expert for about 2 hours, I was thinking this may be the best solution given the setup of the property. What we currently aren’t certain of is if the one lock can pair with three separate hubs. Is this possible?

My current worst case scenario is that each unit will have to manage their smart tech through each respective app, which is currently three (Ecobee thermostat, Schlage lock, and Ring doorbell). Ideally, I’d like to have this managed through one app.

1 Like

I’m still trying to sort out whether or not it makes sense, economically speaking, to provide Wi-Fi to the property, or have each tenant obtain their own Wi-Fi; I’d like to provide internet, but the upfront expense may be cost prohibitive at the moment. If I end up going with the latter then I will provide internet to the property, independent of the tenants internet, to support the necessary Wi-Fi for the lock and doorbells. I would then pair the doorbells and lock to the router on this internet.

I’m also still trying to sort out the details of how this is going to work. Currently the doorbells are next to each other, next to the entrance door, which is on the street side of the property. So, if motion detection is enabled, then yes, theoretically all tenants would see who is at the door. Currently motion detection is not enabled on the doorbells.

As far as I’m aware, the requirement doesn’t necessitate the keypad, but in the event of a fire requires that the door have the ability to open with a “single motion” (i.e. no deadbolt). A mortise style level/lock seems to meet this requirement, but the smart tech options are much more limited.

The primary issue I haven’t quite solved is how to uniquely pair the doorbell + lock combination to each unit, while having one entrance lock and three Ring doorbells.

I immensely appreciate the guidance and expertise you’re sharing @jrivera, @JDRoberts, and tgauchat (it won’t let me mention more than 2 users because I’m now to the community)

1 Like