Versions Compared

Old Version 3

changes.mady.by.user Gleb Matskevich

Saved on

compared with

New Version Current

changes.mady.by.user Alena Kniazeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Two-factor verification includes configuration on the ACFA side and on the Face side.

Configuring the two-factor verification on the ACFA side

To configure two-factor verification, do the following:

  1. On the Hardware tab of the System settings dialog box, create the Virtual access server object (1), based on the Computer object.Image Removed
  2. Create the FACE verificator object (2), based on the Virtual access server object, and go to its settings panel.
    Image RemovedImage Added
  3. From the Camera drop-down list (1), select the camera that captures the faces. The camera should work as part of the Face Recognition Server (see Configuring the Face Recognition Server object).
    Image RemovedImage Added
  4. From the Server drop-down list (2), select the Face Recognition Server.
  5. From the Mode the Control drop-down list (3), select the verifier operation  select the access granting mode:
    • Server decides - depending —depending on the result of the access rights check /or face verification, the access is allowed granted or denied.
    • Always redirect - regardless of the result of the second stage, the verifier redirects its solution to the external verifier (Event Manager/Photo IdentificationID/Script using the delegation event and awaits for the the external verifier decision). Depending on the result, the access is allowed is granted or denied.
    • Redirect on failure - if the first stage is successful, then this mode is similar to the the Server decides mode. If the first stage is failed, then the solution is delegated to the external verifier.
    • Redirect on success - if the first stage is failed, then this mode is similar to the the Server decides mode. If the first stage is successful, then the solution is delegated to the external verifier.
  6. In the Timeout field (4), set enter the time to wait for a face to appear in in seconds after which the connection with the Face Recognition Server camera is terminated.

  7. If

    the face does not appear in front of the camera during this time, then the face verification will fail

    necessary, in the fields of the Cache parameters group (5), set the parameters that are specific for each ACS integration module.

    Info
    titleNote

    For example, in the PERCo-S-20 v.2 integration module, each request to the operator is accompanied by the request_id parameter. This parameter should be returned when confirming access, otherwise the command will be ignored. For the Noder ACS, such parameter is param1.


  8. Set the Generate custom Access granted / Access denied event checkbox (6) if it is necessary that the FACE verificator object generates an additional event about granting/denying access, and specifies the reason for the denial. These events can be used to work with scripts or the Event manager interface module.
  9. From the Object type drop-down list (57), select the type of object that will initiate the face check. Typically, this is an access point, reader, etc.
  10. From the Object drop-down list (68), select the object of the type specified above.
  11. From the Event drop-down list (79), select the event by which the face check will be launched. The list of available events depends on the selected object type.

  12. From the Reaction for access drop-down list (810), select the command that will be sent to the initiating object upon the successful face verification. The list of available commands depends on the selected object type.

  13. From the Reaction for denial drop-down list (911), select the command that will be sent to the initiating object upon the unsuccessful check/face verification. The list of available commands depends on the selected object type.

    If necessary, in the Cache-parameter No.1-No.3 fields (10), specify the parameters that are individual for each ACS integration software module.

    Info
    titleNote

    For example, in the PERCo-S-20 v.2 integration module, each request to the operator is accompanied by the request_id parameter. This parameter must be returned when confirming the access, otherwise the command will be ignored. For Noder ACS, this parameter is param1.

  14. From the Mode drop-down list (11), select the access control mode:
    1. Access rights checking - activates checking the user access rights according to the parameters below. Only after the access rights verification, if successful, the face verification is performed.
    2. Only recognition - skips the access rights verification and proceeds immediately to face verification.
  15. Set the Locking checking checkbox (12) if it is necessary to check whether the user is blocked or not.
  16. Select the Antipassback checking checkbox (13) if it is necessary to check the antipassback control.
  17. Select a method for checking the validity period of a user access card (14):
    • Do not check - the validity of the card will not be verified.
    • Not included - on the day the card expires, the user will be denied access.
    • Included - on the day the card expires, the user will be allowed access.
  18. On the Rights tab (12), from the Mode drop-down list (13select the access rights checking mode:
    • Recognition onlythe server makes the access granting decision based only on face verification.
    • Rights checkingthe server makes the access granting decision after successful verification of user access rights (access level, time zones, blocking, antipassback) and, then, successful face verification. If at the stage of checking access rights, a discrepancy in rights is found, then the device will be prompted to deny access, and face verification will not be started. The access denial event from the FACE verificator object will not be displayed in the Event viewer. If this mode is selected, the following settings become available:
      Image Added

      • Check date of begin and Check expirationsets the mode of checking the access card validity:

        • Do not checkdo not check the start or expiration date of the card.

        • Do not includedo not include the start or expiration date of the card in the check.

        • Includeinclude the start or expiration date of the card in the check.

      • Check blockingset the checkbox to check if the user is blocked.
      • Check AntiPassBackset the checkbox to control double pass.

  19. Go to the Mask tab (1) and set the Restrict access if checkboxes (2) to deny access in cases marked by the checkboxes. If none of the checkboxes is set in this block of settings, the mask recognition will be ignored.
    Image Added

  20. Go to the Temperature tab (1) and from the Mode drop-down list (2) select one of the options:
    Image Added

    1. Do not controlregardless of the temperature, the recognized person will be allowed access.
    2. Threshold exceedingaccess denied if the temperature threshold set in the Face Recognition Server on the Analytics tab is exceeded (for details, see Face Recognition Server settings panel).
    3. Rangein the Lower threshold (1) and Upper threshold (2) fields, specify the minimum and maximum allowable temperatures, respectively. Access is allowed if the recognized person's temperature is within the specified range.
      Image Added

  21. Click the Apply button (14) to save the settings

    Click the Apply button (15) to save the settings.

    Note
    titleAttention!
    Parameters (1) through (9) are mandatory. If at least one of them is not specified, then all selected values ​​of these parameters will be reset to default even after clicking the Apply button

    .

An example of the two-factor verification configured for the PERCo-S-20 v.2 integration Noder ACS integration module is presented below.Image Removed

Image Added

The two-factor verification on the ACFA side is configured.

Configuring the two-factor verification on the Face side

Two-factor verification doesn't require the face database.

On the Face side, do the following:

  1. On the Hardware tab of the System settings dialog box, create the Face Recognition Server object, based on the Computer object.
  2. Based on theFace Recognition Server object, create the Recognition channel and Tevian recognition module objects.

The two-factor verification on the Face side is configured.