Page History

Two-factor step verification includes configuration on the ACFA PSIM side and on the the Face PSIM side.

Configuring

...

two-

...

step verification on the ACFA side

To configure two-factor step verification, do the following:

1. On the Hardware tab of the System settings dialog box, create the Create the Virtual access server object (1), based on on the basis of the Computer object on the Hardware tab of the System settings dialog window.
   Image Added
2. Create the FACE verificator object (2), based on on the basis of the Virtual access server object, and go to its .
3. Go to the settings panel of the FACE verificator object.
   Image RemovedImage Added
4. From the Camera drop-down list (1), select the camera that captures the faces. The camera should must work as a part of the the Face Recognition Serverrecognition server (see Configuring the Face recognition server object).
   Image RemovedImage Added
5. From the Server drop-down list (2), select the Face Recognition Serverrecognition server.
6. From the Control drop-down list (3), select the access granting mode:
   • Server decides—depending on the result of the access rights check or face verification, the access is granted or denied.
   • Redirect always—regardless of the result of the second stage, the verifier redirects its solution to the external verifier (Event Manager/Photo ID/Script). Depending on the result, the access is granted is granted or denied.
   • Redirect if decline—if the first stage is successful, then this mode is similar to the Server decides mode. If the first stage is failed, then the solution is delegated to the external verifier.
   • Redirect if success—if the first stage is failed, then this mode is similar to the Server decides mode. If the first stage is successful, then the solution is delegated to the external verifier.
7. In the Timeout field (4), enter the time in seconds after which the connection with the Face Recognition Serverrecognition server is terminated.

8. If necessary, in the fields of the Cache parameters group (5), set the parameters that are specific for each ACS integration module.
   Image Added
   

   Info
   title Note
   For example, in the PERCo-S-20 v.2 integration module, each request to the operator is accompanied by the request_id parameter. This parameter should must be returned when confirming access, otherwise, the command will be is ignored. For the Noder the Hikvision ACS, such parameter is param1.

9. Set the Generate custom Access granted / Access denied event checkbox (6) if checkbox if it is necessary that the FACE verificator object generates an additional event about granting/denying access, and specifies the reason for the denial. These events can be used to work with scripts or the Event manager interface module.
10. From the Object type drop-down list (7), select the type of object that will initiate initiates the face check. Typically, this is an access point, a reader, etcand so on.
    Image Added
11. From the Object drop-down list (8), select the object of the type specified above.
12. From the Event drop-down list (9), select the event by on which the face check will be launchedis started. The list of available events depends on the selected object type.

13. From the Reaction for access drop-down list (10), select the command that will be is sent to the initiating object upon the successful face verification. The list of available commands depends on the selected object type.

14. From the Reaction for denial drop-down list (11), select the command that will be is sent to the initiating object upon the unsuccessful check/face verification. The list of available commands depends on the selected object type.

15. On the Rights tab (12), from the Mode drop-down list (13), select the access rights checking check mode:
    1. Recognition only—
    the
    1. server makes the decision to grant access
    granting decision
    1. based only on face verification.
    2. Rights checking
    —the server
    1. —server makes the decision to grant access
    granting decision
    1. after successful verification of user access rights (access level, time
    zones
    1. schedules, blocking, antipassback) and, then, successful face verification. If at the stage of checking access rights, a discrepancy in rights is found, then the device
    will be
    1. is prompted to deny access, and face verification
    will not be
    1. isn't started. The access denial event from
    the
    1. the FACE verificator object
    will not be
    1. isn't displayed in the Event
    viewer
    1. Viewer. If you select this mode
    is selected
    1. , the following settings become available:
       
    Image Removed
    1. Image Added

       1. Check date of begin and Check expiration—sets the mode of checking the access card validity:

          • Do not check—do not check the start or expiration date of the card.
          • Do not include—do not include the start or expiration date of the card in the check.
          • Include—include the start or expiration date of the card in the check.
16. Check blocking—set the checkbox to check if the user is blocked.
1. 1. AntiPassBack—select the antipassback control mode from the drop-down list:
      • Do not check—antipassback control is disabled.
      • Strict—antipassback control is enabled, that is, when a person accesses through one access point more that once, an access event isn't generated and access is denied.
      • Timed—antipassback control is enabled for the time period specified in the APB Timeout field.
        Image Added
        
        • APB Timeout—sets the time interval in HH:MM:SS format, during which the antipassback control is enabled.
      • Soft—a person can access, but a note is made in the access event that a person accessed with a violation (repeated access).
   2. Check liveness—set the checkbox to control if a photo is presented instead of a live person. By default, the checkbox is clear
Check AntiPassBack—set the checkbox to control double pass
1. 1. .

17. Go to the Mask tab (1) and tab and set the Restrict access if checkboxes (2) to deny access in cases marked by the checkboxes. If none of the checkboxes is set you don't set any checkbox in this block of settings, the mask recognition will be is ignored.
    Image RemovedImage Added

18. Go to the Temperature tab (1) and tab and from the Mode drop-down list (2) select , select one of the options:
    Image RemovedImage Added

    • Do not
    control
    • check—regardless of the temperature, the recognized person
    will be
    • is allowed access.
    • Threshold exceeding—access denied if the temperature threshold set in the Face
    Recognition Server
    • recognition server on the Analytics tab is exceeded (for details, see Face recognition server settings panel).
    • Range—in the Lower threshold
    (1) and
    •  and Upper threshold
    (2) fields
    •  fields, specify the minimum and maximum allowable temperatures, respectively. Access is allowed if the recognized person's temperature is within the specified range.
      
    Image Removed
    • Image Added

19. Click the Apply Image Added button (14) to save the settings.

An example Example of the two-factor step verification configured for the Noder the Hikvision ACS integration module is presented below.

Image RemovedImage Added

The twoTwo-factor step verification on the ACFA side PSIM side is configured.

Configuring

...

two-

...

step verification on the Face PSIM side

Two-factor step verification doesn't require the face database.

On the Face PSIM side, do the following:

1. On Create the Face recognition server object on the basis of the Computer object on the Hardware tab of the System settings dialog box, create the Face Recognition Server object, based on window.
2. On the basis of the Face recognition server the Computer object.Based on theFace Recognition Server object, create the Recognition channel and Tevian recognition and Recognition module VA objects.

The twoTwo-factor step verification on the Face side PSIM side is configured.