To configure two-factor verification, do the following:

1. On the Hardware tab of the System settings dialog box, create the Virtual access server object, based on the Computer object.
   
2. Create the FACE verificator object, based on the Virtual access server object, and go to its settings panel.
   
3. From the Camera drop-down list (1), select the camera that captures the faces. The camera should work as part of the Face Recognition Server.
   
4. From the Server drop-down list (2), select the Face Recognition Server.
5. From the Control drop-down list (3) select the access granting mode:
   • Server decides - depending on the result of the check/face verification, the access is granted or denied.
   • Always redirect - regardless of the result of the second stage, the verifier redirects its solution to the Event Manager/Photo ID/Script using the delegation event and awaits for the the external verifier decision. Depending on the result, the access is granted or denied.
   • Redirect on failure - if the first stage is successful, then this mode is similar to the Server decides mode. If the first stage is failed, then the solution is delegated to the external verifier.
   • Redirect on success - if the first stage is failed, then this mode is similar to the Server decides mode. If the first stage is successful, then the solution is delegated to the external verifier.
6. From the Mode drop-down list (4) select the rights checking mode:
   • Recognition only - mode and set check boxes corresponding to checking which are to be performed if it is required to check the user access level which face was recognized, time zones of this access level and perform additional checking.
   • Rights checking - activates checking the user access rights according to the parameters below. Only after the access rights verification, if successful, the face verification is performed.
     

     • In the Check date of begin and Check expiration section select a radio button corresponding to the settings of checking the card validity date specified in the Access Manager interface object.

       • Do not check – if the card expiration date check is not required.

       • No not include – do not include the card expiration date in the check.

       • Include – include the card expiration date in the check.

7. From the Object type drop-down list (5), select the type of object that will initiate the face check. Typically, this is an access point, reader, etc.
8. From the Object drop-down list (6), select the object of the type specified above.
9. From the Event drop-down list (7), select the event by which the face check will be launched. The list of available events depends on the selected object type.

10. From the Reaction for access drop-down list (8), select the command that will be sent to the initiating object upon the successful face verification. The list of available commands depends on the selected object type.

11. From the Reaction for denial drop-down list (9), select the command that will be sent to the initiating object upon the unsuccessful check/face verification. The list of available commands depends on the selected object type.

12. If necessary, in the Cache-parameter No.1-No.3 fields (10), specify the parameters that are individual for each ACS integration software module.

    For example, in the PERCo-S-20 v.2 integration module, each request to the operator is accompanied by the request_id parameter. This parameter must be returned when confirming the access, otherwise the command will be ignored. For Noder ACS, this parameter is param1.

    
    

13. Click the Apply button (11) to save the settings.

An example of the two-factor verification configured for the Noder ACS integration module is presented below.

The two-factor verification is configured.