5 SAFR SCAN Web Console

• 1 Overview
• 2 Hardware
• 3 SAFR Accounts
• 4 Installation Guides
• 5 SAFR SCAN Web Console
5.1 Live Tab
5.1.1 Live Video Preview
5.1.2 Overlays
5.1.3 Video preview mode
5.1.4 Events
5.2 People Page
5.2.1 Enroll a Person Using a Face Image
5.2.2 Edit Person Records
5.2.3 Person Field Records
5.3 Operation Settings
5.3.1 Access Control
5.3.2 Attendance
5.3.3 Tailgating
5.3.4 Monitoring
5.3.5 Tailgating
5.3.6 Camera
5.3.7 Image
5.3.8 Display
5.3.9 Sound
5.4 System Settings
5.4.1 SAFR Server
5.4.2 Behavior when Connected to SAFR Server
5.4.3 Video Streams
5.4.4 Network
5.4.5 Card Format
5.4.6 Multiple Card Support
5.4.7 OSDP
5.4.8 Wiegand
5.4.9 Door strike relay
5.4.10 Date and Time
5.4.11 Update
5.4.12 Reset
5.5 Security Settings
5.5.1 System Login
5.5.2 Video RTSP Access
5.5.3 SSL
5.5.4802.1 x
5.5.5 Firewall
• 6 Troubleshooting

The SAFR SCAN Web Console provides administrators and operators web-based access to SAFR SCAN. This section describes the SAFR SCAN Web Console interface and configuration properties. See the SAFR SCAN Quickstart Guide for information on how to use the SAFR SCAN Web Console.

The first time you open the Console, it will automatically open to the Live tab shown below.

Along the top of the page you’ll see the following 5 tabs:

• Live Tab
• People Tab
• Operation Tab
• System Tab
• Security Tab

5.1 Live Tab

Live tab displays the camera view of the SAFR SCAN device on the left and events on the right.

5.1.1 Live Video Preview

Displays Video from the SAFR SCAN camera with overlay information adding boxes around the person's face and the person name. Each face above the detection thresholds in the view will have its own overlay. The overlay colors will vary depending on the type of face

• Grey (Unrecognizable) - Face is of insufficient quality to attempt reliable face matching.
• Purple (Stranger) - Face was not found in the local person database.
• Green (Known) - Face was found in local person database.
• Yellow (Concern)- Face of person record with idClass=Concern was found.
• Red (Threat) - Face of person record with idClass=Threat was found.

Device Feedback

SAFR SCAN provides feedback to the credential holder letting them know if access was granted or denied.

• Anybody who was granted access appears in green on the right side
• Anybody who was denied access appears in red.

For somebody to be granted access, two conditions must be met:

• The person must be entered in the People Database as described in the Quickstart Guide and People tab documentation.
• The person must pass a liveness check. The green heart below the person’s name indicates that the liveness check was passed.

Feedback is provided to the user using device LED Ring, on-screen text and sound. By default the feedback is presented simply based on the condition above. If Feedback from Panel (via either Wiegand or OSDP) is enabled then SAFR SCAN waits while the Access Control Panel determines if access should be granted or not based on access rules and schedules and displays appropriate feedback to user. Feedback from Panel is described in a separate guide.

5.1.2 Overlays

Overlays may be turned off using the checkbox shown.

5.1.3 Video preview mode

You can select which sensor is displayed using the dropdown. Options are:

Visible Spectrum	Infrared Spectrum	Structured Light	Face 3D

You can see thousands of dots of light that are emitted in the Structured light view. These are used to determine depth and relative distance of subjects with high accuracy. The Infrared Spectrum image was taken with the lights out.

5.1.4 Events

The section on the right displays events. There are two types of events that are reported in SAFR SCAN Web Console. They are:

Access Granted	The green heart indicates no spoofing was detected The Access Type can be Face, Card or Mobile
Access Denied	A match was not found indicating a Stranger so the Access Denied event was raised. To facilitate enrollmenet at the device, the face image was captured. Clicking "Enroll" will create a new entry in the person database (See Enrolling on Device below). The Access Type can be Face, Card or Mobile. For each type, the credential is captured (Face image, card number or mobile credential). Clicking Enroll will enroll with the captured credential.
Match	The event shows the face image from camera (left) alongside the enrolled face image (right). Far right also provides the full scene image from the camera. The match confidence can range from 100% down to about 70%. Match confidence can be interpreted as: 100%Certain match (values > 100% are possible indicating even greater certainty). 93%Close match but not certain enough to unlock the door in Secure Access scenarios. 86%Possible match with low confidence. 82%Similar face with no confidence of match. 79%Different faces.
Tailgating – Known person	Event shows time, face and scene image as well as enrolled face image and person data.
Tailgating - Stranger	Event shows time, face and scene image.

This is a subset of the events reported by SAFR Desktop. See SAFR Desktop chapter in this guide for more information on other event types.

5.1.4.1 Event Retention

SAFR SCAN does not store events locally on the device. If connected to SAFR Server or SAFR Cloud, all events are sent to the server for monitoring, auditing, and reporting. If the network goes offline, events are saved locally and persisted until the network is restored, at which time the cached events are transmitted to the server and deleted locally. Up to 30,000 events can be stored locally.

5.2 People Page

The People tab allows you to manage and configure your enrolled people. You can also enroll people using saved face images.

5.2.1 Enroll a Person Using a Face Image

Do the following to enroll someone using a saved face image:

1. Click Add. You will see an empty dialog as shown below.
   
2. Click Choose File and select the face image from your local computer, tablet, or phone. The face image should be of good quality with at least 150 pixels from ear to ear.
3. Click on the Edit button in the upper right corner of the newly added person's record.
4. Enter the following information:
5. Enter the person's First name and Last name.
6. Set the desired Access Clearance.
7. Optionally set Access Card Format if format is expected to vary by person. Set Access Card Format at the reader level if all users are assigned same Access Card Format.
8. Set the Access Card Facility ID and Access Card Id fields to the appropriate values for the enrolled person.
9. Click Save Changes. The person will be added to the Person Database.

5.2.2 Edit Person Records

To edit the records of people already enrolled in the Person Database, click on the Edit button of their record, as indicated by the arrow below.

• Name, Person Type and ID Class fields are for filtering.
• Add and Delete buttons allow adding new and deleting persons.
• Refresh will reload. The page does not update automatically like the Live page does.
• Click anywhere except the image or click the pencil icon to edit a record.
• Click anywhere on the face image to select a record (multiple records can be selected at once for deletion).

💡If faces do not appear, its likely due to setting to persist synced person face images disabled on server.

Person has many attributes. Below are just some. The Desktop software has additional properties that cannot be edited on the SAFR Camera Web Console.

5.2.3 Person Field Records

Below are all the configurable fields. Highlighted fields are required for PAC panels connected via Wiegand or OSDP connections. When a relay is used instead, only the First name, Last name, and Access Clearance fields are required.

5.2.3.1 General Information

First name	The person’s first name.
Last name	The person’s last name.
ID Class	A classification used to classify threat level (Threat, Concern, or No-Concern). SAFR uses ID Class in reports, event filters and notifications. For unknown persons, SAFR automatically assigns following ID Class values: Unrecognizable – Face is of insufficient quality (e.g. face image too small or blurry) to try to recognize Stranger – Face was not matched to any identity in the database.
Person Type	A user-defined grouping to differentiate the people enrolled in your Person Database. (e.g. "student", "teacher", and "staff"). Can be any string (including spaces). Once typed, the value will appear in the dropdown and will auto-complete on future entries. A person type is automatically deleted when the last person with person type is deleted.
Gender	A fixed value assigned for gender. Values of Male, Female or unknown. If set, SAFR displays this value instead of gender estimated from SAFR gender detection analytic.
Age	A fixed value assigned for age. If set, SAFR displays this value instead of age estimated from SAFR age detection analytic.

5.2.3.2 Access Control

Access Clearance	Specifies the level of access this person has. Access Clearances are defined in SAFR Desktop People Window. An Access Clearance includes the following: Zones (groupings that contain one or more readers) Schedule (days and hour ranges as well as holidays) Number of individuals a person can escort (used in Tailgating feature) Permission to gain additional access permissions through invitations Permission to extend access to others via invitations Allows number of guests
Access Level	The numerical representation of the person’s access level. This field is set based on the person’s Access Clearance; it isn’t directly editable.
Access Activation	Date that the person record is first activated. Before this date the person will not be granted access by SAFR (no credential is sent to the panel). Person will appear with an “Inactive” badge in the user interface. Inactive Individuals can be hidden from view via “Hide Expired” in the “…” menu on People Window.
Access Expiration	Date that the person is no longer activate. After this date the person will not be granted access by SAFR (no credential is sent to the panel). Person will appear with an “Inactive” badge. Inactive individuals can be hidden from view via “Hide Expired” in the “…” menu on People Window.
Access PIN	4, 6 or 8 digit code (PIN) used with SAFR Keypad as alternate authentication factor.

5.2.3.3 Access Card

Access Card section stores one or more access cards. If multiple cards, a count will be shown. The first card in the list is the Primary. Support for multiple credentials allows a user to hold one or more credentials. The Primary is the credential that is sent to the panel if not matching a credential as input (i.e. Face only or PIN only access)

Facility ID	Decimal representation of the credential’s facility code encoded into the card. If blank, no facility code is applied.
Card Id	Decimal representation of the credentials card id encoded into the card. If number exceeds a 32 bit value, it is shown as hexadecimal number.
Card Format	Layout of the binary data read from an access card or sent to the panel. This information helps SAFR encode the facility id and card id into binary data for purposes of transmitting the card data to the panel. If not set on the person record, the values in the reader will be used.
Card Serial Number (CSN)	The CSN or UID for the card. All cards have either a 32 bit or 56 bit CSN. SAFR can match on CSN if using the 32-bit or 32-bit mapped card formats.
Card Activation	Date that the card is first activated. Before this date the card will not be granted access by SAFR (no credential is sent to the panel).
Card Expiration	Date that the card is no longer activate. After this date the card will not be granted access by SAFR (no credential is sent to the panel).

5.2.3.4 Mobile Credential

Mobile Credential ID

Stores the mobile credential used to authenticate user with a mobile device. See SAFR Mobile Credentials Guide for more details.

5.2.3.5 Additional Information

External ID	A field used to reference a unique id in an external system (e.g. the access control system where the record was copied from). This is most often used in integrations to SAFR to allow external system to identify the source of the record.
Company	A field used to identify a person’s company. Can be any string.
Home Location	A field used to identify a person’s primary location. Can be any string.
Tags	Comma separated list of tags. Can be any string. By convention, tags are separated by commas and each element may contain a name=value or simply a value.

5.3 Operation Settings

5.3.1 Access Control

Access Mode: Specifies which kind(s) of user authentication you want to use:

Face Recognition

Face Recognition and Access Card

Face Recognition or Access Card

Access Card

Disabled

Note that "Access Card" in the options above refers to any Wiegand-capable or OSDP-capable authentication device that you connect to the SAFR SCAN device.

Access Clearances Accepted: Select the access clearances that you want to grant access to your facility. (i.e. When a person with an acceptable access clearance is viewed by the SAFR SCAN device, the door(s) connected to the SAFR SCAN device will unlock.

Face match confidence required for access: Specifies how strict you want the SAFR SCAN access control system to be. There are two options:

High: High face match confidence is required. With this option selected SAFR SCAN has a

99.9996% accuracy rate, which is more than sufficient for the vast maority of use cases.

Extreme: Extreme face match confidence is required. With this option selected SAFR SCAN has a 99.999996% accuracy rate. Selecting this option can cause SAFR SCAN to be overly strict, resulting in authorized people occasionally not being granted access.

Spoofing protection level: Specifies what level of anti-spoofing protection you want to use:

None (masks allowed)

Standard (masks allowed)

High (beta: masks not allowed)

Extreme (beta: masks and direct sun not allowed)

Wait time required to grant access: Number of seconds to wait before granting an authorized person access.

Wait time required to deny access: Number of seconds to wait before denying access to an unauthorized person. We recommend setting this to a non-zero value because sometimes the initial face recognition attempt will fail to match an enrolled person due to a temporary condition. (e.g. a bad angle, momentary bad lighting, etc.) Setting this value to 1 second (or more) gives subsequent face recognition attempts a correct for any temporary bad conditions that may arise.

Wait time for second factor: Number of seconds to wait for the second authentication method to validate. If the second authentication method validates after this wait time has been exceeded, then the user will be required to validate the first authentication method again.

5.3.2 Attendance

5.3.3 Tailgating

Tailgating detection: Enables tailgating detection.

Detection direction: Specifies the direction(s) which are monitored for tailgating. There are two possible options in the drop-down menu.

Inbound on entry only: Tailgating is only detected for people entering the facility (i.e., approaching the camera).

Inbound on entry and exit: Tailgating is detected for people entering or exiting the facility. Note that this option only works if the Door open input signal field below is set to either Door open

on Low or Door open on High.

Minimum enforced tailgating time: The minimum amount of time where tailgating is enforced after an authorized person is granted access.

Maximum tailgating distance: The maximum distance after an authorized person where a subsequent person is considered a tailgater.

Door open input signal: Indicates if the door is open.

Disabled: The door open signal is disabled.

Door open on Low: By default, the door open signal will indicate that the door is closed; a charge must be sent in order to indicate that the door is open.

Door open on High: By default, the door open signal will indicate that the door is open; a charge must be sent in order to indicate that the door is closed.

Signal to Control Panel: When enabled, a tailgating event is sent to the connected control panel when tailgating is detected. In addition, a popup dialog will appear allowing you to set the facility ID and/or card ID that you want to be included with the tailgating event. Setting a facility ID and card ID is optional.

Tailgating Signal Card Facility ID: The facility ID to include with the tailgating event, if any.

Tailgating Signal Card ID: The card ID to include with the tailgating event, if any.

Edit Signal Card IDs: Allows you to edit the Tailgating Signal Card Facility ID and Tailgating Signal Card ID values above.

5.3.4 Monitoring

Monitoring mode: Specifies how SAFR Camera processes its camera view video feed. See the Operator Modes documentation in the SAFR Software Administration Guide for full descriptions of the available Operator Modes.

Below is a summary of the monitoring modes:

• All Events Monitoring (default) – Report all events including unrecognizable faces. Unrecognizable events are not reported until person is in view for at least 1.5 seconds (configurable)

• Enrolled Monitoring – Only record events for known recognized persons

• Enrolled and Stranger Monitoring – Record events for known recognized persons and strangers. Strangers are defined as a face that was of sufficient quality to attempt to recognize, but no match was found.

• Threat/Concern and Stranger Monitoring – Record events for strangers and known people marked as Threat or Concern.

• Learn and Monitor – Auto-enroll faces as they appear in front of the camera. This creates a new identify for every face as long as the quality thresholds for learning are met. This mode is most useful for various reports that learn faces such as Traversal Reports or Queue Reports.

• Note: If you want to enroll specific faces from camera, use “Enroll” option from the Events view.

Additional analytics: Enables additional analytics; age, gender and sentiment analysis. These analytics are estimated from the face image appearing in the camera view. Their accuracy will depend upon the source image quality. No biometric signature is needed to compute.

Data is reported in user interface as shown below and persisted with event so it is available in various reports or with exported event data.

Sentiment and Smile are reported as follows:

• During event (while face is in view): Display current sentiment and show smile indicator if smiling.
• After event (face left the view): Display average sentiment and % of time smile was detected.

5.3.5 Tailgating

Settings to enable recording of video to local Micro SD card and optionally to an AWS account. See Digital Video Recording (DVR) Settings section below for information on configuring DVR.

5.3.6 Camera

Screenshot below shows Camera Settings available from Operation > Camera.

5.3.6.1 EXPOSURE MODE

Options of Face Prioritized and Scene Prioritized.

Face Prioritized

Camera exposure is optimized for any faces in view of the camera. When set to Face Prioritized, camera will adjust exposure to optimize for the largest face in view of the camera. This results in a dynamic exposure. This is the prefered mode for facial recognition. You will read below, how Scene Exposure Region can be used to give the camera a hint on what to set the exposure to when faces are not present

Scene Prioritized

Camera exposure is optimized for entire scene. When in this mode, camera does not adjust exposure based on presence of faces in the video. Exposure is optimized for the entire scene. While this mode is useful for creating an optimal video recording of entire scene, it will not optimize exposure to the face and thus have negative impact on face recognition.

Example with strong backlight

Scene Prioritized	Face Prioritized

5.3.6.2 SCENE EXPOSURE REGION

Determines the camera exposure when no face is present in the view of the camera. This setting allows you to give a hint to the camera to set exposure when no faces are in view. This is done by selecting a region of the video to set exposure. Possible values are:

• Top 25%
• Top 35%
• Top 50%
• Center
• Bottom 50%
• Bottom 35%
• Bottom 25%
• Custom

Setting this value to the exposure of where faces will appear in the video will reduce the amount of time I takes for the camera to adjust exposure for the face.

Examples

Incorrect Settings - Exposure zone set to region of strong backlight

Face not in view	Face in view

The problem is that the camera has to adjust from a very dark exposure to a very bright exposure to let sufficient light in to properly light the face. This takes a few hundred milliseconds. For fast moving objects, you may lose precious moments to perform recognition.

Correct Settings - Exposure zone set to region of similar lighting

Face not in view	Face in view

💡Use Scene Exposure mode with face in view to chose which region offers the best exposure on the face. Adjust the region, including custom if needed, until the face is well lit. Then change exposure mode back to Face Prioritized.

Default value for Scene Exposure Region is Bottom 35%. This is most often the optimal location but may not work if floor is brightly lit from outdoor reflection.

5.3.6.3 Exposure Level

Allows the exposure to be boosted or attenuated from what the camera considers optimal. This value can be as high as 400% (4x brighter) or as low as 25% (4x darker). It is recommended to leave this at 100%, but the setting may be modified if SAFR is consistently incorrectly setting exposure.

5.3.6.4 Exposure Adjust Speed

Controls speed at which the camera adjusts exposure. Default is 72%. Values greater than 72% reduces the time it takes for the camera to adjust exposure. Decreasing this value increases the time it takes to adjust exposure.

Increasing this value too far may result in "yo yo effects". That is, due to the speed of adjustment, the camera may overshoot and oscillate the exposure back and forth.

Adjusting this value may be useful in case where faces are moving very fast through the view. If the person is moving too fast, the camera may end up adjusting exposure for a face that is no longer present in that location. Speeding up the Exposure Adjust Speed may help in this case or slowing it down may avoid adjusting exposure too quickly and keeps exposure

5.3.6.5 Backlight Compensation

SAFR Camera is designed to compensate for backlight conditions. Backlight Compensation setting provide some control over that feature. Possible values are:

• Auto
• Slight backlight ( outdoors)
• Medium backlight ( outdoors )
• Medium strong backlight (typical outdoors)
• Strong backlight (indoors / outdoors )
• Very strong backlight (typical indoors)
• Extreme backlight ( indoors)

Auto mode attempt to adjust exposure under typical conditions. Other options allow you to provide a hint to the camera as to the type of conditions it is facing which will improve its ability to handle those conditions.

Backlight Compensation primarily manages the shutter speed. Shutter speed is also controlled by the Minimum and Maximum Shutter Speed settings. SAFR Camera handles these settings by applying the setting that imposes the greatest constraint. For example, if Maximum Shutter Speed is set below what the Backlight Compensation setting would set for the current conditions, then the Maximum Shutter Speed will be applied.

5.3.6.6 Maximum Shutter Speed

Max Shutter speed is one of the tools to use to handle backlighting. Faster Shutter speeds will decrease light allowed into the camera and thus darken the view. Setting Max Shutter Sped prevents the camera from darkening the face image too much due to bright background.

5.3.6.7 Minimum Shutter Speed

Lower shutter speed results in motion blur. Setting a higher minimum shutter speed can reduce or prevent motion blur.

Normally you want the minimum shutter speed to be as low as possible to increase exposure (light on the face).

At 1/120 you will typically not get motion blur. But at this speed, you may have insufficient light.

5.3.6.8 Max Gain

When the lighting gets reduced, the camera applies more gain to the image. Higher gain adds noise to the image. This results in faces looking grainy due to the noise in the signal resulting from the gain. To control noise, you can limit the Max gain setting. But by doing this, you reduce the brightness. Gain should only be adjust once improvements from adjustment of shutter speed and iris have been exhausted.

5.3.6.9 White Light / White Light level

Controls the white light mode (Auto, On and Off) and the brightness level. In Auto mode, SAFR SCAN will evaluate if white light is needed and turn on automatically if there is insufficient lighting on the face. To avoid a harsh transition, white lights will gradually fade in. This may even occur in a well lit room if there is very strong backlight.

5.3.6.10 Night Vision / IR Light Level

Controls the IR mode (Auto, On and Off) and the brightness level. In Auto mode, IR is turned only when insufficient light exists in the environment. This allows the face to be detected even in very dim or zero light environments. Once detected, the white lights may be used to facilitate face matching.

5.3.7 Image

Image settings offers features to control the picture. Image settings involve digital processing and should be reserved only when desired results cannot be achieved with Camera Settings. See Image Settings below for information about settings in this page.

The sliders in this section allow you to adjust the camera video feed so that faces appearing in the camera view are more visible, thus facilitating face recognition. Of the 4 available settings, contrast usually has the most effect on face recognition success.

Note that it’s much, much better to improve the environmental conditions rather than using the sliders in this section. Improving the light, as well as optimizing the SAFR SCAN device camera’s position, will yield better results than adjusting these sliders. In fact, in most scenarios users won’t need to adjust these sliders at all.

5.3.8 Display

5.3.8.1 Display Mode

Specifies when the SAFR SCAN device’s video region displays the device’s camera feed. There are three possible options:

• Activate when face is detected – Display shows Display background when active setting when a face is detected within Activation distance.
• Always on – Display always shows “Display background when active”
• Always off – Display will always show Display image when inactive setting.

Note: On screen text feedback will always show unless separately disabled.

Some users prefer not to see video of themselves as they interact with the reader. There are two ways to accomplish this:

• Set Display Mode (this setting) to “Always off”. The screen will always display the Display image when inactive setting which can be a logo or other options (See below).
• Set Display background when active to any value other than “Live video”

5.3.8.2 Activation distance

Control how far away someone is when screen activates. Possible values are:

• About 0.7 meters
• About 0.9 meters
• About 1.3 meters (default)
• About 2.0 meters
• About 2.7 meters

To control how far away someone is before SCAN will authenticate use Advanced Feed Configuration. This requires connection to SAFR Server so is best performed after reviewing SAFR Desktop documentation.

1. Open SAFR Desktop
2. Click on Tools and select Video Feeds Window
3. Locate the SAFR SCAN device you wish to edit
4. Select “…” menu to the right of the SAFR SCAN device Feed
5. Select “Advanced Feed Configuration”
6. Click “+Add” in upper right
7. Search for and select recognizer.minimum-face-size
8. Click Add
9. Change the value to your desired distance. Value should be specified in pixels. Equivalent distances are provided below:

• 20px - 9.5' (max range)
• 100px - 4.5 ft
• 150px – 36”
• 180px – 34”
• 250px - 25”
• 300px - 17”
• 350px– 14”
• 400px - 12"

5.3.8.3 Display brightness

The SAFR SCAN device’s video region’s brightness.

5.3.8.4 Display background when active

Behavior of this setting depends on the value set in Display Mode described above.

• If Display Mode is “Active when face is detected”, then this setting defines what is displayed when face is present and within Activation distance.
• If Display Mode is “Always active”, then display always shows this setting.
• If Display Mode is “Always inactive”, then display never shows this setting (instead shows inactive state described below).

Possible values are:

• Live video (default)
• Solid black
• Solid white
• Custom solid color

This setting is closely related to Display image when inactive described next.

5.3.8.5 Display image when inactive

Defines what to display when no faces are present.

• Disabled – Screen is off when no faces present.
• SAFR Logo – The SAFR SCAN logo is displayed when no faces present.
  
• Face Recognition Prompt – Following image displayed when no faces present.
  
• Card Scan Prompt – Following image displayed when no faces present. This is useful to guide users to where card should be tapped.
  
• Custom - A custom image is displayed when no faces present. This can be your company logo.

5.3.8.6 Display info when active and Display info text color

Provides a way to customize on screen text when faces are present and the color of the text. Options are:

• Disabled
• Time of Day to a minute
• Time of Day to a second
• Date and Time
• Device IP address
• Custom (fixed string)

5.3.8.7 Customizing LED and Text

The LED Ring color and on-screen display text can be customized for the following user prompts:

• Access Granted
• Access Denied
• Checked in
• Checked out
• Tailgating
• Waiting on 2^nd or 3^rd Factor

For each, the LED Ring color and message text is customized using following controls:

5.3.8.8 Message Prompts

The message text for following prompts can also be configured:

• Scan card – Shown when face has been detected and device is awaiting access card as 2^nd factor. This field is only relevant when SAFR SCAN has been configured to require two factor authentication.
• Send credential – Shown when face has been detected and device is awaiting mobile credential as 2^nd factor. This field is only relevant when SAFR SCAN has been configured to require two factor authentication.
• Check in/out prompt – Shown when face is detected and device is awaiting a check in or check out action

For each of the prompt, dynamic tokens can be inserted into the message string. Available tokens are: firstName, lastName, firstInitial, lastInitial, and time.

And three other prompts can be customized but do not have dynamic tokens:

• Enter code – Shown when PIN code is expected.
• Face too far
• Face too close

5.3.8.9 Keypad Controls

Keypad layout sets the keypad style (normal, scramble or scramble on each key press)

Keypad code size controls number of digits required for the PIN code.

5.3.9 Sound

Settings on this page allow control over the audible user feedback.

5.3.9.1 Sound control

• Sound output allows sound to be enabled or disabled
• Sound volume allows sound level to be controlled.

5.3.9.2 Sound message

Select the spoken text or sound to play when each respective action occurs.

For each sound prompt, you can test the audio on local PC and on SCAN using the respective buttons:

5.4 System Settings

5.4.1 SAFR Server

Specifies the SAFR Server, if any, that SAFR Camera is connected & managed by.

⚠️ if SAFR Camera is managed by a SAFR Server, many of SAFR Camera’s settings won't be locally configurable anymore; they'll only be configurable via the SAFR Server.

There are four possible values for the SAFR Server field.

• None: SAFR SCAN isn't connected to a SAFR Server.
• SAFR Server: SAFR Camera is connected to a locally deployed (i.e. an on-premises) SAFR Server.
• SAFR Cloud: SAFR Camera is connected to a SAFR Server in the cloud.
• Custom: SAFR Camera is connected to a locally deployed SAFR Server that has custom SAFR service endpoints. There are two scenarios where you might want to use custom SAFR service endpoints:
  • The SAFR Server has custom domain names for each service endpoint.
  • You want to use an unsecure HTTP connection, rather than the default HTTPS connection. We do not recommend using HTTP connections, but this may be useful in debugging.

5.4.2 Behavior when Connected to SAFR Server

5.4.2.1 Persons

When you connect to SAFR Server, the local faces database on SAFR Camera will be combined with face database on SAFR Server. If SAFR finds that two face are similar, those faces will be automatically merged into a single identify. See Software SAFR Administration Guide for information on merging and unmerging faces.

5.4.2.2 Events

Events will be uploaded from SAFR Camera to SAFR Server. This occurs in real time. Events will typically appear on SAFR Server within milliseconds of being created and will be updated in real time.

If networking between SAFR Camera and SAFR Server is unavailable, events will be cached on SAFR Camera until the connection is restored. When connection is restored, cached events will be uploaded to SAFR Server and cleared from local cache. SAFR Camera is capable of storing the latest 2,000 events with images and up to 28,000 more most recent events without images.

5.4.2.3 Configuration

When connected to SAFR Server, many of the configuration can be modified on the connected SAFR Server. Use SAFR Server Web Console or SAFR Desktop to manage those settings.

5.4.3 Video Streams

Configure and manage the video stream profiles produced by the camera.

5.4.4 Network

Manually configure the device's network settings.

Note: SAFR automatically configures its network settings when the device is first turned on and contacts a DHCP server. However, you can manually configure your device's network settings here if you need to override the DHCP server.

5.4.5 Card Format

Defines the card format that SAFR SCAN uses for internal card reader on SC200 models and the default card format that applies to all person records when transmitting credentials to the panel.

5.4.6 Multiple Card Support

SAFR SCAN supports multiple access cards. Each card has a facility code, card number and card format. When multiple access cards are defined, cards are defined in a specific order. The first is defined as primary and all other formats as secondary.

Primary card is used when using face or keypad authentication modes where the credentials are not known. For modes in which a facility and card id is received (face or QR code), multiple card format definitions are handled as follows:

• For reading cards using SCAN’s internal reader or using an external card reader, the correct card definition is selected based on the number of bits in the card format. For this reason, 2 card formats should not be defined with the same number of bits (if so, the first one in the list will always be used).
• For sending credentials to the panel, the card format that matches the credentials received are used. This only applies to access modes where credentials are taken as input (internal card reader, external card reader or QR Code)

5.4.7 OSDP

Enable OSDP connections. Note that if you don’t enable OSDP connections here, then OSDP connections won’t work even if OSDP connectors are plugged into the back of the SAFR SCAN device.

OSDP connection to Control Panel: Enables the OSDP OUT A/+ and OSDP OUT B/- pins on the SAFR SCAN Device, which are used to connect a physical access control (PAC) panel. When a user is authenticated, SAFR SCAN will send their credentials to the connected PAC panel, causing the door the PAC panel controls to unlock.

OSDP connection to Card Reader: Enables the OSDP IN A/+ and OSDP IN B/- pins on the SAFR SCAN Device, which are used to connect OSDP-capable authentication devices. Card readers are most commonly used, but you could also connect other devices such as fingerprint readers. When a user successfully uses the device to authenticate, the device will send their credentials to SAFR SCAN.

5.4.8 Wiegand

Enable Wiegand connections. Note that if you don’t enable Wiegand connections here, then Wiegand connections won’t work even if Wiegand connectors are plugged into the back of the SAFR SCAN device.

Wiegand connection to Control Panel: Enables the WIEG OUT EXT0 and WIEG OUT EXT1 pins on the SAFR SCAN Device, which are used to connect a physical access control (PAC) panel. When a user is authenticated, SAFR SCAN will send their credentials to the connected PAC panel, causing the door the PAC panel controls to unlock.

Wiegand connection to Card Reader: Enables the WIEG IN EXT0 and WIEG IN EXT1 pins on the SAFR SCAN Device, which are used to connect Wiegand-capable authentication devices. Card readers are most commonly used, but you could also connect other devices such as fingerprint readers. When a user successfully uses the device to authenticate, the device will send their credentials to SAFR SCAN.

5.4.9 Door strike relay

Manage the use of relays. Note that if you don’t enable relay connections here, then relay connections won’t work even if you physically connect a relay to the SAFR SCAN device.

Electric door strike relay: Enables the RELAY NO, RELAY NC, and RELAY COM pins on the SAFR SCAN Device. These pins are used to connect relays to the SAFR SCAN device. When a user is authenticated, SAFR SCAN will activate a connected relay for the time specified in the Relay activation duration field below.

Relay activation duration: Specifies how long the connected relay should be activated. When the relay is controlling an electronic door, which is the most common use case, this setting effectively specifies how long the door will remain unlocked.

5.4.10 Date and Time

Settings to configure NTP time synchronization server or manually set the device's date and time.

5.4.11 Update

Allows you to update both the SAFR SCAN software and the SAFR SCAN device's firmware to the latest versions. If available, SAFR will get updates directly from SAFR update server. If not, firmware can be downloaded from http://safr.real.com/firmware.

5.4.12 Reset

Allows you to either reboot the SAFR SCAN device or reset its settings to their default values.

There's no need to reboot or reset your SAFR SCAN device during the normal operation of your device, but rebooting or resetting the device can be useful if you encounter an unexpected behavior while operating the device.

5.5 Security Settings

5.5.1 System Login

The login credentials to be used to log in to SAFR Camera. This is where you can change the password.

5.5.2 Video RTSP Access

When video RTSP access is enabled, remote connections are able to view SAFR Camera’s camera feed in realtime. This is disabled by default because remote viewing isn't necessary or appropriate for most access control use cases.

5.5.3 SSL

Allows you to manually configure your SSL (Secure Sockets Layer) settings.

Upon 1st connection, you may be presented with a security warning due to the use of a self-signed CERT installed on the device. This is expected. This is a valid CERT but cannot be verified by browsers because it was not signed by a publicly trusted certificate authority.

To improve security a new self-signed CERT should be generated. This will overwrite the default self-signed CERT that SAFR SCAN ships with. Using default self-signed CERT holds a risk because the same private key used to decrypt the messages is installed on every SAFR SCAN device shipped from the factory.

To avoid the warning and operate in the highest security mode, a CERT from a valid certificate authority can be installed.

5.5.4802.1 x

Allows you to enable 802.1x authentication.

5.5.5 Firewall

Allows you to manually configure your firewall settings.