Home/Access/Integrations/Genetec/Genetec Rio Integration Guide
Table of Contents
1 Introduction
2 Genetec Configuration
3 Troubleshooting

1 Introduction

The SAFR SCAN integration with RIO allows for real-time, high-accuracy biometric authentication, ensuring that only authorized individuals gain access to restricted areas. SAFR SCAN uses the imported Cardholder picture, converted into a biometric signature, to verify a person identity when presented at a SAFR SCAN reader. SAFR SCAN supports the RIO protocol. SAFR SCAN is able to connect to Genetec Cloud Link and control a door by performing physical access control panel functions (Door lock, REX and Door Contact). In this way, SAFR SCAN is able to act as a door controller without the need for a separate panel.

This guide does not describe how to configure SAFR to import cardholder and credential data from Genetec Security Center. To know about Attribute mapping, person and credentials sync and API access, refer to the Genetec - SAFR Cardholder Integration Guide available at http://docs.real.com.

To integrate and use the SAFR SCAN RTSP video feed in Genetec Security Center for surveillance please see the SAFR Genetec VMS Integration Guide.

For complete SAFR and SAFR SCAN documentation please visit http://docs.real.com.

1.1 System Requirements

Genetec has the following system requirements:

  • Genetec Security Center Version 5.7 to 5.13
    ⚠️ Consult SAFR support before upgrading Genetec beyond supported versions.
  • One or more Genetec Cloud Link devices.
  • SAFR SCAN supports all models of Cloud Link.

SAFR has the following system requirements:

  • SAFR Platform Version 3.28 or later
    • Each machine running the SAFR Server must meet the following requirements:
    • Windows 10, Windows Server 2016 or later
    • i5 or Xeon Silver 4216 or faster with at least 4 cores allocated to SAFR Computer
    • 16 GB System RAM
    • 1 TB Storage
  • SAFR SCAN Firmware version 2.2 or later
  • For systems running more than 50 SAFR SCAN, please consult SAFR Technical Support at support@safr.com or http://support.safr.com

1.2 Integration overview and System requirements

1.2.1 Video Tutorial

Following is a 10 minute overview of the SAFR RIO integration to Genetec.

SAFR RIO Genetec Integration

1.2.2 Integration overview

This guide describes:

  1. Detailed instructions for integrating SAFR SCAN with Genetec Security Center to enable biometric authentication.
  2. Step-by-step guidance on configuring SAFR SCAN as a RIO device.

This guide does not cover cardholder and credential synchronization. See Genetec - SAFR Cardholder Integration Guide available at http://docs.real.com. This document assumes that cardholder integration is already configured.

1.3 Integration Architecture

A typical integration architecture:

This diagram represents an integrated access control system that leverages Genetec Security Center, SAFR Server, and Cloud Link to facilitate seamless and secure authentication through a combination of facial recognition and credential-based access.

The diagram demonstrates two types of ways in which SAFR SCAN integrates to Genetec for opening doors.

  • Low voltage Wiegand or OSDP Wiring - SAFR SCAN authenticates a face and send credentials over Wiegand or OSDP to the physical access control panel (this is not the subject of this document)
  • Cloud Link via IP Networking - SAFR SCAN authenticate the face and either unlocks door directly (empowered mode) or sends credentials to Cloud Link via IP networking (this is the subject of this document).

In both cases, the process begins with Genetec Security Center, which serves as the primary system for managing cardholder information and access credentials. These cardholders and credentials are synchronized to the SAFR Server and pushed out to the SAFR SCAN devices. SAFR SCAN is then is responsible for handling facial recognition authentication.

1.3.1 Operation Modes

SAFR RIO integration operates in two modes; empowered and cooperative mode. These are described below.

1.3.1.1 Empowered mode

When operating in empowered mode, the SAFR SCAN device can make independent access control decisions without relying on an active network connection.

The device operates independent of connection to Cloud Link. All cardholders and credentials are loaded on the device and decisions for unlocking door are made locally. This method does not allow for some advanced schedules or panel rules such as two-man-rule. This option requires additional space on the device to store access levels which will reduce its overall capacity depending on the number of access levels. Space required for access levels will reduce the total cardholder limit from the normal 50,000 (mask or no mask) or 100,000 (no masks) models.

In this mode, SAFR SCAN acts as a panel. Only in this mode will SAFR SCAN perform actions on the door such as activating the door strike or accepting input signal from a REX (Request to Exit button).

In empowered mode, data flows from Genetec Security Center to SAFR SCAN and SAFR SCAN controls doors directly through its Door State and REX inputs and Door Relays.

1.3.1.2 Cooperative mode

In contrast with empowered mode, when operating in cooperative mode, SAFR SCAN devices defer access decisions to the connected access control panel via Cloud Link.

The device defers access control decisions to connected Cloud Link device. Due to the dependence on the Cloud Link device, if connection to Cloud Link is lose, then the function of the device is lost as well. Because access levels do not need to be stored, the device can reach the stated capacity of 50,000/100,000 cardholders.

In this mode, SAFR SCAN depends upon the physical access control panel to unlock doors and receive inputs such as REX. This is accomplished by sending person credentials to the Cloud Link device.

In cooperative mode, data still flows from Genetec Security Center to SAFR SCAN. Once authenticated, data then flows to Cloud Link via IP networking as shown by the blue lines in the diagram above.

1.3.2 How it works

When a user attempts to access a secure area, they interact with a SAFR SCAN device, which captures their facial data and compares it against the face. The face and the credentials stored locally on the SCAN device. The access mode of the SAFR SCAN can be either "empowered" or "cooperative", defining how access decisions are made. In empowered mode, the SAFR SCAN itself is authorized to make access control decisions independently. In contrast, in cooperative mode, the SAFR SCAN defers access control decisions to the connected access control panel or host controller by sending credentials to Cloud Link and allowing it to evaluate access rules and perform necessary actions. This flexibility allows the system to be adapted to different security requirements, where some environments may benefit from independent decision-making at the device level, while others require centralized authorization.