Deploying and configuring SAFR and Genetec Security Center (GSC) with Synergis will allow SAFR to import Genetec Cardholders and Credentials to be used on SAFR SCAN face authentication readers. SAFR SCAN is using the imported Cardholder picture, converted into a biometric signature, to verify a person identity when presented at a SAFR SCAN reader. When a person’s identity has been verified the SAFR SCAN reader transmits the imported Access Credentials to the access control panel via Wiegand or OSDP signaling.
Please note that SAFR will not import a person record if it does not have a card access credential. Likewise, if the access credential is removed from the cardholder, SAFR will delete the person record in SAFR. SAFR only supports one card access credential per person record. If multiple credentials exist, the most recently updated credential is imported.
To integrate and use the SAFR SCAN RTSP video feed in Genetec Security Center for surveillance please see the SAFR Genetec Integration Guide.
For complete SAFR and SAFR SCAN documentation please visit http://docs.real.com.
Integrated SAFR - Genetec Synergis is available on Windows and Linux.
Please note that this Guide does not include the Installation of the SAFR Server (SAFR Platform) or the Genetec Security Center (GSC) with Synergis. This guide specifically describes:
A typical integration architecture:
The following is the current imported and supported attributes/field from GSC
Genetec |
SAFR (People data record) |
Notes |
First Name |
First Name |
|
Last Name |
Last Name |
|
OwnerRoleType in Genetec Credential |
Person Type |
“Card Holder” if OwnerRoleType not defined. |
Image |
Image |
|
Email Address |
|
|
Mobile Phone Number |
Phone |
|
Activation |
Access Activation |
|
Expiration |
Access Expiration |
When expiration is reached, SAFR will generate Access Denied before sending credentials to panel. Record is not deleted. |
Credential Card Format |
Access Card Format |
|
Credential Facility code |
Access Card Facility ID |
Only for cardholders with Wiegand 26. |
Credential Card Number |
Access Card ID |
If multiple card credentials exist for person, only the most recently added or updated credential will be added to person record in SAFR. |
Credential PIN Code |
PIN Credential |
If multiple PINs exist for person, only the most recently added or updated PIN will be added to person record in SAFR. |
SAFR use the Genetec WEB SDK to connect and synchronize cardholders. The SAFR Part number # license must also be installed on GSC to enable this functionality and a “safrsync” user with required permissions needs to be created in Genetec. These are described below.
No additional license or software is required on the SAFR server.
An accompanying Genetec part number for SAFR integration must be added to your Genetec connection license (it is the same license and part number as for SAFR video feed integration) It currently comes in three options based on number of connections. For cardholder synchronization only one license is required per SAFR server.
Part number “GSC-1SDK-RealN-FR1”. Please ask your Genetec representative for the license.
To create a SAFR user in Genetec to synchronize the Cardholders and Credentials a minimum set of privileges will need to be set. If you would like to use one of the Genetec Privilege Templates you will need to use either “Provisioning” or “Administrator”. The specific privileges that need to be applied are documented below in section 1.2.2.1.
The specific create a user with the permissions that SAFR will require, do the following:
1. Open the Genetec Config Tool.
2. Click Tasks > User Management.
3. Create a new user (for example, “safrsync”) based on the Privilege template “Supervisor”.
4. The following specific privileges will need to be set for SAFR synchronization.
• In Application privileges.
▪ Log on using SDK
If you create a user without an assigned privilege template, the following specific privileges will need to be set for SAFR synchronization.
It is important to have a good quality images loaded into Genetec to eliminate any false positives and faster face matching times. For optimal performance of SAFR SCAN reader, a face image size of 220 pixels ear-to-ear is required.
The Genetec settings for Maximum picture size does not take into consideration face size pixel density but instead the raw size of the picture. Assuming pictures uploaded are typical head profile shots or selfies we record to set the Maximum picture file size to 200KB. Please check with your Genetec representative to make sure your system is sized for this.
Do the following:
Note: File size is not a great predictor of image quality but that’s the only control Genetec provides. Even a 40 kb image can be good quality if cropped just to the face.
SAFR is using the Genetec Web SDK for Cardholder synchronization.
Genetec and SAFR must be use the same communication protocol. SAFR can be configured to handle the following conditions.
By default, SAFR is configured to expect an SSL CERT issued by a trusted authority. If Genetec is using a self-signed CERT (default), you will see the following error when trying to connect.
You can resolve this issue in one of three ways:
Install an SSL Certificate issued by certificate authority such as Thawte. |
Refer to Genetec documentation |
Configure SAFR to use internal trust manager which will truest self-signed CERTs. |
See section 1.8.1 below |
Configure SAFR and Genetec to use HTTP (Disable SSL) |
See section 1.8.2 below |
To enable SAFR’s internal trust manager, modify SAFR Configuration and restart SAFR Server as instructed below.
genetec.trust.server.certificate:true
genetec.ssl:auto:disabled
To set up identity synchronization between SAFR and Gentec, do the following:
Check the Set up External Identity synchronization box. The following dialogue will appear:
genetec.properties
Located in the SAFR application folder under covi\app\config\covi
C:\Program Files\RealNetworks\SAFR or /opt/RealNetworks/SAFR
## DEV/Alternate:
## external.sync.client.genetec.application.id:
##
external.sync.genetec.default.site:Genetec
external.sync.genetec.default.source:Genetec
## external.sync.genetec.default.ptype:Card Holder
## external.sync.genetec.override.access.clearance:#{null}
## external.sync.genetec.override.access.clearance.level:#{null}
## external.sync.genetec.page.size:250
## genetec.federated.full.sync* forces full sync once a day
##
## genetec.federated.full.sync.enabled:false
## genetec.federated.full.sync.hour:2
##
## IF genetec.federated.full.sync.enabled == false, the following
## will indicate duration between full sync, default 7 days:
##
## genetec.full.sync.frequency.millis:604800000
## auto, enabled, disabled
genetec.ssl:auto
genetec.trust.server.certificate:true
genetec.ws.client.retries:1
genetec.read.timeout:120000
genetec.connect.timeout:120000
##
## changing this will set access facility id on all people imported
##
## genetec.facility.id.override=123SUCCESS
##