2 SAFR SCAN First Run

1 How it works
2 SAFR SCAN First Run

3 Hardware Setup
4 SAFR Account Setup
5 Software Setup
6 Troubleshooting
7 Hardware Specifications

This section describes powering up and testing your SAFR SCAN reader.

2.1 Prerequisites

SAFR SCAN requires the following:

A SAFR SCAN device
A door connected to one of the following:
- A Wiegand physical access control (PAC) panel
- An OSDP PAC panel
- A relay
A PC or Mac with a web browser (for configuration)

2.2 Unbox SAFR SCAN

Unbox the SAFR SCAN device (the “reader”). Take note of the MAC Address (you will need this to create our Software Download account.

MAC Address

2.3 Power up SAFR SCAN

Plug a PoE cable into your SAFR SCAN device.
- The SAFR SCAN device relies on PoE for its power.
  - Alternatively, SAFR SCAN can be powered via the 12V Auxiliary power terminals.
- Ensure that your SAFR SCAN device is connected to the same network as your PC or Mac machine.
When your SAFR SCAN device turns on, its IP address appears on its screen momentarily.
- Take note of the IP address; you’ll need it in the next step.
- The SAFR SCAN device defaults to DHCP, but if the device is unable to obtain a dynamically allocated address, then it defaults to 10.10.10.10 or an IP in the 169.254.x.x range.
Open a web browser on your PC or Mac and go to http://IP_ADDRESS (where IP_ADDRESS is obtained from the previous step). This will take you to the SAFR SCAN Console.
- You may be presented with a browser security warning about the default SAFR SCAN self-signed CERT. This is normal. See SAFR SCAN SSL CERT Security Warning in the SAFR SCAN Administration Guide for more details.
- If needed, see SAFR SCAN Networking in SAFR SCAN Administration Guide for information on connecting to SAFR SCAN without DHCP and setting SAFR SCAN to a fixed IP Address.
Click “Set Up System Login” when prompted and complete form.
- The username is always 'admin'
- The email address can be used to reset the device password. See Administrator Guide for details.
When complete, login with the username 'admin' and the password set in previous step.

If the date and time is off by more than a few minutes events may not appear on the timeline making it appear as the reader is not functioning. Check Date and Time on the System tab. An NTP server is strongly recommended to ensure device clock is accurate.

2.4 Enrollment

This section covers enrolling a person and have SAFR SCAN authenticate them as authorized for entry.

2.5 Enroll a person into SAFR SCAN

You can either enroll people by using an uploaded image of their faces or by using the camera on the SAFR SCAN device. See the SAFR SCAN Console’s People tab documentation for details on how to use an uploaded facial image to enroll a person.

2.5.1 Upload Face Image

Open SAFR SCAN Web Console as described above.
Navigate to the People screen
Click “Add” button in upper right
In the dialog provided, chose image file and enter user information as shown below.

At a minimum, set first or last name and Access Clearance. Optionally provide Facility ID and Card ID.
Click Save Changes and the new person record will be added.

2.5.2 Enroll at the Reader

Open SAFR SCAN Web Console as described above.
Navigate to the Live tab
Have a person stand 1 to 3 feet in front of the SAFR SCAN device, and have them look directly at the reader’s camera.
In the live tab, click “Enroll” and enter the user information in the dialog shown.

Access Clearance must be set or SAFR SCAN will not grant access.
Click OK to add the new person record.

2.5.3 Test Face Matching

Have the enrolled person stand 1 to 3 feet in front of the SAFR SCAN device and have them look directly at the device’s camera.
The LED ring should light up green indicating that SAFR SCAN has seen an authorized person.
The Live tab of the SAFR SCAN’s Console should show that the enrolled person has been granted access.

2.5.4 Did it work?

Check troubleshooting section below if not.

At this point your SAFR SCAN device is functioning and ready to be installed.

2.6 Test Calibration

For optimal performance, the structured light projector must be well calibrated. In rare cases, devices may get out of calibration due to a shock. To ensure best performance, test structured light calibration as follows:

Open Live tab.
Change the dropdown below the video preview region to ‘Face 3D”
Stand between 1 to 3 feet from the device
Verify contour map of face looks valid as follows:

A screenshot of a computer

Description automatically generated

If device appears out of calibration, see https://docs.real.com/access/guides/articles/calibrating_structured_light_sensor.

2.7 People Tab

People Tab displays any person records that have been enrolled on the reader.

A screenshot of a computer

Description automatically generated

You can use this tab to filter, view or edit person records. Once connected to SAFR Server, any person records on SAFR Server are downloaded to the reader depending on your filter settings. By default, for privacy reasons, face images are not downloaded to the reader but face matching will function as normal.

2.8 Operation Tab

In this tab you will find settings to configure reader behavior. These settings are covered in SAFR SCAN Administration Guide. Below is a description of the most important options.

2.8.1 Access Control

Access Mode controls which authentication factors the reader will check. Available factors include Face, Access Card, Keypad and Mobile Credentials with combinations of above to support multi-factor authentication.
- Multi-factor authentication is performed on the reader. No need to configure the panel to coordinate different factors from different sources. For example, you can use this option to turn on Card AND Face authentication for IT rooms to improve security. Or you can change to options such as keypad for low security general use rooms such as staff only break room.
Spoofing protection level controls the degree of protection against impersonations using printed photos or masks.
- Standard works for most, even those with minor occlusions such as glasses or covid masks. Use this setting if you wish to strengthen your security (go to a higher mode) or improve ease of use and speed (go to a lower mode). You may want to consider disabling this feature on monitored doors (i.e. monitored turnstiles, doors with operators nearby) or internal doors for greatest convenience for your credential holders.
Access Denied Signal to Control Panel allows the administrator to configure a fixed credential to send to the panel if someone attempts an unauthorized access. SAFR also reports these events in its event history with face image of the person attempting access as well as the full scene image.

2.8.2 Camera

Backlight compensation is SAFR SCAN's unique capability to directly control the camera's exposure (shutter speed and aperture) to ensure best lighting on the face. In most lighting conditions, Auto performs well. This setting allows you to give a hint to SAFR SCAN in conditions where there sare extreme lighting conditions. Use this if SAFR SCAN recognizes the face but takes a while to show the green heart (anti-spoofing test) and present access granted message.
Scene exposure region allows you to enhance the camera's ability to detect faces in cases where there is very strong backlight. For example, if the sun is directly in the line of sight of faces at certain times of day, setting the region to Bottom 35% will ensure SAFR SCAN does not detect approaching faces because it is "blinded" by the sun.

2.8.3 Display

Display Mode or Display background when active can be used to turn off the display from echoing back the video of the credential holder as this behavior (seeing themselves on the screen) is sometimes unwelcome by users.
Activation distance will prevent the screen from activating in locations where unrelated foot traffic may be passing within activation distance of the reader.
💡This setting does not prevent face matching. To control that, see SAFR SCAN Administration Guide.
Display image when inactive allows you to add your company logo on the screen.
Keypad Layout and Keypad Code Size (number of digits for a PIN code) are cleverly tucked away at the bottom of the Display. These allow you to control the onscreen keypad.

There is a host of other very cool controls in the Display Tab. You are encouraged to explore on your own.

2.8.4 Sound

Sound tab has controls to customize the audio prompts on SAFR SCAN and the audio volume.

For each sound prompt, you can test the audio on local PC and on SCAN using the respective buttons:

A screen shot of a computer

Description automatically generated

2.9 System Tab

System Tab provides settings related to device. These settings are covered in SAFR SCAN Administration Guide. Below is a description of the most important options.

2.9.1 SAFR Server

This setting allows connection to SAFR Server for remote management, credential holder synchronization and event aggregation.

2.9.2 Video Streams

SAFR Camera provides RTSP video feeds that can be provided to 3^rd party software such as a VMS. These are not required for the SCAN access functions.

Settings in the Video streams tab allow adjustment of the RTSP stream settings. To enable RTSP streaming, a password must first be set on the Security Tab. Until a password is set, the camera will not allow RTSP connections.

2.9.3 Network

This tab allows the network configuration to be modified. The camera default is DHCP. Network can be changed to static IP Address in this page.

2.9.4 Date and Time

By default, SAFR SCAN will use NTP to get its date and time. It default to pool.ntp.org. If not available, you may need to specify an internal time server (preferred) or set time manually. Click “Sync to Computer Time” to set time manually.

⚠️ If the date and time is off by more than a few minutes events may not appear on the timeline making it appear as the camera is not functioning.

2.9.5 Update

Use this tab to update the camera firmware. If the camera is connected to a public network, it will present a list of firmware versions to upgrade if available. Else, download firmware from http://safr.real.com/firmware (make sure to select "SAFR SCAN SC50" from the dropdown) and use the “Load update file…” button to load the firmware from the PC local hard drive.

2.9.6 Reset

Use this tab if you wish to perform a software reset. This action will restore factory default settings and optimally clear Network settings and clear enrolled persons and system login. This option is useful if you have forgotten the device password.

💡If you have synchronized the credential holders to SAFR Server, credential holders will be restored back to the camera after a reset and reconnecting to SAFR Server.

2.10 Security Tab

Security Tab provides settings related to device. These settings are covered in SAFR SCAN Administration Guide. Below is a description of the most important options.

Following are the most useful actions performed in the Security Tab

Reset Password – Login & Access > Edit System Login
Enable RTSP Streaming – Login & Access > Video RTSP Access (set to Enabled and enter password)
- Digest auth is most common. Use this if unsure.

2.11 Advanced Features

Tailgating, Mobile Credentials, Feedback from Panel, and Intercom are covered in their own documents. You can find them in http://docs.real.com or http://support.safr.com. Here is a quick summary of each:

Tailgating generates an alarm to the panel indicating when a unauthorized person has gained access.
Mobile Credentials provides users with a way to use their phones as their credential and control their own personal data.
Feedback from Panel causes SAFR SCAN wait for the panel to decide if access is granted or not and display the right messaging.
Intercom allows users to initiate an audio and video call to an operator or operators to initiate the call and even unlock the door remotely.