Authentication and Session Monitoring

In this section:

Authentication Types

FindFace provides the following authentication types:

• password: standard login/password authentication.

• face: authentication is possible only by the user’s face.

• face_or_password: authentication is possible using either a face or login/password.

• face_and_password: two-factor authentication. After a face is successfully recognized, the user must enter their credentials.

Important

The standalone liveness service (findface-liveness-api) must be installed for all the authentication types based on face recognition.

Important

Before using face recognition for authentication, you need to attach photos to users’ profiles and equip their workplaces with webcams.

Note

You can enable a work session monitoring for the authentication types face and face_or_password. In this case, the system will be periodically renewing the session after verifying that the face of a person at the workplace matches the user’s face that has logged in (see Configure Authentication and Session Renewal for details).

Tip

FindFace also provides a certificate-based authentication that is configured independently. Contact our support team for details (support@ntechlab.com).

Configure Authentication and Session Renewal

To configure authentication and session monitoring, do the following:

1. Open the /etc/findface-security/config.py configuration file. Find the FFSECURITY_AUTH_CONFIG section.

   sudo vi /etc/findface-security/config.py
   
   
   FFSECURITY_AUTH_CONFIG = {
       # available options: face, password, face_and_password, face_or_password
       'AUTH_TYPE': 'face_or_password',
       'FACE_AUTH_CONFIDENCE': 0.745,
       # 180 days by default
       'MAXIMUM_SESSION_LENGTH': 15552000,
       # session renew works only with face or face_or_password authorization type
       'NEED_SESSION_RENEW': False,
       'RENEW_SESSION_INTERVAL': 0,
       'MAXIMUM_RENEW_ATTEMPTS': 2,
   }
   

2. Set the following authentication parameters:

   • AUTH_TYPE: authentication type. Available options: face, password, face_and_password, face_or_password.

   • FACE_AUTH_CONFIDENCE: after a face in the webcam video is detected as alive, the system checks this face against the database of user photos with this confidence threshold.

   • MAXIMUM_SESSION_LENGTH: the maximum session length, in seconds. After a session expires, the user will be automatically logged out unless the session is renewed.

3. Set the following session monitoring parameters:

   • NEED_SESSION_RENEW: if True, a session can be renewed and prolonged by the time equal to MAXIMUM_SESSION_LENGTH, after verifying that the face of a person at the workplace matches the user’s face that has logged in.

   • RENEW_SESSION_INTERVAL: period in seconds before the expected time of the session expiry, during which the system will attempt to renew the session by enabling the webcam and verifying the user’s face.

   • MAXIMUM_RENEW_ATTEMPTS: the number of user verification attempts. The attempts occur in a row during the renewal interval.

   Note

   A verification attempt takes about 3 seconds to complete.

   Tip

   We recommend you to set up the monitoring parameters so that MAXIMUM_RENEW_ATTEMPTS multiplied by the attempt duration is less than RENEW_SESSION_INTERVAL. Otherwise, the system will extend the renewal interval x2, x3, and so on, subject to the number of attempts.

4. Restart findface-security.

   sudo systemctl restart findface-security.service
   

Log out All Users

To automatically log out all users, execute the following command on the FindFace principal server console:

sudo findface-security logout_all_users

Tip

This command comes in handy when switching to a different authentication type.