1 Installation and Configuration

1.1 Introduction

Deploying and configuring SAFR and AMAG Symmetry will allow SAFR to import AMAG person records and credentials to be used on SAFR SCAN face authentication readers. SAFR SCAN is using the imported face image, converted into a biometric signature, to verify a person identity when presented at a SAFR SCAN reader. When a person’s identity has been verified the SAFR SCAN reader transmits the imported Access Credentials to the access control panel via Wiegand or OSDP signaling.

Please note that SAFR will not import a person record if it does not have a card access credential. Likewise, if the access credential is removed from the person record, SAFR will delete the person record in SAFR. SAFR only supports one card access credential per person record. If multiple credentials exist, the most recently updated credential is imported.

For complete SAFR and SAFR SCAN documentation please visit http://docs.real.com.

1.2 Integration Overview and Requirements

Integrated SAFR - AMAG Symmetry is available on Windows and Linux.

Please note that this Guide does not include the Installation of the SAFR Server (SAFR Platform) or the AMAG with Symmetry. This guide specifically describes:

  1. Configure Symmetry to allow SAFR server to import People and Access Credentials from Symmetry.
  2. Configure the External Identification Synchronization in SAFR server.

A typical integration architecture:

1.2.1 Attribute mapping between AMAG and SAFR

The following is the current imported and supported attributes/field from Symmetry

AMAG

SAFR (People data record)

Notes

First Name

First Name

Last Name

Last Name

n/a

Person Type (default “none”)

SAFR defaults all Person Type records to “None”.

Picture

Picture

If no picture in person record, import only name and credentials for use with card only access.

Card Format

Access Card Format

Facility code

Access Card Facility ID

Card Number

Access Card ID

Active Date

Access Activation

Record not added until Active Date is reached.

Inactive Date

Access Expiration

SAFR Expiration set to same if before Inactive Date. If after Inactive date, record not added.

1.3 Symmetry Configuration

SAFR integration to AMAG requires the AMAG Data Connect module which requires license from AMAG. It is also required to setup DataConnect Export and create a user with permissions to export data. These are described below.

No additional license or software is required on the SAFR server.

1.3.1 AMAG Module Licensing

The Data Connect modules must be installed on AMAG with an accompanying AMAG license. Follow the following for the Data Connect.

  1. Log in to Symmetry as a user with the System Manager role. (There is a default user called Manager; its password is the same as its username but with lower case m.)
  2. Click the Maintenance tab.
  3. Under Licensing select System Licenses.
  4. Click Add.
  5. Enter the serial number from the license PDF file for the Data Connect module.
  6. One license is applied, you should now see a Data Connect Module License added.
  7. Log out of Symmetry and back in to apply this change.

1.3.2 DataConnect Export Setup

  1. Log in to Symmetry as a user with the System Manager role. (There is a default user called Manager; its password is the same as its username but with lower case m.)
  2. Select Operation, then Data, then Data Export.
  3. Select all items that need to be exported and click OK. Use default as is. Default settings ok.

1.3.3 Add Export SQL User

This task is best done using SSMS (SQL Server Management Studio) which is freely downloadable from this link: Download SQL Server Management Studio (SSMS) - SQL Server Management Studio (SSMS)

  1. After you have installed the management studio, log in using Windows credentials.
  2. Expand out the Security section, right click on Login, and select New Login…
  3. Choose and enter a Login Name and Password. Also disable the password policy, expiration, and/or change checkboxes . Please note that the login name entered here will also be the login name that it used when configuring SAFR to connect to AMAG for External Identity Synchronization.
  4. Click OK.
  5. Expand “Logins” and open the new user just created.
  6. Select User Mapping, check multiMax and multiMaxExport databases. Then select each database you just added and select db_datareader for both in the “Database role membership” list below.
  7. Click OK.
  8. Right-click on each database (multiMax and multiMaxExport) and click properties.
  9. Select Permissions and click on the username created in the earlier step. Then scroll to the “Execute” Permission in the “Explicit” list below and click “Grant” as shown:
  10. Click Ok
  11. Open properties again for that database and view the “Effective” tab. Ensure effective permissions are as follows.
    The permission is added from the Explicit tab as described above. Generally all permissions except EXECUTE are already present.
  12. Repeat Step 8 thru 11 for multiMaxExport database.
  13. Click OK to save changes.

1.4 Set up External Identification Synchronization

To set up identity synchronization between SAFR and Symmetry, do the following:

  1. Open SAFR.
  2. Click on the Tools menu in the upper left corner of the client and select the System Configuration tool from the drop-down menu.

Check the Set up External Identity synchronization box. The following dialogue will appear:

  1. Enter information for the following fields:
    • User directory name: The name of your SAFR user directory.
    • External identity host: Select AMAG from the drop-down menu.
    • Host Address: The IP address or hostname of the target AMAG server
      SAFR does not connect to netbios names. If you have netbios name of AMAG Server, you can get the ip address by executing following in a DOS command window:
      > Nbtstat.exe -a NETBIOSNAME
      Where “NETBIOSNAME” is the netbios name of your AMAG Server.
    • Host Port: The port number that the target AMAG server is listening on.
    • Host User Id: The User Id should be the same Login name created above in section 2.2.3 ”Add Export SQL User”.
    • Host Password: The Password should be the password entered above in 2.2.3. “Add Export SQL User”.
  2. Click the Apply button.