To enable face recognition, a few system settings need to be configured.
Cloud Services Registration
If you're not already using the mobile app, your company will need to be registered for Cloud Services. Please submit a support ticket to get this enabled.
If you are already registered for Cloud Services but do not see the options below, please create a support ticket to make sure face recognition is enabled for your system.
Location Settings
Firstly, we have to update the location settings to use face recognition instead of the traditional finger vein scanner. This can be found within Humanforce Web > Admin > System Config > Location settings > Biometric Scanner Settings.
Note: This can be configured differently for each location, however only finger
vein OR face recognition can be selected. A location is unable to use a
combination of both.
System Settings
There are some additional security options which are located in the System Settings. This can be found within Humanforce Web > Admin > System Settings.
Enable Strict Privacy Mode: Having this option selected means an image of the user is never permanently stored in the system. The only time an image will be stored is during the initial registration approval. After the initial approval, the image is deleted and all future captured images from the login process are immediately deleted. The downside to this is there is no way to review any suspicious login attempts.
Restrict Login IP/CIDR Range: This option can be used to only allow face recognition logins from defined External IP addresses. Values can be comma separated or CIDR range.
The default option with all 0s mean no IP restrictions are in place.
Navigation Manager
The Navigation Manager plays an important part in configuration, by limiting the available modules users have access to after clocking in with face recognition.
Due to face recognition being potentially less secure than the finger vein scanner or strong password, it is highly recommended to limit the visible modules available. Ideally, the face recognition logins would only be able to clock in and out for work. If an employee wants to perform any other functions like apply for leave or update personal details, they can log in with their password and complete those functions.