What is it ?
Face Recognition is a biometric method for uniquely identifying or verifying the identity of a person by comparing and analysing patterns based on the person's facial contours.
How cidaas makes use of Face Recognition as a part of Multifactor Authentication?
Face Recognition is one of the Authentication types that cidaas uses to authenticate users through Authenticator application.
As a prerequisite, the admin must enable the Multifactor authentication settings in the admin dashboard -make sure Face Recognition is enabled here.
Once the above setting is done, users can now configure their profile to enable MFA, and face recognition. For the very first time, the user needs to set up his/her cidaas Authenticator account. To do this:
1. On the client web portal, the end user has to choose the type to of authentication to face recognition.
2. Run the authenticator App (free download from App/playstore)
3. Scan the QRCode.
4. Register the face by slowly blinking for a few seconds, till the face is captured as image on camera. The face-image will be sent to server for further processing along with the device-ID and the FCM token of the Smartphone.
5. This device-ID and FCM token is the basis for sending notifications during login.
6. When the user logs-in to the web portal/ any other service, he will get a notification to login. When he clicks that, the app asks for the verification of face. The user needs to verify his face on camera. If this matches with the originally configured data -stored in cidaas server, will the user be successfully authenticated.
Once the user has configured his face, each time he logs in to his web portal account, he gets a push notification. When the user clicks on this notification, he has to authenticate by verifying his face. When identified, the confirmation message is send to server and the user is successfully logged in as shown below.
Both the configuration and usage flows are explained below with concrete screenshots:
Face Recognition: Configuration
Download and Install the cidaas authenticator app from the below link, if not done so already.
On your dashboard page (web portal), go to Physical Verification Setup and select Configure button seen under the Face Recognition (cidaas authenticator app) option.
The following screen appears on the web.
To scan the QR code presented, open your downloaded cidaas authenticator app and click on Add tab.
Scan the QR Code displayed on your desktop.
Note: The above describes how to configure the authentication method on a desktop, i.e., The QR code is displayed on the desktop and it is required to scan the QR code using the cidaas Authenticator App installed and opened on a smartphone/mobile device. However, the configuration could also be done exclusively on through a mobile device without using a desktop, the steps for which are explained below:
If using the mobile browser to configure the chosen method of authentication the QR code scan need not be scanned. Instead, as dislayed in the screen above, you need to just click on "Open cidaas authenticator". It will automaticaly ask for the appropriate authentication information, based on the verification type chosen.
After scanning, the login screen is displayed on your phone. Login with your credentials.
When you are authenticating, the loading screen will appear on your desktop.
Once logged in, you need to configure Face verification. Register the face by slowly blinking for a few seconds, till the face is captured as image on camera. The face-image will be sent to server for further processing along with the device-ID and the FCM token of the Smartphone.
Note: This device-ID and FCM token is the basis for sending notifications during login.
When your face is detected and captured on camera, the setup is completed.
Face recognition is now successfully configured.
Then, your app and your desktop screen will look as shown in the figure:
Face Recognition: Usage
During Login, select “click here for passwordless authentication, Enter your email ID and click Proceed. Select Face Recongnition (cidaas authenticator app) to login
The multiple device screen gets displayed
The screen waits for authentication
User can authenticate your face via authenticator app or webcam [beta].
If authenticatin using the authenticator app, push notification will be sent to the mobile that has the authenticator app.
Click on that notification to view authentication request. The request shows the browser type, location and date/time, when the request was made (as shown in the below screen if you click allow button, it will continue the authentication process(step-4). Otherwise you won't be able to proceed with authentication).
On click of deny button the 'Notification Deny' screen will be shown, where user can select appropriate reason for denying the request and submit it. After that you won't be able to authenticate further.
If user chooses Face Recognition with webcam [Beta] the camera of the mobile/desktop is automatically turned on and your can scan your face. Follow the below mentioned steps to complete authentication using the webcam:
When the Webcam is turned on the face verification screen is displayed. Tap on "Start Detection" to invoke face detection. Verify your facee using the camera. Click on "Verify". If the captured face matches the configured face, authentication is successful.
Note: For best results, you have to slowly blink your eyes so that the algorithms can detect your live face.
You are now successfully logged in.