9.15 HANIS Face

Advanced Authentication provides the HANIS (Home Affairs National Identification System) Face method that facilitates citizens of South Africa to authenticate through their facial recognition that has been enrolled in the National Identification System. However, when the user enrolls this method using their Passport number or National ID. Advanced Authentication forwards the captured details to the third-party Service Provider that is integrated with National Identification System where the validation takes place. Based on the validation result, the user gets authenticated to the required resource or endpoint.

NOTE:The HANIS Face method is supported only in the Advanced Authentication as a Service (SaaS) model. In the on-premises model of Advanced Authentication, this method will be available in the upcoming 6.3 Service Pack 7 release.

To understand how the authentication flows in HANIS Face method, see Authentication Flow in the HANIS Method.

To configure the HANIS Face method, specify the following details:

Parameter

Description

Base URL

The third-party Service Provide URL that is integrated with National Identification System.

User name

The username to access the third-party Service Provider.

Password

The password to access the third-party Service Provider.

Organization code

An unique code using which the third-party Service Provider requires to group the requests.

Encryption Key

The key to secure the communication between the third-party Service Provider and Advanced Authentication.

Encryption initialization vector

A value that is used along with a secret key to encrypt data so that the encrypted values are not identical.

HANIS API client timeout (seconds)

The duration till when the Advanced Authentication server waits for a response from the third-party Service Provider.

User ID/Passport attribute

The passport number or national ID of a user against which the validation takes place. You can use custom attribute workforce ID of the repository.

You must define the attribute in User ID/Passport Number Attributes of the Repositories section.

User cell phone attribute

The cell phone number of a user that the third-party Service Provider requires for processing the authentication request. You must define the attribute in User Cell Phone Attributes of the Repositories section.

Allow overriding ID/Passport number

Option to prevent users from providing a passport number that is not registered in the LDAP repository. The option is set to ON by default. Set to OFF to prevent users to specifying the passport number during the enrollment.

Allow overriding phone number

Option that allows to prevent users from providing a phone number that is not registered in the LDAP repository. The option is set to ON by default. Set to OFF to prevent users to specify a different phone number during the enrollment.

Allow lower resolution image scan

It enables the Advanced Authentication server to receive the lower resolution facial images that do not comply with standards. The option is set to OFF by default. The facial image that does not comply with the standard is not sent to the server for validation. However, if the fingerprint device complies with image standards then the authentication is successful without any issue.

When set to ON, the Advanced Authentication server receives the lower resolution facial images that do not comply with standards. However, authentication might not be successful.

Max liveness detection attempts

The maximum number of times the server tries to detect the liveness of the face during authentication. Liveness includes some actions such as eye movement, blink, head tilt and so on. The default value is 3.

NOTE:When you modify the settings related to the HANIS Face method, ensure to specify the Password, Encryption Key, and Encryption initialization vector to apply the changes.