Authentication and user management

SmartFace Station supports user management and authentication using the Keycloak user management and authentication server.

Detailed guide how to configure SmartFace with KeyCloak is available here

There are 3 main scopes which are recognized in SmartFace Station: Access, Investigation and Security, with 3 granular levels each - Operator, Supervisor and Administrator. So in total, there is a group of 9 roles which can be assigned to user

Scope / LevelAdminSupervisorOperator
Accessaccess_adminaccess_supervisoraccess_operator
Investigationinvestigation_admininvestigation_supervisorinvestigation_operator
Securitysecurity_adminsecurity_supervisorsecurity_operator

How to setup

The file .env.sfstation in located in the same folder as the main docker-compose.yml. There is a section in this file that allows you to configure what role is to be used in the SmartFace Station. This allows you to focus on the functionality related to the role and to hide functionality that should not be related to the role of the user.

The section of the file .env.sfstation is listed below:

# Optional roles are used for locking specified part of frontend for given roles
# Claim name is "Group mapper name" specified in Keycloak or "cognito:groups" in Cognito
# ROLES_CLAIM_NAME=sf_roles
# ROLE_KEY_ADMIN=/admin
# ROLE_KEY_SECURITY_SUPERVISOR=/security_supervisor
# ROLE_KEY_SECURITY_OPERATOR=/security_operator
# ROLE_KEY_ACCESS_SUPERVISOR=/access_supervisor
# ROLE_KEY_ACCESS_OPERATOR=/access_operator
# ROLE_KEY_INVESTIGATION_SUPERVISOR=/investigation_supervisor
# ROLE_KEY_INVESTIGATION_OPERATOR=/investigation_operator
# ROLE_KEY_SECURITY_ADMIN=/security_admin
# ROLE_KEY_ACCESS_ADMIN=/access_admin
# ROLE_KEY_INVESTIGATION_ADMIN=/investigation_admin
# FORCED_ROLE_NAME_0=/admin

By adjusting the line #14 you can adjust the role to be used. So to change the role to access operator instead of the admin role, you can set the line #14 as this:

FORCED_ROLE_NAME_0=/access_supervisor

Please do not forget to remove the # symbol as only then is the new configuration applied. Once the role is applied please save the configuration file and restart the SmartFace Station docker container. It easiest way to achieve this is to run the commands below in the same folder as is the docker-compose.yml file.

docker-compose stop;docker-compose down;docker-compose up -d

SmartFace Station roles

The default role is the admin (administrator) of the whole SmartFace Station - can see/change everything. There are 3 specific roles Access, Investigation and Security with 3 levels each - Operator, Supervisor and Administrator.

Access

Starting page at http://localhost:8000/access-control

Access AdminAccess SupervisorAccess Operator
Security Dashboard
Security Dashboard Camera Preview Setting
Security Dashboard Recent Events Settings
Security Dashboard Notification Detail
Investigation Dashboard
History
History - Notification Detail
Access Dashboard
Watchlist
Configuration
Configuration SmartFace Station section
Configuration SmartFace Camera section
Configuration SmartFace Platform section

Investigation

Starting page at http://localhost:8000/investigation

Access AdminAccess SupervisorAccess Operator
Security Dashboard
Security Dashboard Camera Preview Setting
Security Dashboard Recent Events Settings
Security Dashboard Notification Detail
Investigation Dashboard
History
History - Notification Detail
Access Dashboard
Watchlist
Configuration
Configuration SmartFace Station section
Configuration SmartFace Camera section
Configuration SmartFace Platform section

Security

Starting page at http://localhost:8000/security

Access AdminAccess SupervisorAccess Operator
Security Dashboard
Security Dashboard Camera Preview Setting
Security Dashboard Recent Events Settings
Security Dashboard Notification Detail
Investigation Dashboard
History
History - Notification Detail
Access Dashboard
Watchlist
Configuration
Configuration SmartFace Station section
Configuration SmartFace Camera section
Configuration SmartFace Platform section