Algunos de los contenidos técnicos de este sitio web solo están disponibles en inglés.

Monitoring an Orion Site

The Orion Console is available through modern desktop and mobile browsers, allowing system administrators to securely and conveniently monitor an Orion Site from anywhere in the world. This page enables system administrators to manage and maintain Orion effectively.

Accessing a site

The Admin Operator receives a welcome email when the Salto partner provides access to their site within the Orion Console. The email contains a link to the correct console for their region.

Available Regions are: EU, UAE

Log in to the Orion Console for the correct region using a Microsoft account.

Select the site from the drop-down menu in the left-hand pane.

Status checks

With a site selected, the following tile displays quick information about server status. In each case, green means the server is online and red means that the server is disconnected.

Orion Monitoring Server Tile

The icon in the upper left-hand corner shows the status of the server itself and its IP address. Then, from left to right:

  1. Number of currently connected Orion Devices.
  2. Number of enrolled users.
  3. Server status.
  4. Access Control System status
  5. Connectivity between this site and the Orion Enrollment Service.


Click View -> from the site page for more information about the server.

The information available in the Details tab is the same as the summary tile, with the addition of Last Seen showing when Orion Connect last heard from this server.

Orion Monitoring Server Information


The Devices tab provides the current status of all doors connected to this Orion Server.

Orion Monitoring Device Information

Available here for each Orion Device is:

  • MAC Address for network diagnosis.
  • Door name, with a link to any other Orion Devices commissioned to the same door.
  • Status of the device. Possible statuses are:
    • Ready - Alive and waiting for access attempts.
    • Fault - An error has occurred, or the device has not sent a message in a long time.
    • Commissioning - The Orion Device has made first contact and is currently commissioning with the server.
    • Decommissioning - The Orion Device disconnects from the server and is soon unregistered from this door.
  • Actions - Currently, just the Delete button from decommissioning Orion Devices.

There is also Show Test Code, which displays a QR code that can be presented to any Orion Device to test its connectivity to the server, camera, sensor and LEDs. The lights turn green when this code is presented and the Device is running correctly. Otherwise, red LEDs indicate a fault.

Click Add Orion Device to commission a new Orion Device to an already existing door in the connected ACS using a unique QR code.

When using a commissioning QR code, it must be shown to the respective Orion Camera. As such, it is recommended to only use this button on mobile devices.


Unless SSH access is enabled during the installation process, Orion Servers are locked down from inbound access as a strict security measure. Orion Devices are always locked down from SSH even if enabled on the server. These access and event logs are the primary way of determining system activity and diagnosing problems that may occur.

Access logs

The Access Logs tab shows details for every access attempt from an Orion Device to an Orion Server. No personal details are available through these logs.

Orion Monitoring Access Requests

In the top left, filter by date for historical access checks. Below that, each access request is a row in the table. From left to right:

  • The + shows a time split between recognition time and ACS permissions check in MS.
  • The Date/Time that the access request was first initiated.
  • Door name, with a link to any other Orion Devices commissioned to the same door.
  • A summary Message of the access request. This is the primary source of feedback in case of issues. Some common examples of feedback are:
    • Access granted: This person was recognized and allowed through this door.
    • The face detector can't find the face on the image: No face was seen during this access attempt.
    • This face was not recognized: A face was seen, but not recognized.
    • Image is not live: The anti-spoof detection suspects usage of a picture of a person.
    • The face is too close to one or more image borders: The face in the picture is too close to the edge and should be positioned more centrally.
    • The facial area is not big enough for the analysis.: The face in the picture is too far away.
  • Total Time (ms) - How long the access request took to complete entirely in milliseconds.

Each time the Orion Device senses a presence, there can be up to 3 access requests shown here.

Event logs

The Event logs tab contains a log of communications between all parts of the system. These vary in severity, from minute-by-minute status checks to major errors.

Orion Monitoring Event Logs

From left to right:

  • The Date/Time that the event was first registered
  • The Event code is a unique identifier that can be used to escalate problems to support, if necessary.
  • Door name, with a link to any other Orion Devices commissioned to the same door. Only appears if the event comes from an Orion Device.
  • Message always relates to the Event code, but with more details. For example, the event EnrolmentCount may have the message User Count:15

Pending messages

Pending messages is empty almost all of the time. It contains events that are waiting in Orion Connect to be sent to a server. All events pass through here. However, an event only remains in the case of server connection issues.

Server configuration

To simplify installation and re-installation of Orion software, everything is provided through single-use scripts that are generated in Orion Connect upon request.

Orion Monitoring Server Scripts

Server install script

Orion Monitoring Generate Build Command

Clicking on Generate Build Command under Server Install Script pops up the following window for choices between 3 different forms of installation:

  • Full Build - Generate a script similar to the one used during the installation guide. This should only be run on a fresh Ubuntu server. Do not use this option if the server is being restored from a backup.

    All commissioned Orion Devices need to be recommissioned after a full build.

  • Resync - If an Orion Server is no longer connecting or it is being re-used from a previous Orion Server installation, or if the network configuration has been changed, use the Resync option. The script updates certificates on the server enabling the server to authenticate with both Orion Devices and Orion Connect, which in turn also acquires updates to the latest release.
  • Build and Restore from Backup - The restore script builds the Orion server but leaves it ready for a data backup to be restored. Using this option ensures that all Orion devices continue to operate without needing to recommission them.

When the relevant option has been selected, click the green Generate Build Command button. Provided is a command that can then be copied and pasted into the Ubuntu server to download and run the script.

Space install script

There is only one install script for Salto Space and it can be run on any Powershell window, running as administrator, on a Windows machine with Space installed. If Salto Space is not the correct ACS, ignore this box and command.

Site configuration

Click Site Configuration in the left-hand pane to find configurations for all servers on this site. This is where legal information and ACS configuration takes place.

Orion Monitoring Site Configuration Button

Company configuration

The company in charge of the site must be named correctly and the privacy policy linked must contain explicit usage descriptions of the biometric data that is being processed by Orion. This information is provided to any user of the system upon first accessing their OES account.

If there is any doubt about the contents of a privacy policy suitable for Orion, please contact Salto for guidance.

Orion Monitoring Company Information

ACS configuration

Update connection details for the ACS here by changing the IP Address, port, or refreshing the SHIP API key.

These values must only be changed to match the ACS's network configuration. Changing them to something else breaks the connection.

Space's relevant configuration can be found in the ProAccess Space Configurator and the SHIP tab of General options.

Generate HTTPS Certificate can be ignored.

Orion Monitoring Space Configuration

API key

One of these API keys must be provided to the ACS during installation to allow for secure communication between systems via HTTPS. Refresh these at any time if there is a security concern, but administrators must ensure that the ACS is updated with the new value as well. In Space, the API key can be updated in the Face recognition tab of General Options.

Orion Monitoring API Key


The Tools section can be found in the left-hand pane and contains general purpose utilities that can apply to any server or device.

Orion Monitoring Tools Button

Trusted root certificate

To allow an ACS to trust connections to and from the Orion Server, download the root certificate from this tile. All Orion Servers and Orion Devices use a certificate that is part of this certificate chain to prove their legitimacy. Once downloaded onto the ACS, install the certificate by double clicking it on Windows and Install Certificate….

This step is included in the installation process as standard.

Orion Monitoring Root Certificate Download

SALTO SYSTEMS, S. L. utiliza dispositivos de almacenamiento y recuperación de datos de terceros para permitir una navegación más segura y comprender mejor cómo interactúan los usuarios con el sitio web con el fin de mejorar nuestros servicios. Puedes aceptar todas las cookies haciendo clic en el botón "Aceptar cookies" o rechazar su uso pulsando en el botón "Rechazar cookies". Para más información, visita nuestra Política de cookies