How to configure your windows workstations for biometrics authentication


Managing biometrics

Authentication Manager supports three modes to authenticate users with their biometric data.

The chosen mechanism must be selected in the directory from the two following objects:

In the access point security profile configuration:

In the user security profile configuration:

"Store on PC" mode

Biometric data and LDAP password of the user are stored in the workstation local cache. This data is protected by the Authentication Manager Client and the administration rights set for the workstation.
The user must enroll on each workstation he/she wants to use.

"Store on card" mode

The biometric data of the user and the PIN of the smart card are stored on the public area of the smart card, protected by the Authentication Manager Client. The user enrolls his/her biometric data once and carries this data in his/her smart card.

"Store on server" mode

The biometric data of the user is centralized by the Authentication Manager Controller and stored in the directory. To use this mode, an Authentication Manager Controller must be available to enable the authentication of the user.
The users enroll their biometric data once by typing their name and password before placing their fingerprints on the scanner. Then they can connect to every workstation of the Authentication Manager forest without having to enroll their biometric data on each workstation they use.
On every workstation on which the user authenticates, a local cache is created, as in the "Store on PC" mode: the EAM Controller retrieves biometric data from the directory to store it in this cache.

Interface design

To manage the biometric enrollment, you will use the following administration panels:

  • The Biometrics panel, which allows you to display and export the list of users who have enrolled their biometric data.
    • To enroll a user’s fingerprints directly on your workstation, you can click  or the Biometrics menu and select Start Scan Assistant. The biometric enrollment wizard starts.
  • The Directory panel, which allows you to manage biometric enrollment in the user security profile, and for a specific user. It also allows you to configure biometric parameters in the access point profile.


Evidian Products - Protect your company from cyber attacks by unauthorized users

Identity as-a-service

Evidian takes care of everything related to your Identity and Access Management with IDaaS

Learn more   >

Identity Governance and Administration

Manage access and authorization of all your users in your company

Learn more   >

Web Access Manager

Gateway for web apps with SSO, multi-factor authentication, identity federation

Learn more   >


Monitoring and powerful reporting for regulatory compliance

Learn more   >

Authentication Manager

Authentication Manager

Enterprise multi-factor & passwordless authentication on Windows PCs

Learn more   >

Enterprise Single Sign-On (SSO)

Secure access to legacy and web apps on PCs & mobiles with SSO

Learn more   >

Self Service Password Reset (SSPR)

Reset Windows passwords online and offline

Learn more   >


High availability software for Evidian and partner applications

Learn more   >

Evidian IAM leader in the French and German markets and in U.S. Public Sector

What are IAM cyber security tools and solutions?