How to configure your windows workstations for biometrics Authentication

Managing biometrics

Authentication Manager supports three modes to authenticate users with their biometric data.

The chosen mechanism must be selected in the directory from the two following objects:

In the access point security profile configuration:

In the user security profile configuration:

"Store on PC" mode

Biometric data and LDAP password of the user are stored in the workstation local cache. This data is protected by the Authentication Manager Client and the administration rights set for the workstation.
The user must enroll on each workstation he/she wants to use.

"Store on card" mode

The biometric data of the user and the PIN of the smart card are stored on the public area of the smart card, protected by the Authentication Manager Client. The user enrolls his/her biometric data once and carries this data in his/her smart card.

"Store on server" mode

The biometric data of the user is centralized by the Authentication Manager Controller and stored in the directory. To use this mode, an Authentication Manager Controller must be available to enable the authentication of the user.
The users enroll their biometric data once by typing their name and password before placing their fingerprints on the scanner. Then they can connect to every workstation of the Authentication Manager forest without having to enroll their biometric data on each workstation they use.
On every workstation on which the user authenticates, a local cache is created, as in the "Store on PC" mode: the EAM Controller retrieves biometric data from the directory to store it in this cache.

Interface design

To manage the biometric enrollment, you will use the following administration panels:

  • The Biometrics panel, which allows you to display and export the list of users who have enrolled their biometric data.
    • To enroll a user’s fingerprints directly on your workstation, you can click  or the Biometrics menu and select Start Scan Assistant. The biometric enrollment wizard starts.
  • The Directory panel, which allows you to manage biometric enrollment in the user security profile, and for a specific user. It also allows you to configure biometric parameters in the access point profile.