Authentication Manager supports three modes to authenticate users with their biometric data.
The chosen mechanism must be selected in the directory from the two following objects:
In the access point security profile configuration:
In the user security profile configuration:
Biometric data and LDAP password of the user are stored in the workstation local cache. This data is protected by the Authentication Manager Client and the administration rights set for the workstation.
The user must enroll on each workstation he/she wants to use.
The biometric data of the user and the PIN of the smart card are stored on the public area of the smart card, protected by the Authentication Manager Client. The user enrolls his/her biometric data once and carries this data in his/her smart card.
The biometric data of the user is centralized by the Authentication Manager Controller and stored in the directory. To use this mode, an Authentication Manager Controller must be available to enable the authentication of the user.
The users enroll their biometric data once by typing their name and password before placing their fingerprints on the scanner. Then they can connect to every workstation of the Authentication Manager forest without having to enroll their biometric data on each workstation they use.
On every workstation on which the user authenticates, a local cache is created, as in the "Store on PC" mode: the EAM Controller retrieves biometric data from the directory to store it in this cache.
To manage the biometric enrollment, you will use the following administration panels: