Difference between revisions of "Biometric Fingerprint for Windows Credential Provider"

From Swivel Knowledgebase
Jump to: navigation, search
(Nitgen Reader vs Laptop Reader)
(Nitgen Reader vs Laptop Reader)
Line 22: Line 22:
  
 
1) Enrolment
 
1) Enrolment
 +
 
- Nitgen Reader: enrolment is done during the first login
 
- Nitgen Reader: enrolment is done during the first login
 +
 
- Laptop Reader: the user cannot be enrolled during login, so enrolment is done inside WCP Configuration
 
- Laptop Reader: the user cannot be enrolled during login, so enrolment is done inside WCP Configuration
  
 
2) Authentication in multiple devices
 
2) Authentication in multiple devices
 +
 
- Nitgen Reader: Nitgen reader allows to authenticate in several devices with only one enrolment
 
- Nitgen Reader: Nitgen reader allows to authenticate in several devices with only one enrolment
 +
 
- Laptop Reader: Enrolment in each of the devices is necessary
 
- Laptop Reader: Enrolment in each of the devices is necessary
  

Revision as of 17:30, 17 August 2018


Overview

With Biometric Fingerprint for WCP you can enrol the user's fingerprint, use it as 2FA or just to identify the username.

Prerequisites

AuthControl Sentry v4.0.5 onwards

AuthControl Credential Provider v5.4.2 onwards

Windows 10

Nitgen biometric reader or Laptop supporting biometric authentication (Windows Hello) with integrated fingerprint reader

Nitgen Reader vs Laptop Reader

There are some relevant differences with both types of readers that need to be considered.

1) Enrolment

- Nitgen Reader: enrolment is done during the first login

- Laptop Reader: the user cannot be enrolled during login, so enrolment is done inside WCP Configuration

2) Authentication in multiple devices

- Nitgen Reader: Nitgen reader allows to authenticate in several devices with only one enrolment

- Laptop Reader: Enrolment in each of the devices is necessary

Configuration for Nitgen Biometric Reader

Configure Credential Provider

Select in Authentication -> Method the option "Fingerprint".

Select in Authentication -> Biometric Reader the option "Nitgen".

Enrol the user

When the user is not enrolled, the user is requested, after login with username and password, to enrol the fingerprint.

1) Select the finger to enroll

2) Place the finger on the sensor the necessary times untill the enrollment is successfull

Nitgen finger 2.jpg

Authenticating

After authenticationg with username and password, when requested, place the finger on the sensor

Nitgen finger 3.jpg

Configuration for Laptop Biometric Reader

Disable Windows Hello

Windows Hello Biometric usage must be disabled in Local Group Policy:

- Access the Windows Local Group Policy Editor.

- Go to: Computer Configuration > Administrative Templates > Windows Components > Biometrics and disable the setting "Allow users to log on user biometrics".

Native finger 1.png

Install Credential Provider with Fingerprint Enrolment

Native finger 2.png

Configure Credential Provider

Select in Authentication -> Method the option "Fingerprint".

Select in Authentication -> Biometric Reader the option "Native".

Native finger 3.png

Enrol the user

After selecting "Native", Click in the button “New Enroll” to open the "BioEnrol" executable.

Select option 1 to start a new enrol to current user and follow the steps presented.

Native finger 4.png

Authenticating

With all configurations done, go to the Windows login page and access using your registered fingerprint when prompted.

Native finger 5.png.jpg

Native finger 6.png.jpg

Biometric Identification

Removing user fingerprint

To remove a user fingerprint from the appliance, the administrator can go to User Administration, Select View -> Attributes, click the user and select "Remove fingerprint".

Remove fingerprint.png