Advanced Authentication provides advanced biometric authentication with the Facial Recognition method. This method allows users to get automatically authenticated by presenting their face. The image of the face is captured by an integrated or external camera and recorded by the Microsoft API server, when the user enrolls the method. When the user tries to authenticate on an application, the recorded image is compared with the actual image. If the images match, the user is authenticated.
IMPORTANT:It is recommended to configure the blink detection or combine the Facial recognition method with another method in a chain to enhance security.
You can configure the following settings for the Facial recognition method:
WARNING:You must have the Advanced Authentication Device Service installed to use the Facial recognition method for logging in to the following:
Operating System: Windows, Linux, and Mac workstations.
Integration: OAuth 2.0 and SAML 2.0.
Before you configure the Facial Recognition method, you must generate the Microsoft Cognitive Services.and from the
To generate the Access Key and Endpoint URL, perform the following steps:
Agree to the license agreement.
Login with the preferred credentials.
Capture theand for the Face API.
While generating the access key for the Face API, two keys are displayed. You can use anyone of the two keys.
To configure the Facial Recognition method, perform the following steps:
Specify thethat you have generated in the Microsoft Cognitive Services. This key is used while authenticating the user.
For information about how to generate the Access Key in the Microsoft Cognitive Services, see
Specify the. This URL is location based.
NOTE:The Endpoint URL must contain face/v1.0 at the end.
For example: https://westcentralus.api.cognitive.microsoft.com/face/v1.0.
For a better quality of recognition, you must use cameras with a high definition of 720p and above.
During enrollment, the captured images are placed on Microsoft servers and Microsoft Cognitive Services returns only the Face ID to Advanced Authentication. The Advanced Authentication stores this Face ID as enrolled authenticator. Therefore, when you change to another Access Key, the related enrollments are lost.
This method is not supported for cache of Windows Client, Mac OS X Client, and Linux PAM Client.