2.11 Fingerprint

The Fingerprint method enables you to authenticate using your fingerprint(s). During enrollment, the fingerprint reader captures the fingerprint. When you try to authenticate on any device, the presented fingerprint is matched with the enrolled fingerprint. If the fingerprints match, you are authenticated successfully.

You can enroll fingers for the Fingerprint method using one of the following devices:

  • Single finger reader

  • Multi-finger reader

HINT:Fingerprint(s) enrollment is supported only on Microsoft Windows and Linux RHEL kernel 3.x.x. You must install Advanced Authentication Device Service.

Linux RHEL supports the fingerprint readers: Green Bit DactyScan84c and Nitgen eNBioScan-C1 for the Fingerprint method enrollment and authentication respectively.

Duress Finger

The Fingerprint method also allows you to assign one of the enrolled fingers as duress. Only under an emergency or a threat, you can authenticate with the duress finger. Use of the duress finger for authentication sends an alert notification to the email address and phone number that the administrator has configured.

2.11.1 Enrolling the Fingerprint Authenticator Using Single Finger Reader

  1. Click the Fingerprint icon in Add Authenticator.

  2. (Optional) Specify a comment related to the Fingerprint authenticator in Comment.

  3. (Optional) Select the preferred category from Category.

  4. Select the preferred finger for enrollment and place or swipe the finger on the reader when there is a flash.

    NOTE:Number of fingers to be enrolled and the number of scans performed for each finger are mentioned on the Add Fingerprint authenticator page.

    Red indicators below the fingerprint represents the number of captures that the administrator has configured.

  5. Repeat Step 4 to add more fingers for authentication.

  6. (Conditional) Select one of the enrolled finger as duress from Assign Duress Finger list.

    NOTE:If you have not enrolled fingers for Fingerprint method, then the Assign Duress Finger list will be empty.

  7. Click Save.

    A message Authenticator "Fingerprint" has been saved is displayed.

You can also assign a finger as duress, after enrolling the Fingerprint method. For more information, see Assigning a Finger as Duress.

IMPORTANT:It is recommended to test the authenticator after enrollment. If the test fails, delete the authenticator and enroll it again.

2.11.2 Enrolling the Fingerprint Authenticator Using Multi-Finger Reader

  1. Click the Fingerprint icon in Add Authenticator.

  2. (Optional) Specify a comment related to the Fingerprint authenticator in Comment.

  3. (Optional) Select the preferred category from Category.

  4. (Conditional) Set Use multi-finger reader for enrollment to ON to use multi-finger reader.

    NOTE:An administrator has the privilege to hide the Use multi-finger reader for enrollment and force users to enroll with the multi-finger reader.

  5. Select one of the highlighted fingers combination for enrollment. The fingers combination available are:

    • Four fingers of the left hand

    • Four fingers of the right hand

    • Two thumbs

  6. Place the fingers on the reader when you see the LEDs of selected fingers flash.

    Wait till the reader scans the fingers.

    Red indicators below the fingerprint represents the number of captures that the administrator has configured.

  7. (Conditional) Select one of the enrolled finger as duress from Assign Duress Finger list.

    NOTE:If you have not enrolled fingers for Fingerprint method, then the Assign Duress Finger list will be empty.

  8. Click Save.

    A message Authenticator "Fingerprint" has been added is displayed.

You can also assign a finger as duress, after enrolling the Fingerprint method. For more information, see Assigning a Finger as Duress.

2.11.3 Assigning a Finger as Duress

  1. Click the Fingerprint icon in Enrolled Authenticators.

  2. Select the preferred finger as duress from Assign Duress Finger list.

    The Assign Duress Finger list displays the fingers that are enrolled.

  3. Click Save.

2.11.4 Testing the Fingerprint Authenticator

  1. Click the Fingerprint icon in Enrolled Authenticators.

  2. Click Test.

  3. Place or swipe your finger on the reader.

    A message Authenticator "Fingerprint" passed the test is displayed. If the fingerprints are not identical, a message Fingerprint Mismatch is displayed.

The following table describes the possible error message along with the workarounds for the Fingerprint authentication.

Table 2-4 Fingerprint authenticator - error messages

Error

Possible Cause and Workaround

Fingerprint Service is not available

The Advanced Authentication Device Service is not installed. Ensure to install Advanced Authentication Device Service and try authenticating again.

Fingerprint reader is not connected

The fingerprint reader or vendor specific drivers are not connected properly. Ensure that the fingerprint reader and vendor specific drivers are connected properly to the machine.