BIIM Support     Overview Installation Using the BIIM MFA Authentication - TPM - Biometrics - SmartCards / Tokens Windows Client Logon Single Sign On Secure eWallet Document Manager Managing My Identity BioCert BIIM Settings AD & LDAP Integration

BioCert® Intelligent Identity Manager Support

Using BioCert® Identity

Understanding some of the fundamental skills needed when using BioCert® Identity helps the user quickly accomplish tasks and improve overall efficiency. This section briefly describes the major operations provided by BioCert® Identity.

First, to get access to all product features, the user must log on to BioCert® Identity. Refer to Logging On to BioCert® Identity to learn how to log on.

BioCert® Identity provides services and applications (including Windows Logon, Single Sign On, Application Protection, e-Wallet, and Smart Cards and Tokens Service) to meet many needs. Based on the privileges of the user profile, authentication provides access to all the resources to which the user is authorized.

BioCert® Identity control panel

The BioCert® Identity control panel is the major user interface. Many operations and configuration settings are available from the BioCert® Identity panel. When the user is logged on to BioCert® Identity, the user has an access to the user identity, services and applications, settings and so on. Note, that some operations may require administrative privileges.

To access the BioCert® Identity control panel:

Right-click the BioCert® Identity icon in the taskbar notification area Registering credentials In order to use multifactor authentication, the user should register credentials in addition to the Windows password. The user can enroll fingerprints, smart cards, or any other credentials for supported authentication methods using appropriate links in the My Identity panel. After credentials are registered, the user can use them during the next logon.

User Identity Backup and Restore operations

User Identity consolidates and protects all private user information that may include network and local Microsoft Windows accounts, passwords for SSO applications, and encryption keys. The user has complete control over user identity through User Identity operations. The user can back up the User Identity after modifications. When a backup has been created, the User Identity can be used on another computer or restored in case of system failure. In BioCert® Identity, select My Identity to get access to these operations.

Windows Logon

Use Windows Logon section in Services and Applications panel to register and manage local or network accounts within the User Identity. The user can consolidate all local and network accounts in the Windows Logon component of the BioCert® Identity.

Single Sign On

The Single Sign On feature stores user names and passwords for multiple applications and automatically submits logon credentials when a registered application is accessed.

Use Single Sign On section in Services and Applications panel to register and manage Windows or Web applications, to set various logon options for each registered application, and to customize Single Sign On settings.

Configuring the BioCert® Identity

In BioCert® Identity, use Settings panel to configure the BioCert® Identity settings and use Authentication and Credentials panel to configure the BioCert® Identity authentication methods and policies.

The following topic sections describe the important features of the product.

Logging On to BioCert® Identity

The user can log on to BioCert® Identity from any of the following places:

• BioCert® Identity Logon Interface (if configured on the computer)
• BioCert® Identity icon menu in the taskbar notification area

My Identity

When the BioCert® Logon Wizard starts, follow the instructions on the screen:

• On the Introduce Yourself screen, type the user name, and then select a logon method:
  • For password logon, just type your Windows password in the Password field, and then click Next.
  • To choose other than password logon method, select a corresponding icon on the screen.
  • To get list of all available logon methods for the specified user, select Click here link.
• When you selected to get the list of the available logon methods, the Logon Policy page is displayed. On the Logon Policy screen, select the desired authentication method, and then click Next.
  Note On the Logon Policy screen, only the credentials that have already been registered for this account can be seen.
• On the next screen, submit credentials that correspond to the selected authentication method, and then click Finish to complete the logon operation.

First time logon

Usually only the Windows password is available for very first logon to BioCert® Identity. As soon as the user enters the Windows password into the BioCert® Logon Wizard, the user can register other types of credentials for any supported authentication methods. When user who does not yet have the BioCert® Identity User Identity, logs on to BioCert® Identity, BioCert® Identity creates the User Identity automatically.

Logging on to BioCert® Identity from the user desktop

If you have selected to keep the original logon interface (for instance, the Windows logon dialog box from Microsoft) rather than the BioCert® Identity logon interface, you will not able to log on to BioCert® Identity at the same time as you log on to Windows. You may get the same result when using BioCert® Identity logon interface if you selected a pass-through logon option Do not Log On to BioCert® Identity in More menu on Introduce Yourself screen.

After Windows logon is completed and user desktop is shown, a balloon will be displayed prompting you to log on to BioCert® Identity. Click the balloon to launch the BioCert® Logon Wizard.

Note You may also log on to BioCert® Identity from the BioCert® Identity icon in the taskbar notification area.

Registering Credentials

To register credentials:

• In BioCert® Identity, select My Identity.
• Select Register Credentials.  The BioCert® Registration Wizard is displayed.
• On Authentication Methods page, select the desired authentication method for which you wish to register credentials and click Next.
• Follow on-screen instructions and submit the required credentials.
• Click Finish to complete the registration.

You will be able to log on to the system with any of the registered credentials permitted to your account.

You can also register credentials from the following places in the system:

• From My Identity, select Register Fingerprints (fingerprint registration only)
• From My Identity, select Register Smart Card or Token (smart card, USB token, or virtual token registration only)
• From Authentication and Credentials, select Credentials tab
• From BioCert® Identity icon menu in the taskbar notification area
• From user desktop by submitting fingerprint if the user does not have yet
• From BioCert® Identity icon menu in the taskbar notification area

Some user activity may also start the credential registration process:

• If the user, who is currently logged to BioCert® Identity but does not have a registered fingerprint, submits a fingerprint, a fingerprint registration process will be started.
• If the user, who is currently logged to BioCert® Identity but does not have a registered smart card, inserts a smart card into the smart card reader, a smart card registration process will be started.

Using Windows Logon Service

Windows Logon service allows the user to perform Windows logon either to a local computer or to a domain when logging on to BioCert® Identity. This functionality is used when the BioCert® Identity logon interface is selected. The user can set this option during installation or after setup by selecting the option Use BioCert® Identity to log on to Windows located in General group of settings.

When a user logs on with the BioCert® Identity logon interface for the first time, the system automatically adds the corresponding Windows account as the user's default network account for Windows Logon service. The user can manage network accounts from the Windows Logon section in Services and Applications panel. Selecting Manage Network Accounts launches the Microsoft Network Accounts dialog box where the user can add, delete, or modify network accounts. The user can also set up logon to a domain account while logging on to BioCert® Identity.

Using Single Sign On Service

Single Sign On (SSO) service is available to a user logged on to BioCert® Identity. SSO is an adaptive learning technology that automatically detects applications requesting user logon and records user names and passwords while the user types the logon credentials. SSO is automatically activated when an application requesting user logon is detected. When a dialog box or Web page is recognized as a logon screen, the BioCert® Identity icon is displayed in the title bar of the dialog box to inform the user that SSO is ready to record user credentials (or SSO credentials). After the credentials are submitted, the system prompts the user if the credentials should be remembered as part of the user identity. When the user accesses the logon screen next time, the system automatically submits the previously registered SSO credentials.

BioCert® Identity also supports manual SSO registration, wrong password entry analysis, fast launch links for registered SSO applications, and other useful features. The user can manage SSO applications and credentials in the Single Sign On section of the Services and Applications panel. Selecting Manage Applications & Credentials displays the BioCert® Identity Single Sign On dialog box, where the user can add, delete, or modify the SSO applications and corresponding SSO credentials.

Using One Touch Functionality

Due to fingerprint uniqueness, the system may authenticate the user based on fingerprint data only, i.e. without requiring the user name. When fingerprint image is received the system processed the raw image into fingerprint descriptor and then performs search operation against all other fingerprint descriptors belong to other users. When a "mate" record is found, the system returns the user data, which allows to proceed with logon or other operation which requires authentication.

One touch functionality improves end-user experience and saves user's time on authentication operations where user name is used.

One Touch functionality is implemented in several places in BioCert® Identity, including BioCert® Identity logon interface. To use the one touch functionality, just simply submit your fingerprint using the fingerprint reader, and then follow on-screen instructions.

Using One Touch functionality for Fast User Switching

Fast User Switching, a feature of Windows XP operating system that makes it possible for you to quickly switch between users without actually logging off from Windows. Multiple users can share a computer and use it simultaneously, switching back and forth without closing their programs they are running. When Fast User Switching is enable in the operating system, it's automatically supported by One Touch features in BioCert® Identity. To use the feature, a user, that is not currently running the Windows session, can just present the previously registered fingerprint and, upon successful validation, get an access to his or her own Windows session.

Configuring Settings and Options

BioCert® Identity allows the user to configure the system for the better security and convenience. All settings are combined into several groups. The default configuration provides maximum usability.

The following groups of settings are accessible in BioCert® Identity from Settings panel.

• General
• Single Sing On
• e-Wallet
• Services and Applications
• Security
• Smart Cards and Tokens

Refer to BioCert® Identity Settings section of this help for further details.

Multifactor authentication policies and all supported authentication methods can be configured using the following two groups of settings. These settings are accessible in BioCert® Identity from Authentication and Credential panel.

• Authentication
• Credentials

    Note
The user must have administrator privileges to be allowed to configure BioCert® Identity settings and options.

Using BioCert® Identity Event Log

BioCert® Identity logs the events in Windows Event Viewer. Using the BioCert® Identity log in Windows Event Viewer, the user can gather information and monitor the events occurred in BioCert® Identity. The BioCert® Identity log is accessible in the Event Viewer in the same way as Application and System logs. The log contains important activity information, which provide statistical information and assist in troubleshooting.

BioCert® Identity Icon On the Taskbar

The BioCert® Identity icon is displayed in the taskbar notification area. The icon alters to indicate the status of the user (logged on or logged off), provides tool tips, and allows for the performance of typical actions from a context menu.

Depending on the user's status and the services or applications running, some information is displayed as a custom balloon or pop-up window that also allows appropriate actions to be started.

The following context menu items are available for the user who is already logged into BioCert® Identity:

• My Identity - Launches BioCert® Identity
• Open e-Wallet - Shows your e-Wallet or fills in a form
• Single Sign On - Provides an access to SSO applications and SSO credentials associated with the current user
• Lock Workstation - Locks your computer immediately
• Log Off - Logs off the user from BioCert® Identity
• Register Credentials - Launches the BioCert® Registration Wizard
• Help - Launches the BioCert® Identity Online Help
• About - Displays the About BioCert® Identity dialog box

When the user is logged off BioCert® Identity, the menu looks as follows:

• My Identity - Launches BioCert® Identity
• Lock Workstation - Locks your computer immediately
• Log On - Launches the BioCert® Logon Wizard
• Restore Identity - Restores User Identity data from an existing backup copy
• Help - Launches the BioCert® Identity Online Help
• About - Displays the About BioCert® Identity dialog box

About the Product

The About BioCert® Identity dialog box is useful for technical support purposes and it contains the following information:

• Product version
• Product edition
• Copyright information
• License information

The About BioCert® Identity dialog box can be accessed from the following places in the user interface:

• In the menu from BioCert® Identity icon in the taskbar notification area, select the About menu option
• In BioCert® Logon Wizard, click More, and then select About menu option
• In BioCert® Identity, select My Identity, and then select About BioCert® Identity