BIIM Support     Overview Installation Using the BIIM MFA Authentication - TPM - Biometrics - SmartCards / Tokens Windows Client Logon Single Sign On Secure eWallet Document Manager Managing My Identity BioCert BIIM Settings AD & LDAP Integration

BioCert® Intelligent Identity Manager Support

BioCert® Identity Settings

You can set up various settings using BioCert® Intelligent Identity Manager.

The BioCert® Identity control panel is accessible from any of these places:

• BioCert® Identity icon in the taskbar notification area

The following groups can be configured from BioCert® Identity settings:

General Settings

General settings govern how the computer is configured and governs the settings related to component appearance. General settings include System and Logon Wizard settings.

Under the System group you can select:

• Show welcome and completion pages in wizards
• Show hint window
• Display tips at startup
• Suggest to backup identity after changes
• Advise to register credentials on logon

Under the Select the way users log on to Windows (requires restart) group you can select:

• Use BioCert® Identity with classic logon prompt
• Use Microsoft classic logon prompt
• Use Welcome Screen
  • Use Fast User Switching
  • Use BioCert® Identity at Welcome Screen

Under the Logon Wizard group you can select:

• Show welcome and completion pages
• Show all policies
• Use last policy on next logon
• Use last user name on next logon

Under the Address group you can select:

• Allow to enter phones with arbitrary format

If fingerprint sensor is available, you can configure the following settings under Fingerprints group:

• Allow fingerprint searching in logon wizard
• Enable automatic fingerprint capture

  When finger is submitted:

  • Play sound
  • Show animation
  • Advise to register fingerprints for new users
  • Allow one touch fast user switching
  • Display tip before one touch user switching

To configure general settings:

1. In BioCert® Identity, select Settings.
2. Select General tab.
3. Configure the desired settings, and then click OK to save the changes.

e-Wallet Settings

e-Wallet settings govern the e-Wallet functionality for the current user. The e-Wallet is an electronic wallet which stores all of your personal information used for online transactions. There is only one group of options available.

Under the General group you can select:

• Enable e-Wallet functionality
• Automatically fill page
• Authenticate user before filling page
• Show notification tip before filling page

The Enable e-Wallet functionality option, when checked, enables the e-Wallet for BioCert® Identity. If disabled, the e-Wallet menu will not show up in the BioCert® Identity or when right-clicking on the BioCert® Identity icon in the taskbar notification area. In addition, the e-Wallet pop-up menu will not become visible when browsing a Web site with an applicable form.

The Automatically fill page option will cause the e-Wallet to automatically fill in the last-used e-Wallet information whenever a Web site is displayed that has a form with matching fields. By default, this option is off; in this case, the e-Wallet pop-up menu will display and the user must chose to have e-Wallet fill in information.

The Authenticate user before filling page option, when enabled, causes BioCert® Identity to authenticate the user before opening the e-Wallet or filling in its information. Note that once this option is checked, you will need to authenticate first in order to turn it off. This option is recommended as an additional security feature to help protect your sensitive information.

The Show notification tip before filling page option controls the pop-up menu which comes up when a Web page is displayed containing a form for the e-Wallet.

Configure the desired settings, and then click OK to save the changes.

Document Manager

Document Manager settings govern the Document Manager encryption services for the current user. The Document Manager allows users to encrypt, decrypt, securely delete, and create encrypted packages of files. Document Manager settings are divided into a few groups.

Under the General group you can select:

• Overwrite existing files
• Delete original files
• Secure delete unprotected files
• Authenticate user before accessing files and secure disks

The Overwrite existing files option will cause Document Manager to automatically replace the original, unencrypted file with the encrypted file.

The Delete original files option will cause Document Manager to automatically delete the original, unencrypted file when encrypting the file. Otherwise, the original file will be kept in its un-encrypted state.

The Secure delete unprotected files option is the same as the delete original file option except that the original file will be securely deleted. This ensures that the original cannot be undeleted or brought back afterwards.

The Authenticate user before accessing files and secure disks option causes BioCert® Identity to authenticate the user before allowing the file to be opened.

Note: After checking this option, you will be required to Authenticate to uncheck it.

Under the Cryptography group you can configure the default encryption settings on the local machine and set up the security level for the secure file deletion operation. The level of security corresponds to the number of overwrite operations against the area on a drive where the deleted file was previously located.

To configure Document Manager settings:

1. Select Settings and Options > Document Manager
2. Select the tab that corresponds to group of settings you wish to configure.
3. Configure the desired settings, and then select OK to save the changes.

Services and Applications Settings

To configure Services and Applications settings:

1. In BioCert® Identity, select Settings.
2. Select Services and Applications tab.
3. In Select category drop-down list, select the user category to which the settings to be configured.
4. In the list of services, select the desired service, and then select Properties. The service settings dialog box is displayed.
5. Configure the desired settings for the selected user category.

   Note
   You may enable or disable the entire service by using check box located next to the service name in the list.

6. Select another service or select another user category and repeat steps 3 and 4.
7. Click OK to save the changes.

Security Settings

BioCert® Identity provides a security feature which supports the TPM usage for users data encryption. To use this feature, a computer must be equipped with Trusted Platform Module and TPM should be properly configured. BioCert® Identity encrypts the user data automatically after the TPM is installed and properly initialized.

To verify and change the type of encryption of the user data:

1. In BioCert® Identity, select Settings.
2. Select Security tab.
3. Select the desired type of encryption, and then click OK to save the changes.

This screen also allows viewing some additional details such as TPM provider, encryption key length, Cipher, and Hash settings.

Smart Cards and Tokens Settings

Smart Card and Tokens settings allow the user:

• Register new smart card or token for the current user
• Change user PIN for the previously registered smart card or token
• Configure the settings for the existing smart card or token

Registering new smart card or token

To register a new smart card or a new token for the current user:

1. In BioCert® Identity, select Settings.
2. Select Smart Cards and Tokens tab. A list of available tokens is displayed under Local Tokens.
3. Select the desired type of local token in the list, and then select New. The Token Registration Wizard is displayed.
4. In case of registering a new smart card or a new USB token, make sure that smart card is inserted or the token is connected to a USB port. Then click Next.
5. Type the User PIN, and then click Finish to complete the operation.

Changing the user PIN

To change user PIN for the previously registered smart card or token:

1. In BioCert® Identity, select Settings.
2. Select Smart Cards and Tokens tab. A list of available tokens is displayed under Local Tokens.
3. Select the desired smart card or token, then select Change PIN. Change User PIN dialog box is displayed.
4. Type the old user PIN and the new user PIN twice to confirm, and then click OK to complete the operation.

Configuring the settings for smart card or token

To configure the settings for the smart card or token:

1. In BioCert® Identity, select Settings.
2. Select Smart Cards and Tokens tab. A list of available tokens is displayed under Local Tokens.
3. Select the desired smart card or token, then click Properties. Token Properties dialog box is displayed.
4. Configure the desired settings, and then click OK to save the changes.

The following groups of token settings can be configured from Token Properties dialog box:

• General - Displays the token name, ID, owner, serial number, occupied and free space on the token. These setting are read-only and cannot be changed.
• PIN Policy - Includes PIN change settings, such as User must change PIN at next access to token and User cannot change PIN. In addition, for virtual token, configures user PIN expiration settings, maximum and minimum user PIN length and PIN lockout settings.
• Authentication - Specifies This token can participate in user authentication setting and the registered authentication methods.
• Identity - Displays, if user identity is stored on the token. In addition, for virtual token, configures the identity age limit and identity access count limit.