Enable Biometric Protection

By setting the protection policy of the service ‘biometric or password’, users can authenticate to a service using an enrolled biometric (fingerprint/face) credential instead of a password.

During service registration, users set a password to protect the service.

Once the service is registered, users can then enable fingerprint/face authentication in the HID Approve application.

The application will then prompt users to authenticate by fingerprint/face before displaying the content of a validation notification.

Prerequisites:

The device is biometric-capable (it is has a fingerprint sensor and supports biometric authentication).
A fingerprint/face is enrolled on the device as a biometric credential (refer to the device documentation for details).
Protection policy set to ‘biometric or password’ (see Customize the Key Protection Methods).

Note:

If the policy is set to ‘biometric or password’, but the biometric authentication is not available (sensor not present or no fingerprint/face enrolled), the application will prompt the user for the password set during service registration.
The Enable Fingerprint/Touch ID/Face ID menu option is not displayed:
- If the device does not have a fingerprint sensor.
- If biometric authentication is not enabled for the service.
- If a fingerprint/face is not enrolled.
HID Approve for Windows 10 does not support biometric authentication.
Fingerprint authentication is only supported on Android 6 and later.

Users can Enable Fingerprint/Touch ID/Face ID authentication using the application’s Services menu:

Android	iOS/macOS (Touch ID or Face ID)
	Note: If they are using Face ID, the user is prompted to allow HID Approve access.
The application then prompts for the password set for the service to be protected by the fingerprint/face.

Android

iOS/macOS (Touch ID or Face ID)

Note: If they are using Face ID, the user is prompted to allow HID Approve access.

The application then prompts for the password set for the service to be protected by the fingerprint/face.

Users can Disable Fingerprint/Touch ID/Face ID authentication using the application’s Services menu:

Android	iOS/macOS

Important:

If the password for the service expires, the user will be prompted to use biometric authentication to perform operations, then prompted to change the password (mandatory).
When the user’s biometric credential is locked (for example, the user provided too many incorrect fingerprints), the user will need to wait a few minutes (on Android), or will need to unlock Touch ID/Face ID on the device (on iOS/macOS), before being able to use the biometric authentication again.