Enrolling Users and their Credentials

DigitalPersona provides the following credential enrollment methods:

Attended enrollment - Using DigitalPersona Attended Enrollment

Attended enrollment is the default means of enrolling users through the DigitalPersona Enrollment application.
Basic Enrollment Workflow
1. A Security Officer navigates to the DigitalPersona Enrollment application URL.
2. On the DigitalPersona Identity Server, they enter their DigitalPersona authentication credential.
3. On the first page of the DigitalPersona Enrollment application, they select the user to be managed from the drop-down menu.
4. The person supervising the enrollment enters the username for the account to be managed.
  
  If a username is not found, the administrator can choose to:
  - Search for the username again
  - Enroll a new AD User, but only if the user already exists in Active Directory.
5. Once a user is selected or created, the supervising user clicks Manage user.
6. On the Credential Manager page, they select a credential to enroll or manage,.
7. The user enters their password.
8. The supervising user enrolls, omits or modifies the user’s DigitalPersona credentials and then clicks Complete Enrollment.
  
  Note: When omitting credentials, a reason for the omission must be entered. The option to omit credentials is only available when the Require enrolling or omitting each credential GPO is enabled.
9. The Credential Manager page closes and the user selection page re-displays.
Web-based enrollment - Using DigitalPersona Web-Based Enrollment

HID DigitalPersona Enrollment is a web-based application that provides both attended (supervised) and unattended (self) enrollment and management of DigitalPersona credentials.

It is compatible with most web browsers on popular desktop and mobile platforms.

Self-Enrollment using the DigitalPersona Credential Manager - Managing Your Credentials

Self-enrollment allows DigitalPersona users to enroll and manage their own credentials.
Basic Enrollment Workflow
1. A DigitalPersona user navigates to the DigitalPersona Enrollment URL.
2. On the DigitalPersona Identity Server, they enter their DigitalPersona authentication credentials:
  - Supervising users - select Self enrollment to display the Credential Manager page.
  - Other users (with the Self Enroll permission) - the Credential Manager page displays.
3. The user selects a credential to enroll or modify.
4. When they are through managing their credentials, they click Complete Enrollment.
Note: By default, self-enrollment is disabled because the Attended Enrollment component is most often used to enroll user credentials. Also, use of the Credential Manager requires a connection to the DigitalPersona Server. If no Server is available, a warning will display, and no tiles will be shown on the Credential Manager page.

If you want to allow end users to enroll and manage their own DigitalPersona credentials, see Policies and Settings. However, the best practice is to not enable self-enrollment if Attended Enrollment will be used in the environment.

The credentials that will be available to a user for verifying their identity may be configured through GPO policies and settings (for managed workstations) by a DigitalPersona Administrator or (if not managed) by the local administrator of the computer.

Unless otherwise specified through a GPO, any hardware or software credential available will be listed in Credential Manager, and may be managed by the user when self-enrollment has been enabled by the DigitalPersona administrator.

Role of the DigitalPersona Identity Server

The DigitalPersona Identity Server (provided through STS or the Secure Token Service) is the authentication gateway for the DigitalPersona Enrollment application.

To use DigitalPersona Enrollment, administrators, Security Officers and other users first need to log in to the Identity Server - see User Onboarding through the Identity Provider.

Login Scenarios (Attended and Self-Enrollment)

There is a slight variation in the UI behavior and workflow for administrators and non-administrative users, and for initial and subsequent logins.

The following is a summary of the steps for different scenarios.

Administrator subsequent login

After their initial login, DigitalPersona Administrators and Security Officers will:

Navigate to the DigitalPersona Enrollment URL.
Log in to the Identity Server with your domain\username or username@domain.com and password.
Either:
- Select Self Enroll.
- Enroll other user’s credentials.
Specify the username for the person whose credentials you want to enroll or manage:
- For previously enrolled users, click Manage user and have them enter their password.
- To enroll a new user, click Enroll new and have them enter and confirm a password.
The Credential Manager page displays, where credentials can be enrolled and managed.

More detailed instructions are provided in the following sections.

Topics in this section: