Managing Users and Credentials

The HID DigitalPersona Administration Console provides a convenient web-based way to administer DigitalPersona users (AD users and Non AD users).

From the console, the domain administrator or Security Officer can manage DigitalPersona users and the most common user policies. Additional user settings and policies can be configured in Active Directory.

Additional user settings and policies for AD Users can be configured in Active Directory. There are slight differences in functionality for AD Users as follows:

  • AD Users are displayed and user policies can be managed, but their credentials cannot be enrolled until an account is first created for the user in the DigitalPersona LDS database. This is accomplished by clicking Create New in the Details panel and entry of their Windows password.

  • Once at least one credential (other than the user’s Password) has been enrolled, Create New is replaced by Manage Credentials, which launches the HID DigitalPersona Enrollment component.

  • When AD Users are removed (by clicking the X to the right of their name), they will still be displayed when All Users is selected, but their credentials will be deleted and their user license will be returned to the license pool. A Removed Users option on the drop-down menu also allows displaying only removed AD Users.

The HID DigitalPersona Administration Console can be accessed through any of the web browsers listed in the system requirements as long as it has JavaScript enabled.

When accessing the console remotely, only credentials (such as Passwords and OTP) that do not require attached hardware (fingerprint and card readers, for example) can be used to log on to the console, unless a DigitalPersona client (such as DigitalPersona Workstation, Kiosk or Lite Client) is also installed on the machine.

Logging On to the Console

To log in to the DigitalPersona Web Administration Console, you must be a DigitalPersona LDS user. You must also be listed in the Microsoft Authorization Manager (AzMan) as a member of the built-in DigitalPersona Administrators group, or assigned to a role that contains at least the Query Users and Manage Users permissions.

To log on to the console:

On the DigitalPersona Identity Server web page, enter your domain\username and password, or select one of the displayed tiles to use a different previously enrolled authentication credential.

If a multi-factor authentication policy is in effect, the tile for the next required credential will become highlighted after successful authentication with the first one, and any fields necessary for use of the credential will be displayed.

The system will learn your most used credentials and suggest them in the order you generally use them.

Note: The specific credential tiles that appear on the Identity Server page and any combination of credentials that may be required to log in are configurable by the DigitalPersona Administrator.

See Configuring the Identity Server (DigitalPersona IIS Plugin) for details.

Administration Console Features

Through the console, the administrator can perform the following activities:

Additionally, the types of credentials displayed, and the policies defining which credentials or credential combinations are required for authentication or log in to the HID DigitalPersona Administration Console (through the DigitalPersona Identity Provider) may be specified through a web.config.XML file. See Configuring the Identity Server (DigitalPersona IIS Plugin) for details.

Topics in this section: