DigitalPersona AD Components

DigitalPersona AD is a client-server product, comprised of the DigitalPersona AD Server components (including various administrative tools and utilities) and associated DigitalPersona clients (DigitalPersona AD Workstation, Attended Enrollment and Kiosk) that work within an existing Active Directory environment.

Server Components

DigitalPersona AD’s server components fulfill four main purposes:

They allow IT Administrators to manage security and authentication policies via Active Directory Group Policy Objects. For these purposes, DigitalPersona AD includes various GPMC (Group Policy Management Console) extensions, installed under the Software Settings and Administrative Templates nodes, to link product policies and settings to Active Directory containers.
They provide centralized, server-side authentication of various types of credentials (e.g. fingerprints, access cards, Bluetooth, One-Time Passwords etc.). For these purposes, DigitalPersona AD runs authentication services within your domain and receives authentication requests from managed computers.
They allow centralized backup and roaming of computers’ and users’ credentials and passwords. For these purposes, DigitalPersona AD uses Active Directory as a database of relevant data.

They also allow other general administrative tasks, including:
- Access recovery into locked workstations
- Deployment of license activation codes.

The main server components of the DigitalPersona AD product are:

Server component	Purpose
DigitalPersona AD Server	Provides domain-wide, centralized administration of DigitalPersona AD clients and enables strong authentication through various credentials and credential combinations
DigitalPersona AD Administration Tools	Provide additional tools for administration of various DigitalPersona AD features and utilities including License Management, GPMC Extensions, Access Recovery and the Password Manager Admin Tool

Client Components

DigitalPersona AD clients provide a means for the IT Administrator to easily set up and enforce strong authentication such as two-factor and multi-factor authentication using a variety of supported credentials.

The DigitalPersona AD solution supports the following clients.

Client component	Purpose
DigitalPersona AD Workstation	The primary client application for end-users that enforces security and authentication policies on managed Windows computers. A clean and intuitive DigitalPersona Console provides the ability to increase both security and convenience through a variety of configurable features; including enrollment and use of multiple credentials for Windows logon. It can be centrally managed by the DigitalPersona AD Server, or installed as a stand-alone product. DigitalPersona Password Manager is an optional application that integrates with the DigitalPersona Console to provide automated logon to enterprise resources, programs and websites.
DigitalPersona AD Kiosk	DigitalPersona AD Kiosk is a client application specifically designed for environments where users need fast, convenient and secure multi-factor identification on workstations shared by multiple users. Although users share a common Windows account, DigitalPersona AD Kiosk provides separately controlled access to resources, applications and data - all centrally managed by the DigitalPersona AD. DigitalPersona Password Manager is an optional feature that integrates with the Kiosk’s DigitalPersona Console to provide automated logon to enterprise resources, programs and websites.
Attended Enrollment	Allows an administrator or other delegated individuals to attend and supervise credential enrollment for end-users from one or more centralized locations. Attended Enrollment is an optional component of DigitalPersona AD Workstation, installed by choosing Custom during theDigitalPersona AD Workstation installation Attended Enrollment can add a higher level of security to the implementation and use of DigitalPersona AD

Client component

Purpose

DigitalPersona AD Workstation

The primary client application for end-users that enforces security and authentication policies on managed Windows computers. A clean and intuitive DigitalPersona Console provides the ability to increase both security and convenience through a variety of configurable features; including enrollment and use of multiple credentials for Windows logon.

It can be centrally managed by the DigitalPersona AD Server, or installed as a stand-alone product.

DigitalPersona Password Manager is an optional application that integrates with the DigitalPersona Console to provide automated logon to enterprise resources, programs and websites.

DigitalPersona AD Kiosk

DigitalPersona AD Kiosk is a client application specifically designed for environments where users need fast, convenient and secure multi-factor identification on workstations shared by multiple users.

Although users share a common Windows account, DigitalPersona AD Kiosk provides separately controlled access to resources, applications and data - all centrally managed by the DigitalPersona AD.

DigitalPersona Password Manager is an optional feature that integrates with the Kiosk’s DigitalPersona Console to provide automated logon to enterprise resources, programs and websites.

Attended Enrollment

Allows an administrator or other delegated individuals to attend and supervise credential enrollment for end-users from one or more centralized locations.

Attended Enrollment is an optional component of DigitalPersona AD Workstation, installed by choosing Custom during theDigitalPersona AD Workstation installation

Attended Enrollment can add a higher level of security to the implementation and use of DigitalPersona AD

Note: DigitalPersona clients can be installed individually on computers or deployed through Active Directory GPO, SMS (Systems Management Server) or logon scripts. They cannot be installed through ghosting or imaging technologies.

Password Manager Admin Tool

The Password Manager Admin Tool is a separate component included with the DigitalPersona Premium package, which simplifies and secures access to password-protected software programs and websites through the use of managed logons that allow users to identify themselves through the use of any supported DigitalPersona credential or combination of credentials specified by the administrator, as defined in the Authentication and Credentials topic above.

Administrators can use the DigitalPersona Password Manager Admin Tool to create managed logons specifying information for logon and change password screens for websites, programs and network resources. These managed logons are then deployed to managed workstations, where they are accessible to the user through the Password Manager application and the mini-dashboard. Managed logons always take precedence over personal logons created by users.

For a full description of its features, see Using the Password Manager Admin Tool.