DigitalPersona LDS Components

DigitalPersona LDS is a client-server product, comprised of the DigitalPersona LDS Server components (including various administrative tools and utilities) and associated DigitalPersona clients (DigitalPersona LDS Workstation, Attended Enrollment and Kiosk).

Server Components

DigitalPersona LDS’s server components fulfill four main purposes:

They allow IT Administrators to manage security and authentication policies via Active Directory Group Policy Objects and other non-AD functions. For these purposes, DigitalPersona LDS includes various GPMC (Group Policy Management Console) extensions, installed under the Software Settings and Administrative Templates nodes, to link product policies and settings to Active Directory containers, as well as various Snap-ins and server-based utilities.
They provide centralized, server-side authentication of various types of credentials (e.g. fingerprints, access cards, Bluetooth, One-Time Passwords etc.). For these purposes, DigitalPersona LDS runs authentication services within your domain and receives authentication requests from managed computers.
They allow centralized backup and roaming of computers’ and users’ credentials and passwords. For these purposes, DigitalPersona LDS also uses Active Directory as a database of relevant data.

They also allow other general administrative tasks, including:
- Access recovery into locked workstations
- Deployment of license activation codes.

The main server components of the DigitalPersona LDS product are:

Server component	Purpose
DigitalPersona LDS Server	Provides centralized administration of DigitalPersona clients and enables strong authentication through various credentials and credential combinations
DigitalPersona LDS Administration Tools	Provide additional tools for administration of various DigitalPersona LDS features and utilities including License Management, GPMC Extensions (with DigitalPersona Administrative Templates)

Client Components

DigitalPersona LDS clients provide a means for the IT Administrator to easily set up and enforce strong authentication such as two-factor and multi-factor authentication using a variety of supported credentials.

The DigitalPersona LDS solution supports the following clients.

Client component	Purpose
DigitalPersona LDS Workstation	The primary client application for end-users that enforces security and authentication policies on managed Windows computers. A clean and intuitive DigitalPersona Console provides the ability to increase both security and convenience through a variety of configurable features; including enrollment and use of multiple credentials for Windows logon. It can be centrally managed by the DigitalPersona LDS Server, or installed as a stand-alone product. DigitalPersona Password Manager is an optional application that integrates with the DigitalPersona Console to provide automated logon to enterprise resources, programs and websites.
DigitalPersona LDS Kiosk	DigitalPersona LDS Kiosk is a client application specifically designed for environments where users need fast, convenient and secure multi-factor identification on workstations shared by multiple users. Although the Kiosk application uses a single Windows account, each DigitalPersona user logs in to Kiosk with their own DigitalPersona credentials, gaining separately controlled access to resources, applications and data. DigitalPersona Password Manager is an optional feature that integrates with the Kiosk’s DigitalPersona Console to provide automated logon to enterprise resources, programs and websites.
Attended Enrollment	Allows an administrator or other delegated individuals to attend and supervise credential enrollment for end-users from one or more centralized locations. Attended Enrollment is an optional component of DigitalPersona LDS Workstation, installed by choosing Custom during theDigitalPersona LDS Workstation installation Attended Enrollment can add a higher level of security to the implementation and use of DigitalPersona LDS

Client component

Purpose

DigitalPersona LDS Workstation

The primary client application for end-users that enforces security and authentication policies on managed Windows computers. A clean and intuitive DigitalPersona Console provides the ability to increase both security and convenience through a variety of configurable features; including enrollment and use of multiple credentials for Windows logon.

It can be centrally managed by the DigitalPersona LDS Server, or installed as a stand-alone product.

DigitalPersona Password Manager is an optional application that integrates with the DigitalPersona Console to provide automated logon to enterprise resources, programs and websites.

DigitalPersona LDS Kiosk

DigitalPersona LDS Kiosk is a client application specifically designed for environments where users need fast, convenient and secure multi-factor identification on workstations shared by multiple users.

Although the Kiosk application uses a single Windows account, each DigitalPersona user logs in to Kiosk with their own DigitalPersona credentials, gaining separately controlled access to resources, applications and data.

DigitalPersona Password Manager is an optional feature that integrates with the Kiosk’s DigitalPersona Console to provide automated logon to enterprise resources, programs and websites.

Attended Enrollment

Allows an administrator or other delegated individuals to attend and supervise credential enrollment for end-users from one or more centralized locations.

Attended Enrollment is an optional component of DigitalPersona LDS Workstation, installed by choosing Custom during theDigitalPersona LDS Workstation installation

Attended Enrollment can add a higher level of security to the implementation and use of DigitalPersona LDS

Note: DigitalPersona clients can be installed individually on computers or deployed through Active Directory GPO, SMS (Systems Management Server) or logon scripts. They cannot be installed through ghosting or imaging technologies.

Password Manager Admin Tool

The Password Manager Admin Tool is a separate component included with the DigitalPersona Premium package, which simplifies and secures access to password-protected software programs and websites through the use of managed logons that allow users to identify themselves through the use of any supported DigitalPersona credential or combination of credentials specified by the administrator, as defined in the Authentication and Credentials topic above.

Administrators can use the DigitalPersona Password Manager Admin Tool to create managed logons specifying information for logon and change password screens for websites, programs and network resources. These managed logons are then deployed to managed workstations, where they are accessible to the user through the Password Manager application and the mini-dashboard. Managed logons always take precedence over personal logons created by users.

For a full description of its features, see Using the Password Manager Admin Tool.