The biometric authentication type can be configured as a primary or secondary authentication into ExactAccess SSO. During enrollment, the user will still provide their Active Directory password in order to maintain passthrough authentication scenarios.
Supported Readers
- EikonTouch-710
- IMP-1C
Proximity cards cannot be used when Biometric is configured for primary authentication.
Setting Biometric as Primary Authentication Method
-
Log-in as a Local Administrator to the workstation you would like to make changes on.
- Note: The XA Client Configuration tool will only run under an account with Local Administrator privileges.
-
Open the XA Client Configuration tool and click the Kiosk Mode tab.
-
To enable fingerprint support, select "Fingerprint" from the Primary Authentication Method drop-down box located in the section titled Other.
-
To change server or refresh policies, select the Biometric tab and configure as needed.
- Note: This setting should already have a value present after running the RapidIdentity plugin for Biometrics installation, but can be updated here. If this value is blank, ensure the RapidIdentity plugin for Biometrics installation has been completed.
ℹ️ MFA Policy Settings & SynchronizationIt will be necessary to synchronize the client to the MFA server in order for the MFA client to receive the correct registry settings for biometrics configured in the MFA policy. This includes the device driver name, the MFA server name, and server timeout values. Other values may be retrieved as needed. See our MFA Policy articles for more information:
Not all policies are applicable or will be used by the XA Client. - Note: This setting should already have a value present after running the RapidIdentity plugin for Biometrics installation, but can be updated here. If this value is blank, ensure the RapidIdentity plugin for Biometrics installation has been completed.
-
Click OK.
-
Lock or Logoff of ExactAccess for the setting change(s) to take effect.
Enrolling Users
See the following articles regarding user enrollment for biometrics:
- Installation of RapidIdentity MFA Client
- Configuration of MFA Enrollment Workstation
- User enrollment process for biometrics
Registry Settings
In order to set or push out the primary authentication method to biometric via registry, set the following registry value(s):
Registry Path
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\XAServerManager
Value
| Value Name | Type | Value |
|---|---|---|
| ClientDSProgID | STRING | XAPWENCShell.clsXAPWENCShell |
Alternate Values
| Value Name | Type | Value |
|---|---|---|
| ClientDSProgID | STRING | *See below |
| ClientDSProgIDAlt | STRING | *See below |
| KioskPlugin | STRING | IA.XA.Biometric |
NTKMDSUser.clsNTKMDSUser: Prompt for user name and password
XAPWENCShell.clsXAPWENCShell: Prompt for fingerprint biometric