Manualshelf

User's Manual

ManualsBrandsPrivaris ManualsElectronicsFingerprint Sensor
41424344454647484950
Privaris plusID Manager Operators Manual V1.0
Page 49 of 54 07.20.07
Appendix E
Using plusID Devices for Logon in a Microsoft
®
Domain Environment
Introduction
plusID biometric devices can be used to log users onto a domain, via two or three-factor
authentication. The plusID device is ISO 7816 Part 3 smart card compliant, and as such
enumerates itself to a computer exactly like a smart card, allowing for rapid enterprise
integration of plusID devices across Microsoft® systems that support smart cards.
System requirements
The following are the smart card related system requirements for deploying Privaris plusID
biometric devices into a Microsoft
®
environment for user authentication/logon:
1. Microsoft Windows domain environment
Microsoft Windows 2000 Server, and later, natively support smart card authentication as
a means of logging users onto a domain environment. In a domain environment, users
and their access permissions are stored and managed in a central location, referred to
as the Active Directory.
Once a server is configured to act as a domain controller, smart card authentication via
plusID biometric devices is automatically enabled on all client machines that are a
member of the domain. For details on server configuration, see “Additional Information”
below.
2. Microsoft certificate services
Smart card authentication relies on the public key infrastructure (PKI) to authenticate
users to the domain. The Microsoft Certificate Services are the server component that
provides the infrastructure to support PKI and is responsible for issuing credentials
(certificates) that can be used for a variety of purposes, including secure email and user
authentication.
In security-conscious environments, these credentials are stored on a secure device
such as the Privaris plusID so that they may not be tampered with or used without
authorization. The Microsoft Certificate Services include a web-based interface through
which an administrator can generate credentials for a user and securely store them on
the user’s plusID. For details on downloading certificates, see “Additional Information”
below.
3. USB port
The plusID device connects to the client machine using the Universal Serial Bus (USB).
Each client machine must have at least one USB port available in order to connect to the
device. The plusID device works with both high-power and low-power USB ports, though
a high-power port is recommended in order to recharge the plusID’s internal battery.