DigitalPersona Pro Enterprise

Version 5.4

Frequently Asked Questions

 2012 DigitalPersona, Inc. All Rights Reserved.

All intellectual property rights in the DigitalPersona software, firmware, hardware and documentation
included with or described in this guide are owned by DigitalPersona or its suppliers and are protected by
United States copyright laws, other applicable copyright laws, and international treaty provisions.
DigitalPersona and its suppliers retain all rights not expressly granted.
U.are.U and DigitalPersona are trademarks of DigitalPersona, Inc. registered in the United States and
other countries. Windows, Windows Server 2003/2008, Windows Vista, Windows 7 and Windows XP are
registered trademarks of Microsoft Corporation. All other trademarks are the property of their respective
owners.
This DigitalPersona Pro Enterprise FAQ and the software it describes are furnished under license as
set forth in the License Agreement screen that is shown during the installation process.
Except as permitted by such license, no part of this document may be reproduced, stored, transmitted and
translated, in any form and by any means, without the prior written consent of DigitalPersona. The
contents of this document are furnished for informational use only and are subject to change without
notice.
Any mention of third-party companies and products is for demonstration purposes only and constitutes
neither an endorsement nor a recommendation. DigitalPersona assumes no responsibility with regard to the
performance or use of these third-party products.
DigitalPersona makes every effort to ensure the accuracy of its documentation and assumes no
responsibility or liability for any errors or inaccuracies that may appear in it.

Feedback
Although the information in this guide has been thoroughly reviewed and tested, we welcome your
feedback on any errors, omissions, or suggestions for future improvements. Please contact us at
TechSupport@digitalpersona.com
or DigitalPersona, Inc.
720 Bay Road
Suite 100
Redwood City, CA 94063
USA

Document Revised: 10/28/2012 (5.4.0)

Page | 2

Contents
Introduction .................................................................................................................................................. 5
Do DigitalPersona Enterprise Products Store Fingerprints? .......................................................................... 5
Where are DigitalPersona Enterprise Fingerprint Templates Stored? ........................................................... 5
How does DigitalPersona Pro Enterprise Licensing Work? ............................................................................ 6
What is the License Activation Manager? ..................................................................................................... 6
How are DigitalPersona Pro Enterprise Licenses Activated? ......................................................................... 6
What is a DigitalPersona Pro Enterprise Server (user) License and why do I need it? .................................. 7
What is a DigitalPersona Pro Enterprise Workstation License? ..................................................................... 7
What is DigitalPersona Pro Kiosk? ................................................................................................................. 7
What is a DigitalPersona Pro ID Server? ........................................................................................................ 8
What is Password Manager? ......................................................................................................................... 8
Can I use the Password Manager Admin Tool to create templates on a Pro Kiosk client? ............................ 9
What is a Smart Card Action? ........................................................................................................................ 9
What Self Password Recovery? ..................................................................................................................... 9
What is a Felica Card? ................................................................................................................................... 9
Is Pro Enterprise 5.4 Citrix Fast Connect Ready? ......................................................................................... 10
What devices/factors can DigitalPersona Pro Enterprise use to authenticate users? ................................. 10
Which 3rd Party Fingerprint Readers are supported by DigitalPersona Pro Enterprise? ............................. 11
Does DigitalPersona Pro Enterprise support IOS, Android, Windows Mobile or Linux clients? .................. 11
How can I use my fingerprints in a remote session? ................................................................................... 11
What is USB Virtualization and is it Supported? .......................................................................................... 12
What is DigitalPersona Pro Reports? ........................................................................................................... 12
Page | 3

What is DigitalPersona Evaluation Mode? .................................................................................................. 12

What is USB Virtualization and is it Supported? .......................................................................................... 12
Which Web Browsers are Supported by DigitalPersona Pro Enterprise? .................................................... 13
With which Citrix products is DigitalPersona Enterprise compatible? ........................................................ 14
What is the best way to contact DigitalPersona Technical Support? .......................................................... 14

Page | 4

DigitalPersona Pro Enterprise 5.4 FAQ

Introduction
This document provides the administrator with answers to frequently asked questions about the
DigitalPersona Pro Enterprise 5.4 release.
For product information about earlier DigitalPersona Pro Enterprise releases, please consult the
reference section of the DigitalPersona website at
http://www.digitalpersona.com/support/reference-material/pro-upgrade-notes/.

Do DigitalPersona Enterprise products store fingerprints?

DigitalPersona Enterprise software never stores fingerprint images. DigitalPersona software
creates a fingerprint template - which is a highly compressed and digitally encoded
mathematical representation of fingerprint features.
A fingerprint template is created and encrypted when a user enrolls a finger. When the user later
touches the fingerprint reader to authenticate, a newly captured template is created and
compared to the previously 'enrolled' template. If there is a match, the authentication is
successful.
Templates are created with a proprietary algorithm that works much like a password 'hash'
algorithm. It is a one-way conversion (i.e. fingerprint image fingerprint template) that cannot
be reversed. This means that fingerprint templates cannot be used to recreate the original
fingerprint image.
It should also be noted that only enrolled fingerprint templates are stored.

Where are DigitalPersona Enterprise fingerprint templates

stored?
DigitalPersona fingerprint templates are stored for reference in the fingerprint Data Storage
Subsystem. Each fingerprint template is associated with the user who enrolls their finger.
Fingerprint templates may be stored within a fingerprint Capture Device, on a portable
medium such as a smart card, in a local database on a DigitalPersona Pro Enterprise client or
in Active Directory on a DigitalPersona Pro Enterprise Server.
Page | 5

When DigitalPersona Pro Enterprise workstation is working in standalone mode, fingerprint

templates are hashed and stored in the registry. In a DigitalPersona Pro Enterprise Server
deployment, fingerprints are stored centrally in Active Directory to facilitate user roaming.

How does DigitalPersona Pro Enterprise licensing work?

The DigitalPersona Pro package you purchased will require that you activate a license for
DigitalPersona Pro Enterprise Server. DigitalPersona Pro Enterprise Server licenses are user
licenses and allow DigitalPersona users to store credentials and secrets in Active Directory.
After completing your purchase, you should have received an email from DigitalPersona
Sales Operations or from a DigitalPersona authorized reseller containing all of the license
activation keys required to activate your Pro Server (user) licenses.
Activating Pro Server (user) licenses will require internet access. For additional information,
please see the topic How are DigitalPersona Pro Enterprise Licenses Activated.

What is the License Activation Manager?

The DigitalPersona Enterprise License Activation Manager is a component of the
DigitalPersona Enterprise Administration Tools suite. The DigitalPersona Enterprise License
Activation Manager is used to input Pro Server (user) licenses into Active Directory for
distribution via Group Policy to other DigitalPersona Enterprise Servers that require
activation.

How are DigitalPersona Pro Enterprise licenses activated?

Once a valid Pro Server (user) license has been acquired, DigitalPersona Pro Enterprise
server will attempt to activate the license via the internet by accessing the URL
https://solo.digitalpersona.com.
If your DigitalPersona Pro Enterprise server does not have internet access or if a firewall
prevents access to https://solo.digitalpersona.com, you may activate the Pro Server (user)
license from another computer (that has internet access) using the Remote License
Activation Tool. For additional information on activating your Pro Server (user) license
using the Remote License Activation Tool, please consult the DigitalPersona Pro Enterprise
Administrator Guide.

Page | 6

What is the Remote Activation Tool?

If your DigitalPersona Pro Enterprise Server does not have internet connectivity, you will
need to activate your Pro Server (User) licenses remotely from an internet connected
computer using the DigitalPersona Pro Enterprise Remote Activation Tool.
Remote activation will require that you generate an Activation Request (.xml) file from a Pro
Enterprise Server using the License Activation Wizard. Then, from an internet connected
computer, you can use Activation Request (.xml) file in conjunction with the Remote
Activation Tool to activate your Pro Server (User) license.
Once the license has been activated, the Remote Activation Tool will generate an Activation
Response file. You can then use the Activation Response to finalize your Pro Server (User)
license activation.
For additional information, consult the DigitalPersona Administrator Guide.

What is a DigitalPersona Pro Enterprise Server (user) License

and why do I need it?
Once activated, the DigitalPersona Pro Server (user) license allows users to store fingerprints
and other credential data in Active Directory. Storing user fingerprints and other credential
data in centrally Active Directory allows users to roam from one DigitalPersona Pro client to
another.

What is a DigitalPersona Pro Enterprise Workstation license?

DigitalPersona Pro Enterprise 5.4 workstation, kiosk and applications no longer require
licenses or license activations. DigitalPersona Pro Enterprise Server 5.4 like its predecessors
will require Pro Server (user) license activation.

What is DigitalPersona Pro Kiosk?

DigitalPersona Pro Kiosk for Enterprise is a client application specifically designed for
environments where users need fast, convenient and secure multi-factor application
authentication installed on Windows clients that are shared by multiple users. Examples of
such scenarios would be time clocks, shared nurses stations in hospitals and bank teller
workstations.
After a user has been authenticated by Active Directory (using a fingerprint, smart card or
Windows Password), the DigitalPersona Pro Kiosk client logs on to Windows using a
Page | 7

predefined shared Windows account. This shared Kiosk account must be created specifically
for Kiosk use. The Kiosk shared account and its credentials are stored in Active Directory
and distributed to Kiosk clients via group policy.
DigitalPersona Pro Kiosk client requires the use of DigitalPersona ID Server. DigitalPersona
ID Server is activated via Group Policy. For additional information, please consult the
DigitalPersona Pro Administrator Guide.

What is a DigitalPersona Pro ID Server?

Activated via Group Policy, DigitalPersona Pro ID Server uses the Biometric Authentication
service to quickly identify and authenticate users.
DigitalPersona Pro ID Server performs quick user identification by loading enrolled
fingerprint templates stored in Active Directory into RAM at regular intervals and when a
user attempts to authenticate, DigitalPersona Pro ID Server quickly compares the fingerprint
templates in RAM to those of the user attempting to authenticate. If a match is found, the
user is authenticated.

What is Password Manager?

Password Manager is a applet included with Pro Enterprise clients that allows users to create
their own personal logons for programs and websites, in addition to using managed logons
created by an administrator using the Password Manager Admin Tool application. Password
Manager personal logons are managed and stored on the PC where they are created and do
not roam. Furthermore, users must backup and restore their own Password Manager personal
logons.
Password Manager Admin Tool is an optional management application that plugs into the
Administrative Console of compatible Enterprise workstation clients to enable the creation,
administration and management of logons for password-protected software programs and
websites that can be distributed to DigitalPersona client workstations. In effect, this allows
administrators to pre-train websites and applications for their DigitalPersona users rather
than relying on users to create personal logons.
Administrators use the Password Manager Admin Tool application to create managed logons
by specifying information for program and website logon screens. The logon screen
requirements are then saved in the form of a template. The location of these templates and
their use are governed by settings specified in Group Policy.

Page | 8

Can I use the Password Manager Admin Tool to create

templates on a Pro Kiosk client?
The Password Manager Admin Tool allows Administrators to create managed logons for Pro
Enterprise clients including DigitalPersona Pro Kiosk for Enterprise.
Due to the nature of the shared Windows logon for DigitalPersona Pro Enterprise Kiosk, you
must use the DigitalPersona Pro Enterprise Workstation client software to create managed
logons using Password Manager Admin Tool.

What Self Password Recovery?

In the unlikely event that a user is unable to logon to Windows using credentials specified by
the Logon Policy, the Windows Gina (in Windows XP) or Cred Provider (Windows Vista or
higher) will offer a Password Reset option.
In order to perform Self Password Recovery, the user will be required to correctly answer a
series Live Questions (Live Questions are questions that were originally posed during
DigitalPersona credential enrollment). Once the correct answers to Live Questions are
provided, the user will be presented with the DigitalPersona Enrollment Wizard where he or
she will be offered the opportunity to reset their Windows Password.
It should be noted that DigitalPersona Live Questions do not roam and are saved locally only
at the PC where the user enrolled.

What is a Felica Card?

A Felica card is a high-frequency RF card produced by Sony Corporation. It behaves much
like a proximity card.
DigitalPersona Pro Enterprise 5.4 now supports the use of Felica Card for Windows Logon
authentication as well as Session logons.

Page | 9

Is Pro Enterprise 5.4 Citrix Fast Connect Ready?

Yes, DigitalPersona Pro Enterprise 5.4 is Citrix Fast Connect Ready.
Citrix Fast Connect reduces connection time when Citrix users roam from one device to
another. This is especially useful in Healthcare deployments.
Imagine when a clinician uses a DigitalPersona client to authenticate a Citrix logon (using a
fingerprint or a card) at a patients bedside and then roams to a different device (perhaps at
another bedside or even another campus). DigitalPersona and Citrix Fast Connect will allow
the clinician to quickly logon to continue working in the same session in just a few seconds.

What devices/factors can DigitalPersona Pro Enterprise use to

authenticate users?
DigitalPersona Pro for Enterprise can use a wide variety of devices and factors to authenticate
users including:
Supported Primary credentials include:
Fingerprints
Smart Cards and Contactless Cards
Windows Passwords
DigitalPersona Pro Enterprise also supports secondary credentials. Secondary credentials are
authentication factors that must be paired with a primary credential (see list above).
Supported Secondary credentials include:
Proximity Cards
PIN
Bluetooth
Facial Recognition
DigitalPersona Pro Enterprise can also use a combination of these authentication
methodologies to provide increased security. Furthermore, DigitalPersona clients can be
configured to require one set of credentials for Windows logon and a separate set of
credentials for Session logons. Session logons use Password Manager and Password
Manager Admin Tool logons to facilitate authentication for Windows programs and websites.
NOTE: Bluetooth credentials and Facial Recognition scenes are not stored centrally in
Active Directory. Therefore, Bluetooth credentials and Facial Recognition scenes must be
enrolled on each client PC where they will be used.
Page | 10

Which embedded fingerprint readers are supported by

DigitalPersona Pro Enterprise?
DigitalPersona Pro Enterprise clients support a variety of 3rd party readers manufacturers
include:

Authentec
Broadcom USH
Validity
UPEK

For information regarding compatibility of specific reader models, please contact your
DigitalPersona account representative.

What is a Smart Card Action?

Used during a Windows Session, a Card Action refers to the users ability to simply supply a
valid smart card, proximity card or contactless card for authentication when needed. In
previous DigitalPersona releases, additional steps were required to use any type of smart card.

Does DigitalPersona Pro Enterprise support IOS, Android,

Windows Mobile or Linux clients?
At this time, DigitalPersona Pro Enterprise does not support IOS, Android clients, Windows
Mobile or Linux. Please consult your DigitalPersona Account Manager or DigitalPersona
authorized reseller for future developments in this area.

How can I use my fingerprints in a remote session?

Activated by Group Policy, Fingerprint Data Redirection is a DigitalPersona Pro Enterprise
client feature that allows a fingerprint scanned by fingerprint reader connected to a host to be
used in Remote Desktop\ Terminal Services Session or with supported Citrix products.
Fingerprint Data Redirection requires that DigitalPersona Enterprise client be installed on
both the host and remote PC. It should also be noted that Zero clients and SSL VPN are not
supported.

Page | 11

What is USB Virtualization and is it supported?

Regretfully, at this writing, USB Virtualization is not supported by DigitalPersona fingerprint
readers.
With regard to DigitalPersona Enterprise products, USB Virtualization (often called USB
pass through) typically refers to an advanced form of hardware virtualization used in
conjunction with virtual desktop infrastructure (VDI) hosted thin client computers.
Rather than directly interacting with a Windows host computer via a keyboard, mouse and
monitor connected to it, VDI allows a user to interact with a host computer over a network
connection (such as a LAN, Wireless LAN or even the Internet) using a thin client. Typically,
the host computer in this scenario is a server computer capable of hosting multiple virtual
machines at the same time for multiple users.
Along with the keyboard, mouse and monitor, VDI supports the virtualization of other USB
connected devices such as flash drives, USB printers, USB software dongles, webcams, etc.
Again, at this writing, USB Virtualization is not supported by DigitalPersona fingerprint
readers.

What is DigitalPersona Pro Reports?

DigitalPersona Pro Reports is a rich featured customizable reporting and monitoring
dashboard. Pro Reports also includes sample reports that emphasize security and compliance
(including SOX, PCI & HIPAA compliance) and the overall health of your DigitalPersona
Pro Enterprise Deployment.
For additional information on DigitalPersona reports, please contact your Account Manager
or sales at sales@digitalpersona.com.

What is DigitalPersona Evaluation mode?

DigitalPersona Pro Workstation for Enterprise can now be installed in Evaluation mode,
which does not require connection to a DigitalPersona Pro Enterprise Server or license
activation. While in Evaluation Mode, all credentials are enrolled on the local machine and
do not roam.

Page | 12

Which Web Browsers are Supported by DigitalPersona Pro

Enterprise?
Pro client to Supported Web Browser Table
Supported in
IE
IE
IE
IE
Chrome (v18)
version
9
8
7
6
5.4.0
X
X
X
X
X
5.3.0
X
X
X
X
X
5.2.x
X
X
X
X
5.1.x
X
X
X
X
5.0.1
X
X
X
5.0.0
X
X
X
4.4.0 and higher
X
X
X
-

Page | 13

FF9 to 12

FF5 to 8

FF3.6 to 4

X
X
-

X
X
X
-

X
X
X
-

With which Citrix products is DigitalPersona Enterprise

compatible?
Using the Fingerprint Data Redirection feature, DigitalPersona Pro Enterprise provides
support for contactless cards, proximity cards as well as fingerprints in sessions hosted by
compatible Citrix products.
Using Fingerprint Data Redirection, once a remote session has been established using a
compatible Citrix client, DigitalPersona client can redirect fingerprint or card data captured
by the local host to the remote Citrix session. This also includes support for locking and
unlocking the remote Citrix session.
Pro
Supported in
version

Citrix Online Plugin/

ICA client

Citrix Receiver

XenApp/Presentation
Server

XenDesktop

5.4.0

11
12
11
12
Unofficially Supported
Unofficially Supported
Unofficially Supported
Unofficially Supported

3.1.0
3.2.0
3.1.0
3.2.0
Unofficially Supported
Unofficially Supported
Unofficially Supported
Unofficially Supported

6.5.0

YES

6.5.0

NO

Unofficially Supported
Unofficially Supported
Unofficially Supported
Unofficially Supported

NO
NO
NO
NO

5.3.0
5.2.x
5.1.x
5.0.1
5.0.0

Note: While Citrix products were Unofficially Supported in earlier Pro Enterprise releases,
anecdotal evidence of compatibility has been provided. While customers may have successfully
deployed DigitalPersona for authentication of Citrix hosted applications, DigitalPersona will not
offer support for Citrix related bugs or unexpected behaviors reported against releases preceding
Pro Enterprise 5.3.

Does DigitalPersona Pro Enterprise Support the IE Tab feature

in Chrome?
Chromes IE Tab feature provides an Internet Explorer emulator built into the Google
Chrome Browser. DigitalPersona Pro Enterprise clients do not support logons using IE tab.

Page | 14

Does DigitalPersona Pro Enterprise 5.4 support Windows 8?

DigitalPersona Pro Enterprise 5.4 supports Windows Logon as well as Session logons in
Windows 8 desktop mode.

What is the best way to contact DigitalPersona Technical

Support?
You can reach DigitalPersonas Technical Support department by completing a support
request form at http://www.digitalpersona.com/support/overview/
You can also reach DigitalPersona Technical Support team by telephone at (877)378-2740.

Page | 15