Imprivata Documentation | Imprivata Enterprise Access Management (Confirm ID) 24.3 | Topic updated: February 27, 2025

Configuring Enterprise Access Management Fingerprint Verification

Imprivata fingerprint verification allows users to enter their login credentials while adding a layer of security by verifying their identity through a fingerprint scan. This is a "one-to-one" verification as Imprivata checks the fingerprint against the credentials provided by the user.

Fingerprint verification can be used in conjunction with a password or an Imprivata PIN as a second factor for strong two-factor authentication. Fingerprint verification can also be used as a second factor for proximity card authentication.

Hardware Requirements

To implement finger biometric authentication, workstations must be equipped with fingerprint scanners.

The fingerprint scanner can be built into a laptop or keyboard, or a USB device that connects to the local computer. It includes a transparent scanning area on which the user places the pad of the fingertip being scanned or swipes the fingertip along the thin strip. As long as one enrolled finger is clean and not scarred, fingerprint scanning is highly reproducible and reliable.

The scanner has no moving parts. The important part is the scanner window or strip. As long as the window or strip is clean, your finger biometric authentication is simple and reliable.

Server Configuration Requirements

Imprivata Fingerprint Verification support is handled entirely on the Imprivata appliance. There are no connections required to any other servers when you implement fingerprint verification.

NOTE: You can receive real-time notifications of many network events, including enrollment for fingerprint. Event notifications are detailed in Configuring Event Notifications.

Assigning Fingerprint Authentication Privileges

Assign fingerprint authentication and all other authentication methods through the user policies that you assign to each user. User policies are detailed in Creating and Managing User Policies.

Computer Policy Overrides

The Override User Policy tab of a computer policy includes an option to allow or to prohibit fingerprint authentication on individual computers. When a user with a user policy that permits fingerprint authentication tries to authenticate to a computer that does not, the computer policy overrides the user policy.

Revoking Fingerprint Authentication Privileges

Revoke fingerprint authentication privileges through the user policies that you assign to each user. Create a different user policy and assign it to the user.

Enrolling Users for Fingerprint Verification

Enterprise Access Management users whose security policies are authorized for fingerprint verification (or for the optional Fingerprint Identification licensed feature) get the opportunity to enroll their fingerprint.

NOTE: All fingerprint data is securely encrypted before it is transmitted and saved. Enterprise Access Management does not save an image of a fingerprint. Nobody can read the fingerprint data.

To enroll for finger biometrics:

You can enroll a fingerprint in the following ways:
- Use the Imprivata enrollment utility before logging into Enterprise Access Management. For more information on opening the enrollment utility, see Enrolling Authentication Methods.
- Use your password to log into Enterprise Access Management. After login, you are prompted to enroll a finger.
Follow the enrollment utility prompts to enroll one or more fingers.

Deleting Enrollment Data

You can delete the enrollment data for fingerprint users from each user’s user record (Users menu > Users > select a user record). Select the Delete Fingerprint Enrollment Data? option.

To create and run an Enrollment report, in the Imprivata Admin Console, go to Reports > Add new report.

Allowing Enterprise Access Management Users to Manage Finger Enrollment Data

You can allow users to manage their fingerprints after the initial enrollment by editing Fingerprint options in a user policy. Users with this privilege can enroll additional fingers and un-enroll and re-enroll currently enrolled fingers.

To let users manage fingerprint enrollment data:

Go to the Authentication tab of a user policy > Authentication method options section.
In the Fingerprint section, select Allow users to manage fingerprints.
Save the user policy.

See Managing Finger Enrollment Data.

Managing Finger Enrollment Data

Users can manage their fingerprints from the Imprivata agent menu. See Enrolling Authentication Methods.

Authenticating to Enterprise Access Management via Finger Biometrics

To authenticate via fingerprint scanner:

In the Imprivata logon window, enter your username and domain. This step is unnecessary if you are using the optional Fingerprint Identification licensed feature, described in Configuring Fingerprint Identification in Enterprise Access Management.

NOTE: If the Fingerprint option does not appear, then check to be sure the fingerprint scanner is connected to the computer.

Select Fingerprint and then click OK.
Scan any enrolled finger.
If a password is configured as a second authentication factor, enter the password and click OK.
If an Imprivata PIN is configured as a second authentication factor, enter the PIN and click OK.

When you are authenticated, the authentication window closes.