Imprivata Documentation | Imprivata Enterprise Access Management (Confirm ID) 24.3 | Topic updated: February 27, 2025

Configuring Fingerprint Identification in Enterprise Access Management

Fingerprint Identification is a licensed feature. While finger biometric verification matches a scanned fingerprint against the records for the individual user, Fingerprint Identification identifies the user by comparing the fingerprint to all other fingerprint records. If a unique identification is made, then the user is authenticated.

NOTE: Unlike passwords, proximity cards, smart cards, and ID tokens, fingerprint biometrics always have a risk of misidentification of the user. The risk of false positive and false negative ID is proportional to the number of fingerprint images being compared. Imprivata goes to great lengths to minimize the pool of fingerprints being compared, but it is not possible to completely eliminate the risk. Implementation details like the number of enrolled fingers and users significantly impact misidentification risk. For more information, speak with your Imprivata representative.

Fingerprint Identification Overview

Hardware and Server Configuration Requirements

Fingerprint identification is part of the Enterprise Access Management fingerprint authentication process. Fingerprint identification support is handled entirely on the Imprivata appliance. There are no connections required to any other servers when you implement fingerprint identification.

Hardware requirements, enrollment, and most other settings are the same as for fingerprint verification. See Configuring Enterprise Access Management Fingerprint Verification.

Monitoring Fingerprint Identifications

With the Fingerprint Identification licensed feature, you get real-time notifications of fingerprint identification suspensions resulting from failed authentication attempts. See Configuring Event Notifications.

Assigning Fingerprint Identification Privileges

With Imprivata Fingerprint Identification, users enabled for fingerprint verification automatically get the benefit of fast, secure fingerprint identification without the need to enter a username or select a domain. You assign fingerprint authentication and all other authentication methods through the user policies that you assign to each user.

Use computer policies to define the parameters for fingerprint ID failure. Too many consecutively failed fingerprint identification attempts will mean that no further fingerprint identifications are allowed for the specified amount of time on the designated workstation.

Revoking Fingerprint Identification Privileges

Revoke fingerprint identification privileges the same way you revoke fingerprint verification and all other authentication methods, through the user policies that you assign to each user. Simply assign a different policy to the user.

Authenticating to Enterprise Access Management via Fingerprint Identification

To authenticate via fingerprint only:

Log on to the computer. The Imprivata logon window opens and prompts you to scan your finger.
Scan any enrolled finger. When you are identified, the authentication window closes and you are logged in.

NOTE: Some users may be prompted to provide a valid username to authenticate in large-scale deployments in which many fingers are enrolled.