1. Home
  2. Docs
  3. LDS Edition Administrator’s Guide
  4. DigitalPersona Web Administration Console
  5. Administration Console features

Administration Console features

Features summary

Through the console, the administrator can perform the following activities. Further details are provided in the sections that follow.

  • Search for and display the names of AD Users or Non AD
  • Use the dropdown menu to choose between displaying only AD Users or Non AD
  • With AD Users selected, choose to display All Users, Enrolled Users, Disabled Users or Removed
  • Create a new DigitalPersona AD User
  • List the enrolled credentials for a user
  • Remove specific user credentials
  • Recover a user’s password
  • Unlock a user account
  • Manage (enroll or unenroll) a user’s credentials
  • Set user policies
  • Remove a user

Additionally, the types of credentials displayed, and the policies setting which credentials or credential combinations are required for authentication or log in to the DigitalPersona Web Administration Console (through the DigitalPersona Identity Provider) may be specified through a web.config.XML file. See Configuring the DigitalPersona Identity Server in the preceding chapter for details.

User Details

Most of the user properties and settings are accessed from the Details panel, which by default is hidden when first logging into the console. This panel displays user details, properties, credentials and task buttons. It also indicates whether any credentials required during Attended Enrollment were omitted and shows the reason the administrator provided for their omission.

To open the Details panel, select a users and click Show details.

image dpconsole2 Administration Console features

Note that if the user is in Active Directory but has not been added to the DigitalPersona LDS database, the Manage Credentials button is replaced by a Create New button

Create New AD User

To create a new DigitalPersona AD User

  • Select a user.
  • Click Show details.
  • In the Details panel, click the Create New Note that this button only appears if the selected AD User does not yet have a record in the LDS database. If they do, the Manage Credentials button appears instead.
  • This will launch the Web Enrollment component where you can enroll, and manage a user’s credentials. See the Web Enrollment chapter for further details.

Remove user credentials

To remove a credential for a user

  • Select a user.
  • Click Show details.
  • In the Details panel, click the Edit icon next to Credentials.
  • In the Credentials window, select the credential and
    • Click the x next to any credential you want to remove,
    • Or, click the Edit icon (which looks like a pencil) to display a dialog where you can remove user credentials.

Set policy

To set the credentials required for a user to authenticate

image dpconsole3 Administration Console features

  • Select a user.
  • Click Show details.
  • In the Details panel, click Set policy.
  • In the Authentication policy window, you can set the user policies as shown in the illustration to the right. Then click Save. With the installation of the optional Extended Server Policy Module (ESPM), additional settings are available.

Recover password (user recovery)

The DigitalPersona Administration console provides assisted access to a user’s Windows account, with minimal involvement of the DigitalPersona Administrator or Helpdesk personnel, through the recovery link provided on the Windows logon screen when DigitalPersona Workstation or Kiosk are installed on the machine.

image dpconsole4 Administration Console features

To recover a user’s Windows access

  • Ask the user to click the Can’t access your account link (Windows 7) or Options/One-time access code button (Windows 8 and above) on the Windows logon screen.
  • The user will read the Security Key displayed on the screen.
  • A DigitalPersona administrator or designated person types the Security Key into the User recovery window and clicks Next.

Unlock the account

The Unlock the account button is used to unlock the account of a user whose account has been locked because of too many failed authentication attempts. If the user’s account is not locked, this button is disabled.

Once the account is locked, the button becomes active, and pressing it will unlock the specified user’s account.

Unenroll/remove a user

To unenroll the credentials of a DigitalPersona user or remove the user

  • Select a user.
  • Click the X next to the user
  • Confirm the deletion by clicking OK.

If the user is a Non AD User, they will be removed from the LDS database and their credentials deleted.

For AD Users, although their credentials will be deleted, they cannot be removed through the DigitalPersona Web Administration Console, but must be removed through Active Directory. Note that the above procedure will release the license utilized for the user, but their name will still be listed in the console until they are deleted from Active Directory.

Manage Credentials

To manage the credentials of a selected user

  • Select a user.
  • If user details are not shown, click Show details.
  • Click the Manage Credentials
  • The Web Enrollment application is displayed, where you can enroll and manage the user’s credentials. See the Web Enrollment chapter for further details.

Note that the Manage Credentials button is replaced by a Create New button if the user is in Active Directory but has not been added to the DigitalPersona LDS database. Clicking either button will launch the Web Enrollment component where you can enroll, modify and delete a user’s credentials.

Remove (unenroll) specific user credentials

To remove one or more of a user’s enrolled credentials

  • Select a user.
  • If user details are not shown, click Show details.
  • Under Credentials, click the X next to the credential that you want to unenroll.
  • Confirm the removal by clicking OK.

Manage Hardware OTP Tokens

In order to use hardware-based OTP tokens, you must import seed files provided by the hardware vendor to the DigitalPersona Server.

To import OTP hardware token seed files

  • Select the Hardware OTP Tokens tab (see image below).
  • Drag-and-drop the seed file into the Device seed file text box, or click Browse to navigate to the The file format must be PKSC, although the actual file extension may be PKSC, xml or there may be no extension.
  • If the file is protected by an encryption key or a password, select the appropriate radio button and enter the encryption key or password provided by the token vendor.

image dpconsole6 Administration Console features

  • Click Import.