1. Home
  2. Docs
  3. MFA Client Guide
  4. About authentication and credentials

About authentication and credentials

The default, and simplest, means of authentication, i.e. making sure that you are a person authorized to access a computer or other resource, is your Windows account name and password. Authentication is generally required when logging on to Windows, accessing network applications and resources, and logging in to VPNs, portals, and websites.

DigitalPersona clients provide a means for the IT Administrator to easily set up and enforce strong authentication such as two-factor and multi-factor authentication using a variety of supported credentials.

DigitalPersona supports the use of various credentials for authentication, including Windows passwords, fingerprints, smart cards, contactless cards, proximity cards, PIN, Bluetooth devices and One-Time Passwords.

An additional Recovery Questions credential may be used solely for recovering access to a managed client computer when other credentials fail, are forgotten, or are otherwise unavailable.

Note that by default, user credentials are cached on the local DigitalPersona Workstation client. This means that DigitalPersona Workstation users will be authenticated without a connection to the DigitalPersona Server.

By default, initial enrollment of end-user credentials is provided through the DigitalPersona Attended Enrollment component.

Administrators may choose to allow users to enroll and manage certain credentials by enabling self-enrollment through the Self Enrollment Policy GPO.