Fingerprint authentication is an identity verification method that is widely used in recent times. The fact that everyone has a unique fingerprint makes it one of the more secure methods of authentication. Fingerprint authentication is also simple and quick. Users simply need to scan their fingerprints in order to authenticate themselves. This is why, in recent times, fingerprint scanners have been introduced in smartphones and fingerprint authentication is used for identity verification in applications.

With all the advantages that fingerprint authentication has to offer, it only makes sense to use it as a multi-factor authentication (MFA) method during Active Directory domain logins in an organization. Self-service Active Directory password resets and account unlocks are other actions that can benefit from fingerprint authentication for identity verification. Breaching into even a single domain account can lead to misappropriation of a large amount of data and even put the entire domain network at risk if the account has high privileges. Implementing fingerprint authentication as an additional step can help prevent such issues.

ADSelfService Plus, an Active Directory self-service password management and single sign-on solution, offers MFA using fingerprint authentication and any of the 15 other supported methods including Google Authenticator, YubiKey Authenticator, RSA SecurID, and QR code. ADSelfService Plus uses MFA to secure:

1. Windows, macOS, and Linux logins.
2. Active Directory self-service password reset or account unlock actions via the ADSelfService portal, ADSelfService Plus mobile app, and native Windows/macOS/Linux login screen.
3. Enterprise application logins through single sign-on (SSO).
4. Self-update of Active Directory profile information, subscription to mail groups, and employee search using ADSelfService Plus.

Fingerprint Authentication for MFA can be enabled with minimal steps in ADSelfService Plus

Note: Biometric Authentication is an Advanced Authenticator available as part of the Professional edition of ADSelfService Plus.

1. Navigate to Configuration → Self-Service → Multi-factor Authentication → Authenticators Setup.
2. From the Choose the Policy drop-down, select a policy.

   Note: ADSelfService Plus allows you to create OU and group-based policies. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy. Click Select OUs/Groups, and make the selection based on your requirements. You need to select at least one self-service feature. Finally, click Save Policy.

3. Click Biometric Authentication section.
4. Select Enable Biometric Authentication.