Cannot Scan Fingerprints To Non-Cached Client

If you are experiencing issues trying to scan your fingerprint to a computer where your MFA user has not been cached to it, see the following settings and items that need to be in place for this functionality to work.

Policy Settings

In the Admin Portal > Policies Tab > Hardware tab > Allow Unauthenticated One to Many Biometric Match and setting to 'True' allows for users to walk up and swipe their finger without first entering a username.

In the Settings tab, check (✓) the option Allow Unauthenticated One-To-Many Biometric Match. When enabled, the server compares the presented fingerprint template against the whole database of fingerprint templates and successfully authenticates if it matches. Click "Save" at the bottom of the page to confirm the change.

You can verify that the BioDevice setting/registry key has been set by the MFA Policy by going to the device's registry: HKLM\Software\Foray and see if BioAnyUserSync is present and set to "True".

Embedded Readers

• Make sure the BioDevice is set to "wbf"
  

• If you are on MFA Client v4981, try rolling the client version back to an older version (this will require uninstalling the current client software and installing an older one)

  • Recommended versions: 4.9.3.9, 4.9.4.1, 4.9.6.1

Drivers

If you are using a Digital Persona device, you may need to install the driver onto the client computer if it is not already

• Recommended: DP-UareU-WSDK-220

• U.are.U_Windows_3.2.0.89