The Entrust Device Agent allows users to log in to Windows computers with biometrics (face recognition or a fingerprint) instead of a smart credential PIN. This feature is disabled by default and must be enabled after installation of Device Agent. This feature is supported only on 64-bit Windows computers.
When a user's mobile device and Windows computer meet the prerequisites and the feature has been configured, as the user approaches the computer with the paired mobile device, a notification appears on the mobile device. The user taps the notification and then performs biometric authentication (face recognition or fingerprint recognition) to log in to the computer. If biometric authentication is unsuccessful, the app prompts the user for the PIN of the paired smart credential (called a Smart Identity in the Entrust Identity mobile app).
Note: This feature, which uses the Windows External PIN Entry mode, is not compatible with non-default values of the following Windows Smart Card configuration settings: AllowCertificatesWithNoEKU and AllowIntegratedUnblock.
Biometric login is enabled by default for Device Agent. If you have an earlier version before BTR for Windows 3.0.4 , follow these steps to enable biometric login to Windows:
On a computer with BTR for Windows 3.x installed, log in as the administrator and run the following command:
reg add HKLM\Software\Entrust\Bluetooth /v EnableExternalPINEntry /t REG_DWORD /d 1 /f
(Recommended) Restart the computer.