HID DigitalPersona
Smart Authentication for Modern Enterprises
HID DigitalPersona is a leading multi-factor authentication (MFA) solution that enables easy-to-implement and easy-to-manage passwordless desktop authentication. Users can quickly and securely log in to Windows, networks, and applications using biometric data, mobile devices, access badges, smart cards, or security keys.
This user-friendly solution supports a wide range of authentication methods and form factors, enabling a zero-trust security model that flexibly adapts to security standards, technologies, and industry regulations. This provides users with secure access to Windows workstations, VPNs, and applications such as Microsoft 365, Salesforce, Citrix, and other federated or non-federated web, legacy, and cloud applications. Translated with DeepL.com (free version)
Features
Product information
DigitalPersona Premium builds on fast and secure Windows login and VPN access, while offering advanced integration options to protect all applications, systems, and networks. The additional client and server components of the Premium version include the SSO (SAML) module, the Access Management API, and the Password Manager.
The Password Manager included in the Premium version grants users access to computers and applications by creating a biometric single sign-on environment. In many cases, this can be achieved without having to modify existing applications. Integration via the Altus SDK, REST-compliant web services, or the Android SDK also enables strong authentication in custom applications. The Password Manager also provides logs and a wide range of management reports.
| Compatible hardware from our product portfolio: | DigitalPersona fingerprint reader, DigitalPersona fingerprint reader with RTE, FIDO tokens from FEITIAN, FIDO tokens from Yubico, multispectral readers from Lumidigm (with driver), OMNIKEY smart card reader from HID, OTP tokens from FEITIAN |
|---|---|
| Protocols: | OPENIDCONNECT, RADIUS, SAML, WS-FED |
| Supported authenticators: | Bluetooth, FIDO2, FIDO U2F, Fingerprint, OATH T-OTP, Push Notification, RFID/NFC cards, Smartcard (please contact us for detailed information on different smartcards), Smartphone OTP |
| Supported clients: | Windows Client |
| Supported directory services: | ADLDS, Active Directory, Azure AD |
A quick overview of HID DigitalPersona
Modern MFA solution for passwordless login to Windows systems using up to three combinable authentication factors
Ideal for finance, healthcare, retail, call centers, law enforcement, and other environments with shared workstations
Supports application integration via OpenID Connect, WS-Fed, and SAML 2.0
Password manager for securely storing and retrieving login credentials for websites, Windows applications, and terminal emulators; optional password randomization
Enables MFA for VPN, RDP Gateway, and other RADIUS-based environments
Generates DP reports using Microsoft Event Forwarding and MS Power BI to support compliance requirements
Supports a wide range of form factors, including security keys, smart cards, access cards, Bluetooth devices, hardware/software tokens, and passkeys
Deployment via Windows Active Directory, Azure Active Directory, or Lightweight Directory Services (LDS), using Windows tools for user management in Active Directory and policy deployment via GPO
User-friendly interface for self-registration of login credentials and management of authentication policies
Supports FIDO2-certified devices such as HID Crescendo smart cards, USB/NFC security keys, and third-party authenticators
Includes an ADFS extension for MFA, including biometric authentication via facial and fingerprint recognition
Would you like to find out more?
Our experts are happy to provide further information and a live demo.
Industry-specific use cases of
HID DigitalPersona
HID DigitalPersona in Healthcare
Healthcare professionals need secure and fast access to protected health information and applications—at any time and from any workstation. Efficient security solutions improve workflows, reduce the workload on hospital staff, and support higher-quality patient care. At the same time, IT departments need a solution that combines security, compliance, and user-friendliness.
HID DigitalPersona's advanced multi-factor authentication offers significant advantages in this regard:
- Prevents shared passwords by using unique user credentials
- Enables strong authentication on PCs and shared kiosks without locally stored passwords
- Simplifies access to clinical applications via single sign-on (SSO)
- Supports secure authentication in virtualized desktop environments
- Seamlessly integrates user provisioning and security policies
- Supports monitoring and audit trails to ensure compliance with HIPAA, HITECH, and other compliance requirements
Zero-touch experience (Tap & Go)
DigitalPersona enables fast and secure authentication via facial recognition, fingerprint, or smart card—even when wearing N95 masks or surgical gloves.
HID DigitalPersona for Governments
Through public-private partnerships, external service providers and contractors now regularly access government systems alongside government employees. Secure and reliable authentication of all users is therefore crucial for protecting sensitive government resources.
HID DigitalPersona simplifies the user experience and compliance by:
- Support for a wide variety of identification and authentication methods
- Protection of sensitive personal data
- Rapid deployment with minimal impact on government services
- Strong authentication using biometric, behavioral, and risk-based factors
- Support for relevant standards and regulations such as NIST, CJIS, and HIPAA
DigitalPersona supports existing biometric systems as well as physical cards and tokens, and flexibly adapts the security level to different user groups, such as government employees, contractors, or external users.
Thanks to versatile integration options and secure access to legacy, Windows, cloud, and mobile applications, even the most complex requirements of government organizations can be met—without costly IT modernization.
Features und Spezifikationen von DigitalPersona
Group Policy Objects (GPOs) can be used to define security policies for domain users and groups.
Manage Altus LDS and AD users through the Altus LDS backend infrastructure.
HAVE: Passkeys (FIDO2), smart cards (contact-based), OTP (OATH HOTP & TOTP), smartphone push notifications, contactless cards (e.g., HID Seos, HID iClass, MIFARE DESFire, Legic Prime, Advant, Neon, proximity cards 125 kHz, 13.56 MHz)
BE: Fingerprint, facial recognition, voice recognition
KNOWLEDGE: Windows password, PIN, security questions
Workstation in Kiosk Mode - Define authentication policies for shared workstations that allow users to use their individual credentials for Windows login and applications. Various kiosk environments are supported under Citrix/RDP.
You can allow users to log in using recovery questions (which can be customized and managed centrally).
Activity and status reports for users and applications can be managed and scheduled centrally.
Supported operating systems: Windows & Windows Server
XenApp (Server) 6.5, XenDesktop 6.2 and 7, Receiver and Online Plug-in 11 and 12, VMware View, and VMware Horizon.
The HID DigitalPersona Password Manager is an optional feature that can be configured within the HID DigitalPersona solution. It makes it easier for users to log in to applications (HIS, PACS, etc.) and websites. Users do not need to remember complex passwords for each application; instead, they can log in via SSO, single-factor, or multi-factor authentication (MFA)—e.g., via smart card or fingerprint.
In addition, the Password Manager is also supported for kiosk and shared account scenarios.
Centralized management by IT administrators
Administrators can centrally define so-called logon templates. These templates describe, in a structured manner, how login forms for specific applications should be recognized and automatically populated. The templates contain, for example, information on window identification, field mappings (username/password), and any special requirements such as keyboard shortcuts or wait times.
These templates can be managed via the DigitalPersona management console and assigned to specific user groups. Changes and updates are also made centrally, which reduces the administrative workload. This is particularly advantageous in environments with many specialized applications.
User autonomy in the collection of login credentials
Although the structure of the registration form is determined by the central template, users remain fully responsible for their registration data. Users must enter their login credentials themselves on a one-time basis. Administrators cannot view or manage this personal data centrally.
If a target application uses the Windows password for authentication, the corresponding template can be configured to automatically use the currently logged-in user’s Windows password. In such cases, manual entry is completely eliminated—which is particularly relevant for managing frequently used standard applications.
Security and Data Management
Stored login credentials are encrypted (using the Unified User Key, which is generated individually for each user) and additionally digitally signed. The data can only be decrypted by the respective user. It is technically impossible for another user account to access this data.
Extension via personal logins
In addition to centrally provided templates, users can also enter their own login credentials. This is done through the client’s automatic detection of login forms—for example, on websites—after which a personal template is created in the password manager.
Would you like to find out more?
Our experts are happy to provide further information and a live demo.