Note: New instances/applications of TTP are not currently being supported.
Overview
Understanding the Caching Process
Enrolled fingerprints are stored in the WinTeam database after the enrollment process is complete. However, fingerprints are not stored locally in the device's cache during the enrollment process.
After enrollment, an Employee must log in and authenticate each fingerprint in order for the prints to be stored in the device's cache. This means, the Employee will have to both scan an enrolled finger and enter their Employee number in order to verify their identity the first time they use the device. The enrolled fingerprint will then be stored locally in the cache. If a different enrolled finger is used to authenticate the next time, the Employee will have to enter their Employee number again in order to verify identity and have that fingerprint stored locally as well.
Fingerprints stored in the cache can be retrieved more quickly to speed up authentication. In addition, if the WinTeam database is not available, Employees will still be able to authenticate and perform a punch action (start a shift or end a shift) because the prints are available locally.
In order to have an Employee log in and authenticate with the fingerprint in the local cache, the following has to take place:
- Supervisor log on
- Enroll Employee
- Fingerprints are stored in WinTeam database
- Supervisor log out
- Employee log on and authenticate with fingerprint scan and Employee number
- Fingerprint stored in device's local cache
- Employee log out
- Employee log on again and authenticate with fingerprint in local cache
- Employee log out
What to Expect on First Log on After Enrollment
What is required of the user during the first log on after being enrolled varies depending on biometric match settings, whether the fingerprints have been cached, whether WinTeam is available and whether a good scan is achieved. The following scenarios are what users can expect when logging in for the first time.
See below for a a review of biometric match settings.
First Log On
What to expect when Biometric Match is always required:
If the fingerprint is not in the local cache:
- You will scan a fingerprint.
- Since the fingerprint is not in the cache yet, you will be taken to the Login screen and be asked to enter your employee number.
- Upon matching the fingerprint (from WinTeam) with the employee number, your fingerprint is now stored in the local cache. Next time you log in, you will not have to enter your employee number (unless Require Employee Number is select in the Device Settings screen in WinTeam).
- You are taken to the Home screen.
- If a match is not made between fingerprint and employee number, you will be taken to the Logon screen. An image of hands will display showing which fingers are available for matching. You will have to scan an appropriate finger again.
If the user's fingerprint is already in the local cache:
- You will scan a fingerprint.
- If Require Employee Number is not selected, upon fingerprint validation, you will be taken to the Home screen.
- If Require Employee Number is selected, you will be taken to the Logon screen and asked to enter your employee number, even if a fingerprint match is made.
- If a match is not made (due to a bad read from the scanner, for example), you will be taken to the Logon screen that shows which fingers you have enrolled, so you can scan your finger again.
What to expect when Biometric Match is required if WinTeam is available:
If WinTeam is available
- The process is identical to the 'always required' scenarios above.
If WinTeam is unavailable, and your fingerprints are not stored in the local cache yet (or there was a bad scan):
- You will scan your fingerprint.
- You will be taken to the Login screen and asked to enter your employee number.
- After validating your employee number, you will be taken to the Home screen.
If WinTeam is unavailable, and your fingerprints are stored in the local cache:
- You will scan your fingerprint.
- You will be taken to the Home screen.
- If Require Employee Number is selected in the Device Settings screen, however, you will be required to enter your employee number, regardless.
What to expect when Biometric Match is not required:
The process is identical to the 'WinTeam is unavailable' scenarios above.
When Biometric Matching is Required
Required Biometric Match
is a setting enabled on the Device Settings screen in WinTeam. In certain circumstances, such as when the WinTeam database is unavailable, biometric match may not be required depending on security settings.
Always Required
This setting is the strictest and will require biometric match in all cases, regardless of whether the WinTeam database is available, the Employee is enrolled or the Employee could scan a valid fingerprint in three attempts.
Authentication will not take place if the WinTeam database is unavailable with this setting.
This setting is good for Jobs with high-security requirements (airports or banks, etc.)
To enable this setting:
Select Require Biometric Match check box
Clear Skip Biometric WT Down check box
Require if WinTeam is Available
This setting only requires biometric match if the WinTeam database is available. If WinTeam is available, the Employee must be enrolled on the device and must scan a valid fingerprint in three attempts (or capture a valid face image). If WinTeam is not available and the Employee's fingerprint or face image has been stored in the device cache, authentication can take place; however, if the fingerprint or face image is not stored in the device cache, biometric match will not be required. The Employee must enter an Employee Number in order to gain access to the Portal.
To enable this setting:
Select the Skip Biometric WT Down check box
Select the Require Biometric Match check box
When Biometric Matching is Not Required
This setting is the least strict and will allow access to the Portal even if an Employee is unable to scan a valid fingerprint in three attempts, capture a face image or is not enrolled. The Employee may also be able to skip the fingerprint authentication screen all together.
The Employee must enter an Employee Number in order to gain access to the Portal if fingerprint or face image authentication does not occur or is skipped.
To enable this setting:
Select the Skip Biometric WT Down check box
Clear the Require Biometric Match check box
Or simply select Employee Number for the authentication method