What is IDenium?

IDenium is a comprehensive, high-performance, biometric identification and single sign-on (SSO) solution designed to manage access to corporate information resources of an enterprise-wide network. It is designed to handle the identification issues of any organization using a Window Active Directory-based network.

Why do I need it?

By using biometrics such as fingerprint and iris recognition, IDenium can eliminate passwords, reduce your helpdesk costs, and increase network security, all with a small resource footprint and rapid organizational deployment. The Gartner Group has found that the average company can spend about $300 per user each year in resolving password related issues. IDenium eliminates these costs and recoups its own cost in a matter of months.

How does it work?

IDenium provides a set of features that allow companies to perform the following operations:
  • User Access Control to client systems with fingerprints, smart cards, passwords, iris scanner or a combination of them
  • Logging of Access Events: Login and Logoff events are tracked within the Windows Event Log for ease of tracking and reporting
  • Centralized User Management: Manage all of your biometrics from within the same tools used for regular system administration

Who uses it?

IDenium is ideal for companies who are looking to secure their networks against bad password practices among users as well as lowering their support costs for resetting passwords and dealing with unauthorized access.

IDenium Architecture

Idenium Architecture

IDenium in a client server network environment

IDenium works within a Windows Active Directory network environment. In addition to providing services in AD, IDenium can support the following configurations:
  • Global Directories - Active Directory (AD)
  • Terminal Services - Citrix, Microsoft Terminal Servers, and Remote Desktop

IDenium Components

Client Components
  • IDenium Windows Logon
  • Password Vault / Biometric Single-Sign-On (SSO)
Admin Components
  • Admin Pack
  • Synchronization Agent
  • Password Changer

Biometric Templates

Up to ten user fingerprints and one iris can be enrolled in IDenium to enable biometric user identification. For each of the enrolled fingers and iris, a digital template is created, providing immense security and the inability to recreate the original fingerprint or iris image from the template. This template, along with other IDenium-specific user data, is stored on the IDenium Server and is then used by (custom) applications that require user authorization to operate.

Main Advantages

  • Identification of users by unique biometric parameters — fingerprints and iris — preventing sharing, theft, or loss of credentials used to access networks
  • Ease and convenience of identification – no need to memorize, type or change multiple passwords
  • Quick integration into enterprise-wide networks of various configurations and platforms
  • Flexible mechanism of user management (Performed via the standard AD Users and Computers application)

Overall Increase in Security

  • A user is identified by their own unique identifiers
  • Non-repudiation of transactions confirmed by way of biometric identification
  • Users cannot share passwords or access rights
  • Prevents the use of stolen or lost credentials

Optimized Administration

  • Reduced time accessing protected resources (elimination of mistyped or forgotten passwords)
  • Increase of system administrator productivity
  • Reduction of costs related to administration of user account maintenance

Ease of use

  • One-time enrollment of biometric identifiers
  • Quick authorization, user convenience and workflow efficiency
  • Enhanced centralized management of user rights


  • Ability to create and extend clusters of biometric identification servers
  • Load distribution, balancing, and handling of peak periods
  • Use of local cache data for user access in case of servers or network unavailability


IDenium is fully integrated into Microsoft Active Directory and provides centralized management of user credentials and access rights as well as easy installation of client components via AD group policies.


During installation, IDenium management tabs are added to the Microsoft Management Console (MMC) allowing IT managers and administrators to manage user accounts, set their rights and privileges, and register new users right from Active Directory Users and Computers (ADUC). All biometric enrollment is also performed within the ADUC, giving IDenium the flexibility to perform enrollments from any system where ADUC is installed. AD integration
  • Active Directory provides centralized storage, protection and transfer of user credentials
  • User rights and privileges management is also centralized and carried out by using the standard Active Directory Users and Computers (ADUC) Microsoft Management Console (MMC) snap-in
  • The administration process does not change: Tabs are added to the MMC after installation of IDenium
  • The administrator can define and modify user user access rights to protected information resources by allowing or denying biometric identifiers, passwords or smart-cards to be used for authorization
  • The Password Synchronizer automatically monitors accounts stored in the AD global catalog, and if necessary, updates user credentials in the IDenium application server which is required for identification


IDenium Fingerprint Single Sign-On (SSO) allows you to replace passwords with biometrics to log into corporate applications (ERP, CRM systems etc.) and well as web applications. IDenium supports following the authentication options:
  • Fingerprint
  • Fingerprint + Password
  • Fingerprint + Smart Card
  • Fingerprint + Iris

Benefits at a glance

Reduction of Password Management Costs

Biometric Single Sign On (SSO) will reduce password related Help Desk calls, each of which costs up to $25 per user per call (accord to the Garter Group).

Easy Authentication for Employees

No more need to memorize, type, or change multiple passwords. Users only need their finger to login to Windows and their applications and websites in less than a second.

Protection from Insider Threats

75% of all data fraud is perpetrated by insiders. IDenium will help you to eliminate unauthorized access to corporate data due to biometrics and strong multi-factor authentication.

Easy User Management for Administrators

IDenium is fully integrated into Microsoft Active Directory and provides centralized management of user credentials & access rights from the MMC


Client Workstations, must meet the following requirements:
  • Pentium IV 1500 MHz processor or better
  • Windows 2000/XP/2003/Vista/2008/Windows 7/Windows 8
  • 64MB of RAM (132MB recommended)
  • USB port for fingerprint scanner
Administrator Workstations must meet the following requirements:
  • Windows 2000/XP (with Active Directory management console installed)/2003/Vista/2008/Windows 7/Windows 8
  • Pentium IV 1500 MHz processors are strongly recommended
  • Minimum of 512MB RAM
  • 200MB of free hard disk space
  • USB port for fingerprint scanner
Domain Controllers must meet the following requirements:
  • Windows 2000 (SP4)/2003 (SP2)/2008/2008 R2/2012
  • Pentium IV 3000 MHz processors or higher are strongly recommended
  • Minimum of 512MB RAM
  • 200MB of free hard disk space
Hardware where IDenium Server will be installed must meet the following minimum requirements:
  • Windows 2000 (SP4)/XP (SP2)/2003 (SP2) /Vista/Windows 7/Windows 8/2008/2008 R2/2012
  • Pentium IV 3000 MHz processors or higher are strongly recommended
  • Minimum of 512MB RAM
  • 200MB of free hard disk space
Enrollment Screen
Enrollment Screen
Login Screen
Login Screen
Identification Policies Screen
Identification Policies Screen