Fingerprint authentication

The fingerprint reader on Thinkpad laptops enables an IT administrator or Help Desk technician to validate user requests using fingerprint authentication. Registered fingerprints are stored on the local machine.

For example, when a user contacts the Help Desk to request a password reset, the user's identity can be quickly verified.

To enable this functionality, the following conditions are assumed:
  • The Lenovo fingerprint reader is present on the device
  • The associated fingerprint software has been installed
  • The user has enrolled one or more fingerprints on the device
  • The computer is a managed device and shows up in the network view on the ThinkVantage console
In addition, ThinkManagement console users need the following role-based administration permissions:
  • Fingerprint management permission (provides access to the Fingerprint configuration manager tool)
  • Under remote control, the remote execute permission (required for fingerprint tasks)
  • Under Software distribution, the Distribution packages Deploy permission (required for remotely clearing fingerprints)

See Role-based administration overview for information on configuring roles and permissions.

To validate a user's identify before resetting the password,
  1. Open the management console to the Network view.
  2. Right-click on the device.
  3. Select ThinkVantage > Authenticate user by fingerprint.

    The Fingerprint validation prompt appears on the technician's screen:

  4. Type the fully qualified domain name of the user.
  5. (Optional) Type any instructions you want to display on the user's screen (for example, "Please authenticate now") and click OK.

    The authentication prompt appears on the user's screen.

    Once the user has swiped their finger on the fingerprint sensor the result is displayed on the technician's screen in the Status of requested actions table.

    If the user's fingerprint is recognized, the Results field displays "The operation completed successfully." If the fingerprint was not recognized, the Results field displays "Access is denied."

  6. With the user's identity verified, the technician can proceed to reset the password.

For information on how to remove fingerprint data from Thinkpad laptops, see Removing Fingerprint profiles.