Overview

Windows Hello for Business (WHFB) enables user to login using biometrics (like fingerprint or facial recognition) or a PIN, backed by cryptographic keys stored securely on the device.

SAML-based Model on Azure cloud joined device

On a WHFB configured Windows client, under the SAML authentication, an end user can sign in to Ivanti Connect Secure (ICS) using Windows Hello biometric or PIN. The authentication is performed using SAML single sign-on leveraging the user’s Azure cloud identity.

The WHFB users who meet the following requirements will be allowed to authenticate with ICS without a username/password by using the WHFB credentials. For more information, see Configure Windows Hello.

Prerequisites:

• Azure licensed admin account.

• Windows laptop - Windows hello configured (PIN, Finger print, Face)

• ICS - SAML auth configured