Skip to content

KB010: Configure Continuous Face Authentication

Article ID: KB010

Last Updated: June 21, 2025

Applies To: HySecure Gateway 7.1 and above

Category: Security & Authentication Enhancements

Overview

This guide explains how to configure biometric face authentication with continuous monitoring support for the Windows HyID Client. This enhancement extends beyond basic face authentication to provide ongoing user verification during active sessions, thereby improving security through continuous user presence validation.

Prerequisites

  • HySecure Gateway 7.1 or higher
  • Security Officer or Administrator access to the HySecure Management Console
  • The face authentication server is configured and operational.
  • Credential Provider is installed on client devices.
  • Devices with camera capability for biometric authentication

Benefits

  • Enhanced Security: Continuous user verification during sessions.
  • Session Protection: Detect unauthorized session access.
  • Improved Compliance: Meet advanced biometric authentication requirements.
  • User Presence Validation: Ensure the authorized user remains at the device.

Authentication Modes

Basic Face Authentication

  • Single Verification: Face authentication during login only.
  • Session Duration: No ongoing verification after initial login.
  • Security Level: Standard biometric protection.

Continuous Monitoring (New Feature)

  • Ongoing Verification: Periodic face authentication during the session.
  • Real-Time Protection: Continuous user presence validation.
  • Enhanced Security: Detect session hijacking or unauthorized access.
  • Configurable Intervals: Adjustable monitoring frequency.

Procedure

Step 1: Access HyID Policy Configuration

  1. Log in to Management Console

    • Log in to HySecure Management Console as a Security Officer or Administrator.

  2. Navigate to HyID Policies

    • Go to Policies > HyID.

    • Select an existing HyID policy or create a new one.

Step 2: Configure Face Authentication

  1. Select Face Authentication Token

    • In the MFA token list, select Face Authentication.

    • Ensure face authentication is enabled for the policy.

  2. Navigate to Face Authentication Settings

    • Scroll to the end of the HyID policy configuration page.

    • Find the Face Authentication Server section.

Step 3: Enable Continuous Monitoring

  1. Locate Facial Authentication Category

    • Find the Facial Authentication Category section.

    • Look for continuous monitoring options.

  2. Enable Continuous Monitoring

    • Check the option Enable Continuous Monitoring.

    • This activates ongoing face verification during user sessions.

  3. Save Configuration

    • Click Save or Submit to apply changes.

    • Verify that the configuration is saved successfully.

Configuration Options

Monitoring Frequency Settings

Available Options:

  • High Frequency: Verification every 2-5 minutes

  • Medium Frequency: Verification every 10-15 minutes

  • Low Frequency: Verification every 30-60 minutes

  • Custom Interval: Administrator-defined timing

Monitoring Triggers

Time-Based Triggers:

  • Periodic verification at set intervals.

  • Random verification within time windows.

  • Activity-based verification scheduling.

Failure Handling

Authentication Failure Actions:

  • Session Lock: Lock the session until re-authentication.

  • Session Termination: End session immediately.

  • Warning Notification: Alert user and continue monitoring.

  • Administrative Alert: Notify the security team of failure.

User Experience Considerations

Notification Settings

User Notifications:

  • Advance Warning: Notify the user before verification is required.

  • Verification Prompt: Clear instructions for face positioning.

  • Status Updates: Confirmation of successful verification.

  • Failure Messages: Clear guidance when verification fails.

Camera Requirements

Technical Requirements:

  • Camera Quality: Minimum resolution for reliable detection.

  • Lighting Conditions: Adequate lighting for face recognition.

  • Positioning: Proper camera angle and distance.

  • Privacy: User privacy considerations and consent.

Implementation Considerations

Deployment Strategy

Pilot Implementation:

  1. Test Group: Start with a limited user group.

  2. Monitoring: Observe user experience and technical issues.

  3. Feedback: Collect user feedback and adjust settings.

  4. Gradual Rollout: Expand to larger user groups.

  5. Full Deployment: Organization-wide implementation.

User Training Requirements

Training Topics:

  • Proper camera positioning for face authentication.

  • Understanding continuous monitoring prompts.

  • Troubleshooting common authentication issues.

  • Privacy and security benefits explanation.

Privacy and Compliance

Privacy Considerations:

  • User consent for biometric data collection

  • Data storage and retention policies

  • Cross-border data transfer implications

  • Compliance with local privacy regulations

Regulatory Compliance:

  • GDPR compliance for biometric data

  • Industry-specific requirements (HIPAA, SOX, etc.)

  • Data protection impact assessments

  • Regular compliance audits

Monitoring and Management

Session Monitoring

Real-Time Monitoring:

  • Active session tracking with continuous authentication.

  • Authentication success/failure rates.

Reporting and Analytics

Authentication Reports:

  • Failed authentication analysis

  • Security incident correlation

Administrative Controls

Policy Management:

  • Enable/disable continuous monitoring per user group.

  • Adjust monitoring frequency based on security requirements.

  • Configure failure handling policies.

  • Manage exceptions and special cases.

Troubleshooting

Common Issues:

Continuous Monitoring Not Working:

  • Check: HyID policy configuration.

  • Verify: Face authentication server connectivity.

  • Confirm: Credential Provider version compatibility.

  • Test: Basic face authentication functionality first.

Frequent Authentication Failures:

  • Cause: Poor lighting conditions

  • Solution: Improve workspace lighting

  • Check: Camera quality and positioning.

  • Adjust: Monitoring frequency if too aggressive.

User Complaints About Interruptions:

  • Review: Monitoring frequency settings

  • Consider: Adjusting interval timing.

  • Evaluate: User workflow patterns.

  • Balance: Security needs vs. user productivity

Diagnostic Steps

Verify Configuration:

  1. Check the HyID policy has face authentication enabled.

  2. Confirm the continuous monitoring option is checked.

  3. Verify face authentication server is operational.

  4. Test basic face authentication functionality.

Test User Experience:

  1. Log in with face authentication.

  2. Verify that continuous monitoring prompts appear.

  3. Test authentication failure scenarios.

Best Practices

Configuration Best Practices

Optimal Settings:

  • Start with moderate monitoring frequency.

  • Adjust based on security requirements and user feedback.

  • Use appropriate failure handling for the organizational culture.

  • Regular review and optimization of settings.

User Experience Optimization:

  • Provide clear user communication about feature benefits.

  • Offer training and support for face authentication.

  • Monitor user satisfaction and adjust accordingly.

  • Consider user workflow patterns in the configuration.

Operational Best Practices

Monitoring and Maintenance:

  • Regular review of authentication success rates.

  • Proactive monitoring of system performance.

  • User feedback collection and analysis.

  • Continuous improvement of the configuration.

Support and Training:

  • Comprehensive user training programs.

  • Clear troubleshooting documentation.

  • Responsive support for authentication issues.

  • Regular communication about security benefits.