Software Configuration Guide

BioConnect Enterprise uses an advanced plugin architecture to connect directly into your access control software. This provides seamless synchronization of all data such as new cardholders, changes or deletions. All biometric readers connect directly to the BioConnect Enterprise over TCP/IP for quick access to the dynamic user/template database. Communication with the control panel is a standard Wiegand card number using a card format of your choice. Within the access control software, the reader is configured as a standard Wiegand interface reader. This architecture provides a simple, flexible, and scalable biometric solution that allows you to use a variety of biometric types and readers within a single system.

About this guide

This guide will walk you through the configuration settings of the BioConnect Enterprise to suit your specific project need.

Video Tutorials

BioConnect software offers video tutorials to guide you through the software user interface and core features. To launch the video tutorials, you can simply click the icon on each page.

Root Account Login

The default “root” level account is (case sensitive):

Username: Entertech

Password: Bobcat

This account’s password can be changed within the configuration window.

BioConnect Configuration

To open BioConnect Configuration, click [Menu] > [Configuration].

BioConnect Configutation is primarily used by the root level Administrator account “Entertech”. This allows you to turn on/off Active Directory, set the root account password, check the status of your license or update the existing license.

If you enable the Use Active Directory option, all Username and Passwords will no longer be able to login to the software with the exception of the root level administrator account. Only accounts that are registered on the domain and linked to a cardholder within BioConnect Enterprise will be able to access the software. To add Active Directory accounts, go to the cardholder’s profile within User Management.

This option requires that you type the exact credential number of the cardholder you are searching for instead of a portion of the credential number. For example, if you are searching for the card “18273”, with this checkbox left unchecked, you will get the record with the card “18273”, but you also get “182731323, 123182732, 918273” because all of these cards consist of the 18273 digits. To protect against this, you can choose to only bring results for the exact number you searched for.

This option allows you to enable or disable the automatic database sync that occurs every time you press the [Search] button or open Quick Enrollment or User Management. In large systems, this can improve the speed of the software and will result in the software only synchronizing every 5 minutes, or anytime a manual synchronize is triggered from the software menu.

This option allows you to filter the BioConnect Enterprise user list to display only active users from the ACM. The default setting is to show all users synchronized from the ACM, both active and inactive.

This option allows you to see Card Only option under User Management. It allows the selected card to be accepted by the reader without a biometric verification. The default setting allows you to enable or disable Card Only option.

Licensing Configuration

After setting up your initial trial or license, you can always update an existing license by going to [Menu] -> [Configuration] -> [Licensing] from the BioConnect Enterprise application.

Connect to Server

“Connect to Server” configuration allows user to switch between BioConnect servers by entering connection details.

To add a new server, click [Menu] > [Connect to Server] > [Add a new server]

This will bring up a Connect to Server window where you can configure the new BioConnect Server IP Address/ port value, RabbitMQ IP Address/ port value.

Click [Connect] button after you complete entering connection details. BioConnect Client will be rebooted and connected to new server. (This can be verified by checking ‘Current Server’ section just above [Add a new server])

User Management

The User Management section of the software allows you to view all of the users who have been synchronized from your access control software. You can sort/filter the users to see details such as who has been enrolled. Click [Sync] at any time to re-sync the data in the list.

Credentials Tab

All badges are listed under the Credentials tab of the user profile.

The cardholder must have an active credential within the access control software to appear “active” within BioConnect Enterprise. If there are no active credentials, the user will appear inactive within BioConnect Enterprise.

This option allows you to choose which card is sent to the access control panel in the event of a Biometric-Only identification. If no card is selected, the system will assume the first card listed. This is only necessary when a cardholder has multiple credentials.

This checkbox allows the selected card to be accepted by the reader without a biometric verification. If the reader is configured for Card + Finger, this will allow the card to gain access immediately without a biometric verification. This is a useful feature for people who are not going to be enrolled, or people who have not enrolled yet but still need access.

Administration Tab

The Administration tab allows you to give access to the BioConnect Enterprise. This can be done using a Username and Password, or by using Active Directory. Cardholders are linked to Usernames or Windows Credentials to gain access to the BioConnect Enterprise to conduct enrollments.

To provide access using Username and Password, Active Directory must be turned off. This can be turned off within the Configuration section of the software.

To provide access using Active Directory, the option must be enabled within the Configuration section of the software. Once this is enabled, the only user who can access the software using a Username and Password is the root level administrator “Entertech”.

Quick Enrollment

Fingerprint Enrollments

The Quick Enrollment section of the software is where all biometrics are captured. To enroll a fingerprint:

NOTE:

It is critical for the success of the system that good enrollments are captured. Below is an example of a good enrollment:

In the above example, you can see that the middle of the finger is placed in the middle of the scanner. You can clearly see the ridges of the fingerprint and the quality score is at 100% (Quality scores are only available when enrolling from the BioMini USB scanner).

WARNING: Placing your fingers too low on the scanner, or not placing the finger flat create poor enrollments. These will lead to low success rates and could also increase the possibility of a False Accept (Having a fingerprint show up as another cardholder). Although this is extremely unlikely, having a high volume of poor fingerprints (Fingertips) in the software can lead to issues as fingertips do not have as much unique data as the middle of the finger. Always ensure that you are capturing the best fingerprints possible during the enrollment phase. These enrollments are going to be the basis for all fingerprint matching going forward.

Encode to Card (Template on a Card)

When working with Mifare or iClass smartcards, you have the option of encoding two templates onto the card itself for verification. This allows you to carry your templates with you to the reader instead of having the reader use the Server as it’s matching database. This is common in locations where networking is difficult.

To encode templates onto the card:

Once this completes, the template is now located on the internal memory of the card. You will need to configure the readers to accept Template on a Card using the BioStar Configuration Software. For more details on this software, search for BioStar Configuration Software.

Face Enrollment (FaceStation2)

To enroll a Face, you must have a FaceStation 2 device added to BioConnect Enterprise with the “Enrollment” option applied within the device settings.

Face templates are sent to devices in groups. You can choose which location groups to send the templates to – This will send the templates to all of the devices listed under that specific location group.

The maximum number of face templates that should be sent to a device for 1:N matching (Matching with only your face/biometric only) is 3,000. To use more than 3,000 faces in a given location group, a 1:1 verification should be used.

You can enroll two face templates per user (Not required). If a user occasionally wears glasses, it is best to enroll them both with and without glasses.

Delete Templates: Once enrolled, clicking [Delete Templates] will remove all of the user’s templates from the system and devices. Once the templates are deleted, the user will have to re-enroll before using the system again.

Sync with Device: Using the Sync with Devices function will re-send the templates to the appropriate location device groups. If you want to change the device sync locations after the enrollment process has been completed, make the location changes and click [Sync with Device].

Device Management

Adding a Device

The easiest way to configure and network Suprema readers is to connect them into a router. All Suprema readers come in DHCP mode out of the box. To network them, simply connect them into a network that supports DHCP. If you connect the device directly to a standalone “dumb” switch or directly to your PC, you won’t acquire an address. You can reset the devices back to a default IP address of 192.168.0.1 - To do this, please see the User Manual for the specific device type, included with the BioConnect Enterprise Install Package.

BioConnect Network Utility is a networking tool included within every BioConnect Enterprise Installation Package that can help search for hard to detect devices and configure common settings of biometric readers supplied by BioConnect.

BioStar Config is an IP Network utility included with BioConnect Enterprise that can help search for hard to detect devices. You can find the executable file on the Server at C:\Program Files(x86)\Entertech Systems\BioConnect\BioConnect Service\Utilities\BioStarConfig.exe. This file can be copied onto a laptop for convenience.

Details Tab

The name you would like to give the reader. It is recommended to keep this consistent with the name you give the reader within the access control software.

This is the location/region of the reader. This location is used throughout the software primarily to limit which enrollment readers are available for use by the people performing enrollments. For example, you may not want people in New York having to filter through enrollment devices across the country to find the one nearest to them. You can limit which locations a user has access to in the User Management section of the software.

This option allows you to designate the reader as a possible enrollment reader. Readers with this enabled can still operate as a production reader, but will be available within the Device list during the enrollment process.

This box will become active when the device is online.

The device’s serial number.

The authentication mode of the reader. Possible presets are Card + Finger/Finger Only, Card + Finger, or Card Only. Below are some descriptions:

Various operations modes which support PINs, such as 3-factor authentication (Card + Finger + PIN), are also included for supporting devices.

NOTE: If your preferred authentication mode is not listed, you will use the BioStar configuration software to configure these custom settings in the reader. Please search BioStar Configuration Software for more details.

General Information Tab

This is the product version.

The product code for the reader.

BioConnect Enterprise supports multiple biometric hardware options. Customer can choose from a wide range of multi-factor readers such as face, fingerprint, card and PIN. Currently following devices (firmware version) are supported by BioConnect Enterprise 4.4:

The current firmware/kernel installed on the reader. Note that firmware updates can be installed through the software, but Kernel updates must be upgraded at the reader itself using the onboard USB port.

To update firmware from BioConnect, click [Update Firmware], select firmware file (preloaded to local drive). Device will reboot and come back online when firmware update completes.

The current fingerprint template (Suprema or ISO) used by the reader.

Network Details Tab

The IP Address, Subnet and Gateway of the reader. Having DHCP enabled will cause the reader to look to the network for an IP address assignment. With it disabled, you can assign it your own address.

The IP address of the server which you would like to have the device connect into. This should be the server where the BioConnect Enterprise services are installed. The server must have a static IP address.

The default port for the BioConnect Enterprise server to listen on is either 8001 (Generation 1 Device) or 51212 (Generation 2 Device). Be sure that this is not blocked by your firewall.

Wiegand Details Tab

This is the facility code that will be sent to the panel (along with the matching card number) when a fingerprint is authenticated.

The card format you want to use on the reader. Suprema readers are limited to 1 card format per reader. For your convenience, some of the most popular card formats are included within BioConnect Enterprise:

NOTE: You can set custom formats as well. Suprema readers are compatible with up to 64 bit cards, with a maximum of 32 ID bits. This can be customized by using the BioStar Configuration Software.

The card offset is used by some Access Control systems when they have duplicate card numbers across different card formats within their system. This feature adjusts for the card offset set within the access control software. If you are not using an offset, leave this value as 0.

This option allows you to send the User ID field instead of the card number to the panel after a successful card or finger authentication at the reader. It is recommended that unless in rare cases, you should leave this option set to “Card #”.

The fail code will send the largest possible number within your card format when a failure occurs at the reader. For example, with 26 bit Wiegand the largest number would be 65535. Failures include rejected fingerprint or card reads.

The [delete] button within the Device Configuration tabs allows you to remove a device that is no longer online or used within your system.

Device Memory Tab

Device Memory tab allows you to factory reset the reader or delete all users on the device from BioConnect software.

Synchronization

BioConnect Enterprise is designed to make synchronization simple requiring no interaction from the user. There are three types of synchronizations that occur:

The automatic synchronize occurs automatically every 5 minutes in the background. It is also triggered whenever you open the User Management section of the client, or do a search. This means that you do not have to wait 5 minutes for the data to synchronize if you need it immediately.

The software also does a full re-synchronize each night. This helps by providing redundancy to ensure that all data was properly updated within the BioConnect Enterprise.

The manual user synchronize feature can be activated at any time within the BioConnect Enterprise client by clicking [Menu] > [Synchronize Users]. During normal use, this feature will not be required. Choose a date that you would like to synchronize from (The date will pull all changes that have occurred since that date). This is a helpful feature if a cardholder does not appear to have the most up to date information.

The manual device synchronization can be activated at any time within the BioConnect Enterprise client by clicking [Menu] > [Synchronize Devices]. During normal use, this feature will not be required. Purpose of this synchronization is to push the user info and templates to the internal memory of the reader.

If an active user meets any of the following conditions, they will be sent down to the local memory of the device:

There are three ways to perform device synchronization. You can choose from following 3 options by clicking [Menu] > [Synchronize Devices] to update the devices with the latest set of user information from within the BioConnect system:

BioStar Configuration Software

IMPORTANT NOTE: This section is for Suprema Generation 1.0 devices. If you’re using the BioStation 2 (Suprema Generation 2.0), please consult our Support Portal for resources on using BioStar 2.

The BioStar software by Suprema is required for some reader configuration that is not available within the BioConnect Enterprise. Some examples include:

BioStar is included within every BioConnect Enterprise Installation Package. This software can be installed on the same server that is running BioConnect Enterprise, and uses a different server port for communication.

For your reference:

When a device is configured, you point it to a Server IP address and a port. The port that you choose will determine which software it connects into. To switch a reader from BioConnect Enterprise to BioStar, simply change the Server Port within its network settings in the Device Management section of the software.

The BioStar-specific documentation is also available within the BioConnect Enterprise Install Package. Please note that although the BioStar software is a fully functional access control software, we are using it primarily for its reader configuration setting options.

Please see the BioStar manual and Reader-Specific documentation for more details.

CabinetShield

To perform the installation, complete the following steps:

You’ll only need to connect Digitus Ethernet Utility to BioConnect software for initial set up. Once the connection is established for the first time, Digitus Ethernet Utility will be activated automatically every time you click on [Find Devices].

Complete following steps to connect BioConnect with Digitus Ethernet Utility:

Changing Network Settings will only be used for device initial set up. For existing devices which have already been added to the network, please search for "Add CabinetShield to BioConnect".

NOTE: CabinetShield devices currently do not support DHCP searching. Complete following steps to set the IP Address, Subnet, Gateway and Port statically:

For more information about CabinetShield device settings, refer to UI Explanations section in this manual.

UI Explanations

Support

Telephone support is available Monday - Friday from 8:30 AM to 8:30 PM Eastern to assist with installing, configuring and troubleshooting the BioConnect Enterprise. The technical support team is well versed to assist integrators both during the planning or post sales stages.

The goal of the BioConnect team is to make the software as easy as possible to install and configure. If an unexpected problem occurs or if you would like some guidance, please don’t hesitate to reach out using one of the contact methods listed below:

Support Website:

https://support.bioconnect.com/hc/en-us

Telephone:

Email:

support@bioconnect.com