Enterprise fingerprint authentication for Windows and Linux environments. Centralized biometric login across physical workstations, VDI thin clients, and virtual machines.
Powered by industry-leading technology
Replace passwords with biometric security. Users touch their finger once and get instant access to everything they need.
Touch the reader โ automatically logged in. No passwords to type, no usernames to remember. Just walk up and start working.
Native Credential Provider appears on the Windows login and lock screen. Works with domain-joined and Azure AD machines.
Securely stores encrypted AD credentials. After biometric match, the system logs you in with your actual passwordโenabling full Kerberos SSO.
Single server handles all matching. Templates stored securely, not on endpoints. Central audit logging and policy control.
Full VMware Horizon integration. Touch reader on thin client โ VM launches and logs in automatically. Virtual channel for in-session auth.
Web portal for users to enroll their own fingerprints. Companion app bridges browser to reader. Admin approval workflows available.
From fingerprint capture to Windows loginโhere's what happens when you touch the reader.
User touches the HID EikonTouch reader. High-quality fingerprint image (FID) captured in ISO 19794-4 format.
Fingerprint image sent to Bassma Server over TLS 1.3 encrypted connection. Never stored on endpoints.
Server extracts template (FMD) and performs 1:N matching against all enrolled users. DigitalPersona algorithm ensures accuracy.
User identified. Server decrypts their AD password from the AES-256-GCM encrypted vault.
Credentials returned to client. Windows completes authentication. User receives Kerberos TGT for full SSO to network resources.
Built for environments where security is non-negotiable. Every layer is designed to protect user credentials and biometric data.
All passwords encrypted at rest with per-user IV and authenticated additional data.
All client-server communication encrypted with the latest TLS standard.
Configurable failed attempt thresholds prevent brute force attacks.
Every authentication attempt logged with machine ID, timestamp, and result.
From healthcare to manufacturing, Bassma.ID secures authentication where passwords create friction.
Clinicians move between workstations constantly. Bassma.ID enables instant access to patient records without typing credentials each time.
Shop floor workers wear gloves, have dirty hands, or can't use smart cards. Biometric auth works regardless.
Touch reader on thin client โ VM launches automatically and logs you in. No manual Horizon/Citrix login required.
Public-facing or shared computers where password entry is impractical or risks shoulder-surfing.
Centralized matching, distributed capture. Templates never leave the server. Full Active Directory integration with no schema changes required.
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ CLIENT MACHINES โ
โ โ
โ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โ
โ โ WINDOWS โ โ WINDOWS VM โ โ THIN CLIENT โ โ
โ โ Credential โ โ (VDI) โ โ Agent โ โ
โ โ Provider โ โ + V. Channel โ โ โ โ
โ โโโโโโโโโโฌโโโโโโโโโโ โโโโโโโโโโฌโโโโโโโโโโ โโโโโโโโฌโโโโโโโโ โ
โโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโ
โ โ โ
โโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโ
โ TLS 1.3
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ BASSMA SERVER โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Matching Engine โข Password Vault โข Audit Logging โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โ
โ โ PostgreSQL โ โ AES-256 โ โ Active โ โ
โ โ (Templates) โ โ Vault โ โ Directory โ โ
โ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Let's discuss how Bassma.ID can transform authentication in your organization. Get a demo, architecture consultation, or deployment support.
Or reach out directly:
contact@bassma.id