Western - Set Up Secure Connect - Biometric Login

Step 1:  Set up biometrics within Windows Hello

1. Press Start key on keyboard, or click on Start icon in lower left corner of Windows.
2. Type in Sign
3. In search results, click on 'Sign-In Options' (system settings)
4. Under Ways to sign in, Windows will display your available hardware options under 'Facial Recognition' and 'Fingerprint recognition'.*
5. Click the option you would like to set up, if available, and click on 'Set up' button.
6. In Windows Hello setup window, click 'Get Started' and follow on-screen prompts to add biometrics.
   • Fingerprint recognition:  The fingerprint sensor is built into the laptop's power button (for any laptop bought after April 2023).
     • For the fingerprint recognition setup, pick the finger you would like to use for authentication.  Follow the on-screen prompts that will guide you through gently touching and lifting up your finger repeatedly on the fingerprint sensor. Windows will confirm when you have done this enough times that the finger is registered.  Once complete, you have the option to set up an additional finger.
       • If built-in fingerprint reader, do NOT press down on power button.
   1. Facial recognition: If you have an IR webcam, it is highly recommended that you register this as an additional option.  It tends to be less problematic than fingerprint login.
      • If you have more than one IR webcam (laptop and monitor), select your preferred Hello camera in the drop-down menu.

7. You will be prompted to set up a pin when setting up biometrics for the first time on a new device. 
   Note: If you forget your pin later, you will need to remove pin and re-register your biometrics.
   1. Enter your Cornell NetID password to authenticate and click OK.
   2. Type in your desired pin.
      1. Click the checkbox if you would like to use a mix of numbers, letter and symbols.
      2. Length must be at least 6 characters.
8. OPTIONAL - Return to step 4 to add in the other available biometrics option (fingerprint/facial).
9. Sign out or restart your computer to test signing into Windows with biometrics.

*For staff with no available biometric options available:

If both facial recognition and fingerprint show "This option is currently unavailable, your laptop and connected equipment do not have this capability.  External USB fingerprint readers are available for around $25-$30.

• USB A Fingerprint Readers (Amazon) 
• USB C Fingerprint Readers (Amazon) 

If you have a 24" monitor with a built-in webcam, and Windows shows no available option for facial recognition setup, please contact IT support at https://westernhelpdesk.cce.cornell.edu/.   Driver updates may be need to be installed before it will function.

Step 2: Verify Beyond Identity app installed on computer

1. Press Start key on keyboard or click on Start icon in lower left corner of Windows.
2. Type in Beyond
3. In search results, click on 'Beyond Identity' app
   It may take a minute to load the app the first time.  Be patient.
4. At the Welcome screen, click 'Next'
5. At the Set up your devices screen, click 'Enter setup code'
6.  STOP when you get to window where 9-digit passcode is needed and proceed to next steps below.

Note:  If Beyond Identity is not installed, it can be downloaded from https://app.byndid.com/downloads.

Step 3: Go to Cornell's Beyond Identity website portal and register passkey

1. Open the Beyond Identity Self-Service Portal in your browser. 
   Full URL is: user.byndid.com/auth-user/?org_id=cornell-prod 
2. Log in with your Cornell NetID and password (authenticate with Two-Step Login if prompted).
3. Click the Register New Passkey button.
   You will see "Registering your passkey. Do not close this tab."

• If another device's passkey is already registered, you will NOT see 'Register New Passkey' option. 
  You must use one of the already registered devices in the list to register a new device.  OR delete all devices from the self-service portal.
  1. Open Beyond Identity on already registered device and click on Set up other devices
  2. Enter hello PIN to verify
  3. Enter 9 digit code on screen onto new device
      
• Your browser may ask if you wish to allow Beyond Identity to be opened. Select always allow and open the application. This is required for the passkey to work correctly. (Your prompt may look slightly different.)

Step 4: Verify passkey enrollment in Beyond Identity app

If passkey enrollment is successful, the Beyond Identity app will show your newly created passkey.

1. If app is no longer open, go through steps in Step 2 of this article to re-open Beyond Identity app in Windows.
2. Verify a passkey is registered (see screenshot example above)
3. Close the Beyond Identity window.

Step 5: Set up your browser to use Secure Connect.

1. Open browser and navigate to Workday or any other site that requires NetID login.
2. At the CUWebLogin page, click on the new option "Log in with Passkey"

• NOTE:  If you do NOT have biometrics built into your laptop, and your only registered options are using external monitor or fingerprint reader: 
  Do NOT select the checkbox to "Always log in with Passkey Automatically".

3. Page will redirect to Beyond Identity's authentication site (https://app.byndid.com/) and prompt for biometrics login.