Authasas Advanced Authentication® supports two primary methods for enrolling credentials, administrator facilitated, centralized enrollment, and user initiated, self-enrollment.  Each enrollment method offers benefits based on logistics and other requirements.

Centralized enrollment is enabled through the AD Users and Computers snap-in, or via the Authasas Advanced Authentication MMC-Console.  An administrator must be a member of the Authasas Advanced Authentication Admins group in order to facilitate the enrollment of users.  During the enrollment process, each user must provide his or her domain password as positive verification of his or her identity.  Centrally enrolled credentials are immediately published to that user’s directory object for use at any workstation or Citrix server.
Users may also enroll through wizards that can be accessed directly on their workstation.  If allowed by policy, certain (or all) users may enroll through one of several methods.

1. Enrollment wizard during logon:  Once the user has authenticated with his or her Windows® password, the Authasas Advanced Authentication® Enrollment Wizard will take the user step by step through the enrollment process.
2. CTRL-ALT-DEL: The change password button on MSGINA or Credential Provider is modified once Authasas is installed to provide the ability for a user to manage his or her credentials.  If permitted by policy, the user may choose to launch the enrollment wizard to enroll allowed credentials.
3. Authasas ClientTray (System Tray):  Once Authasas is installed, an icon may be visible allowing users to enroll and modify credentials.  Users may access the Enrollment Wizard quickly and easily through this utility.
4. Windows 7 Control Panel:  Windows® 7 users have the ability to access the Authasas Advanced Authentication utility within the Windows® Control Panel in the Biometric Devices section.

Along with the enrollment features described above, through administration consoles and client utilities, users may further manage credentials if allowed by policy.  Such tasks typically involve re-enrollment of credentials, or leverage Advanced Authentication Test Utilities to verify that the credential matches the enrolled credential.