Skip to main content

Register or deregister a Windows Hello for Business device in Care Identity Management

How to use Care Identity Management to issue a Windows Hello for Business device as an authenticator, as an alternative to a smartcard, or remove a device from a user's profile.

Page contents

Before you start

For the Registration Authority

You will need to set up a registration meeting with your user, either via video or face-to-face. Registration must be completed in your presence. 

Clear your browser’s cache - a quick way to do this is Ctrl Shift Delete

For the user

They should have set up their device with a Windows Hello for Business sign-in option on their machine - this may require assistance from their local IT Support team.

They must have a working internet connection.

They must bring their device to the meeting. 

Check that the user has plenty of battery charge or power source on their device, as if the battery drops below 20% battery saver mode will automatically start.

In battery saver mode, the software that creates keys for Windows Hello, the Trusted Platform Module, will not create keys so registration will not be possible.

View the Warrantied Environment Specification to check browser compatibility.

Face-to-face process

To register a Windows Hello for Business device, first find the user's profile. From the Care Identity Management home page, choose 'Find an existing user'.

CIM dashboard 5.18 find user highlighted

 

Enter the user's details and select 'Search'.

Care Identity Management find an existing user

 

Choose 'View profile' on the right of the screen.

Care Identity Management user found

 

Go to the Authenticators tab on the user's profile page and select Issue other authenticator

Shows Authenticators tab with Issue other authenticator button highlighted.

 

Select Windows Hello for Business and continue.

Shows radio buttons with the choice of authenticators, and Windows Hello for Business selected

 

You will now see a screen with instructions how to register the device.

When you've read the instructions and are both ready to proceed, select Generate link.

Shows instructions on how to register the device, with the Generate link button highlighted.

 

Copy the link and send it to the user by email, or paste it into the chat function of the video call software you are using.

Shows the registration link, with the Copy link button highlighted

 

The user should click the link.

The user's device will perform a biometric scan (face/fingerprint).

When the user's biometric has been scanned successfully, they will see a confirmation from Windows.

Select OK.

Shows a timer icon overlaid by a popup that says 'making sure it's you'

 

To confirm that the registration process is complete, the user will see a Registration successful confirmation page.

Shows a registration successful message and invites the user to close the page.

 

The user can now close the page.

The user profile page will now show that the user's device has been registered to the user.

Shows the device has been added to the list of authenticators, with a status of active.

Test the Windows Hello for Business registration has been successful

To test and demonstrate that the registration has worked, ask the user to authenticate using Windows Hello for Business.

Remove a Windows Hello for Business device

From the user's profile, select the 'Authenticators' tab, find the Windows Hello for Business device in the list and select 'Remove' on the right.

CIM authenticators Windows Hello for Business remove link

 

Select the box to confirm you want to remove the Windows Hello for Business device, followed by the 'Remove authenticator' button.

CIM remove Windows Hello for Business

 

Finally you'll see a message confirming that the device has been removed from the user's profile.

CIM Windows Hello for Business removed successfully

Last edited: 19 February 2024 9:42 am