Biometric Verification

You can configure the Dayforce Clock Pro and Clock+ to verify the identities of employees through a fingerprint scan. The clocks capture a mathematical representation of employees’ fingerprints when they perform clock entries. When configured, the clocks compare the representations of the fingerprints that were saved in the database to the fingerprints submitted at the time of the clock entry. If the two match, the clock entry is accepted. If they don’t match, it’s rejected.

The Dayforce Clock Pro and Clock+ support external biometric readers.

This section specifies only the changes that you need to make to the custom config file to enable biometric verification. For more information about editing config files and publishing your configuration, see Configure the Clock Programs.

When you enable biometric verification in the clock config file, you can also edit the following attributes to customize how the clock treats biometric verification:

• mode: The biometric mode that the clock uses. Choose one of the following modes:
  • verify: Users enter their badge number and then scan their finger. If the scan matches the one in the database for that employee, they can then record their clock entry.
  • identify: Users are prompted to scan their finger without first having to enter their badge number. The clock checks their scan against the ones saved in the database and finds the appropriate match.
  • In verify mode, if a biometric template for the current badge isn’t found in the bio reader’s memory, the clock attempts to download it and then prompts the user to scan their finger.
• threshold: The biometric threshold, which determines the quality of finger scans that the reader accepts.
• The Dayforce Clock Pro config file supports values of 1 to 4, corresponding to low, medium, high, and very high sensitivity. The Clock+ doesn’t use this attribute.
• enrollment: Controls whether the clock prompts users for one finger or two during the enrollment process.
• When configured with enrollment="normal", the clock prompts employees for two finger scans. When configured with enrollment="simple", the clock prompts employees only for one scan.
• verify_attempts: The number of biometric verification attempts that the clock supports. For example, to specify that employees get three attempts, type verify_attempts="3". This means that if an employee fails their first attempt at biometric verification, the clock allows two more attempts without the employee having to re-enter their badge number.
• accept_on_hw_failure: Controls whether the clock accepts clock entries when biometric verification is enabled, but the biometric reader isn’t operational or is disconnected. When set to yes, the clock rejects clock entries if the reader isn’t connected. When set to no, the clock accepts clock entries despite not being able to perform biometric verification.
• lift_finger_in_enroll: Controls whether the clock prompts users to lift their finger off of the scanner between each scan when they enroll for the first time. Set to yes or no.

See System Configuration.

To enable biometric verification for the clock in Dayforce:

1. Go to Site Setup > Clock Configuration.
2. In the Device Type drop-down list, select Dayforce Touch / Pro or Clock+.
3. In the second drop-down list, select Unified.
4. Select a clock configuration group.
5. Copy the following tag from the config file to the override config file, in the <system id="system"> section:
6. Copy

   <biometric mode="verify" threshold="2" enrollment="normal" verify_attempts="1" accept_on_hw_failure="no" lift_finger_in_enroll="yes">no</biometric>

6. Edit the attributes in the biometric tag, as needed.
7. Copy the following tag from the config file to the override config file, in the <validations id="validations"> section:
8. Copy

   <validation id="BiometricValidation" active="yes" order="22" supervisor="yes" />

9. If necessary, you can also edit the following attributes for the biometric validation:
   • To change the order in which the clock performs biometric verification in relation to the other validations it performs, change the number in the order attribute.
   • To exempt supervisors from biometric verification, specify supervisor="no".
8. (Dayforce Clock Pro only) Optionally, in the <functions> sections, you can specify which functions the clock still submits biometric failures for.
9. By default, these clock entries are rejected and aren’t sent to the server. However, when you specify submit_bio_failure="yes" for a function, the clock submits clock entries that fail biometric verification to the server so that managers can review them in timesheets.
10. For example, you can configure the clock so that when employees clock in to start their shift and fail biometric verification, the clock entry is still submitted to the server on the Dayforce Clock Pro. To configure this functionality, you can update the in tag so that it’s configured with submit_bio_failure="yes":
11. Copy

     <function id="in" key="F1" punchtype="Punch_In" rc="yes" icon="shift_start" camera="yes" submit_bio_failure="yes" bio_off="no" />

9. Optionally, in the <functions> sections, you can specify which functions require biometric verification and which don’t.
10. Set the bio_off tag to yes to bypass biometric verification for a function. By default, the bio_off tag is set to no for functions so that they require biometric verification.
10. Save your changes, and then validate and publish.