Introduction to Master Admin Feature and Setup Guide
The Master Admin feature is designed to enhance device security by strengthening overall administrator privileges and preventing unauthorized access and configuration changes.
With this feature, you must register a Master Admin on the new device, and only registered Master Admins can access the administrator menu and change device settings.
The Master Admin feature is available only on Suprema products that support user interface via LCD screen.
-
This feature is an essential policy to enhance device security.
-
The Master Admin cannot be deleted directly, and they are deleted only through factory reset.
Setting Up the Master Admin
What is a Master Admin?
If you use the device without setting up a administrator, anyone can access the administrator menu and change device settings. The Master Admin feature addresses this security vulnerability by enforcing the setup of an overall administrator.
Supported Products for Master Admin
|
|
|
|
| BioStation 3 Firmware v1.4.0 or later | BioStation 2a Firmware v1.2.0 or later | BioLite N2 Firmware v1.7.0 or later | X-Station 2 Firmware v1.4.0 or later |
How to Enhance Administrator Security on New Devices or Existing Devices with Upgraded Firmware
New Devices
For new devices, registering a Master Admin is mandatory from the beginning. If you do not register a Master Admin, device usage will be restricted.
-
On new devices, the Master Admin registration screen appears upon initial boot. You cannot proceed to the next screen unless you register a Master Admin.
-
Even if you assign an overall device administrator via BioStar 2, you must register a Master Admin to use all device functions.
-
The new device cannot be downgraded to a lower version.
Registering Master Admin on a New Device
Registering Master Admin on a New Device
-
When you boot a new device for the first time, the Master Admin registration screen appears.
The image above is an example screen and may differ from the actual screen. -
To register a Master Admin, you must enroll at least two types of credentials. Select and enroll your preferred two credential types.
The image above is an example screen and may differ from the actual screen. Credentials that can be enrolled for Master Admin are as follows:
Credential Type Max Quantity Details Card Up to 4 Supports CSN and Wiegand type only
No duplicate enrollment within the same typeFace Up to 2 Available only on devices with the same algorithm Fingerprint Up to 2 - PIN 1 Minimum 8 digits Enrollment Conditions
-
At least two different types of credentials must be enrolled.
-
The same conditions apply to both new and firmware upgraded devices.
-
All credentials supported by the device can be used for authentication.
-
-
After enrolling at least two types of credentials, press the Complete button to finish Master Admin registration.
The image above is an example screen and may differ from the actual screen.
Managing Master Admin on a New Device
Managing Master Admin on a New Device
On new devices, you can modify Master Admin settings in the Settings → Device → Master Admin menu.
Upgraded Devices
Devices upgraded via firmware do not provide Master Admin settings, but you can enhance administrator security by enabling the Admin 2-step Authentication option.
-
The default value for Admin 2-step Authentication is single-step authentication.
-
Two-step authentication can be activated only if all registered administrators have at least two types of credentials.
-
The firmware upgrade device cannot be downgraded to a lower version after upgrading the firmware.
Setting Admin 2-step Authentication on Upgraded Devices
Setting Admin 2-step Authentication on Upgraded Devices
You can activate Admin 2-step Authentication in the Settings → Device → Admin 2-step Authentication menu.
- The Admin 2-step Authentication option appears only on devices upgraded to the latest firmware.
- If not all administrators have at least two types of credentials, activation will fail and an error message will appear.
Enroll at least two types of credentials for all administrators, and then try again.
- If you activate Admin 2-step Authentication and then delete credentials so that all administrators have fewer than two types, you will not be able to access the administrator menu if BioStar 2 connection is also unavailable. Therefore, exercise caution when deleting administrator credentials.
Additional Information
-
Manual Device Hash Key Change
- When manually changing the device hash key, a warning message will indicate that Master Admin PINs will be deleted. Please confirm the message before proceeding.
-
RS-485 Biometric Image Transmission Restriction
- Biometric credential images are not transmitted over RS-485 communication, so substitute images appear when viewing the registered Master Admin face on slave devices.