Skip to main content

Master Admin Setup Guide

Caution

Master Admin feature is available only on CE products that support a user interface through the LCD screen.

The Master Admin feature is designed to enhance overall administrator privileges, improve device security, and prevent unauthorized access and setting changes.
This feature applies only to CE products for the EU region, and Master Administrator enrollment is required on CE products. Only the enrolled master administrator can access the administrator menu and change device settings.

Info
  • This feature is a required policy introduced to enhance security for CE products in the EU region, and it is not supported on Global (Non-CE) products.

  • The Master Admin cannot be deleted directly, and they are deleted only through factory reset.

Master administrator support policy CE products vs Global (Non-CE) products

The Master Admin feature is activated only on CE products with a label that has the CE mark.

Use the sticker on the back label to identify CE products and Global (Non-CE) products. The feature works differently as follows.

  • CE products: CE mark present

  • Global (Non-CE) products: CE mark absent

CategoryCE productsGlobal (Non-CE) products
Master AdminEnabled (cannot be disabled)Not supported
Admin 2-step AuthenticationRequiredNot supported
Minimum PIN lengthAt least 8 digitsAt least 4 digits

When connected to BioStar X (or BioStar 2), the Master Admin setting changes based on device support, and the enablement of the Admin 2-step Authentication menu syncs automatically.

Supported Products for Master Admin

BioStation 3 Max CE products
Firmware v1.0.0 or later
BioStation 3 CE products
Firmware v1.4.0 or later
BioStation 2a CE products
Firmware v1.2.0 or later
BioLite N2 CE products
Firmware v1.7.0 or later
X-Station 2 CE products
Firmware v1.4.0 or later

Behavior Logic During Firmware Upgrade

When you upgrade the firmware of an existing device, support for Master Admin and Admin 2-step Authentication can vary based on the combination of the version before upgrade and the target version.

For version-specific support details, contact Suprema Technical Support at CS@suprema.co.kr.

New Device CE products

On a new device for CE products, you must enroll Master Admin from the start. If you do not enroll it, device use is restricted.

Info
  • At first boot, the Master Admin enrollment screen appears. If you do not complete enrollment, you cannot move to the next screen.

  • Even if you connect to BioStar X (or BioStar 2) and assign an overall administrator for the device, you must enroll Master Admin directly on the device to use all features.

  • New devices cannot perform firmware downgrades.

Register the master admin

  1. When the new device boots for the first time, the Master Admin enrollment screen appears.

    The image above is an example screen and may differ from the actual screen.
  2. According to EU security policy, the Master Administrator must enroll credentials of at least two types. Select and enroll two desired credentials.

    The image above is an example screen and may differ from the actual screen.

    The credentials that can be enrolled as Master Admin are as follows:

    Credential typeMaximum enrollmentsDetails
    CardUp to 4Supports CSN and Wiegand types only
    No duplicate enrollment within the same type
    FaceUp to 2Available only on devices with the same algorithm
    FingerprintUp to 2-
    PIN1At least 8 digits (CE regulation applies)

    Enrollment conditions

    • You must enroll at least two types of credentials.

    • All credentials supported by the device can be used as authentication means.

  3. After enrolling two or more types of credentials, press the Complete button to complete Master Admin enrollment.

    The image above is an example screen and may differ from the actual screen.

Edit and Manage the Master Admin

You can change the enrolled information or manage credentials in SettingsDeviceMaster Admin.

The image above is an example screen and may differ from the actual screen.
The image above is an example screen and may differ from the actual screen.

Firmware-Upgraded Device CE products

A CE product that has been upgraded from firmware does not provide Master Admin settings, but you can use the Admin 2-step Authentication option to enhance overall administrator privileges and improve device security.

Set Admin 2-step Authentication

Info
  • Admin 2-step Authentication can be activated only if all enrolled administrators have at least two types of credentials.

    • PIN cannot be used as a standalone credential, so the ID + PIN combination is not supported.
  • The firmware upgrade device cannot be downgraded to a lower version after upgrading the firmware.

  • You can activate Admin 2-step Authentication in the SettingsDeviceAdmin 2-step Authentication menu.

  • The Admin 2-step Authentication option appears only when you upgrade firmware to the latest version on an existing device.

The image above is an example screen and may differ from the actual screen.
Info
  • If not all administrators have at least two types of credentials, activation will fail and an error message will appear.
    Enroll two types of credentials for all administrators and try again.

    • PIN cannot be used as a standalone credential, so the ID + PIN combination is not supported.
The image above is an example screen and may differ from the actual screen.
Warning
  • If you enable Admin 2-step Authentication and delete all administrators' credentials to fewer than two types, you cannot access the administrator menu when you cannot connect to BioStar X (or BioStar 2). Therefore, exercise caution when deleting administrator credentials.

Additional Information

  • When enrolling PIN through BioStar software

    Global (Non-CE) products that do not support the master administrator can enroll a PIN of at least 4 digits directly on the device. However, when enrolling users through BioStar X (or BioStar 2), the following versions require a PIN with at least 8 digits.

    • BioStar 2 v2.9.11 or later

    • BioStar X v1.0.0 to v1.0.2

    Users enrolled with a 4-digit PIN in the versions above cannot be assigned as device administrators.

  • Manual Device Hash Key Change

    When manually changing the device hash key, a warning message will indicate that Master Admin PINs will be deleted. Please confirm the message before proceeding.

  • RS-485 Biometric Image Transmission Restriction

    Biometric credential images are not transmitted over RS-485 communication, so substitute images appear when viewing the registered Master Admin face on slave devices.

Frequently asked questions

Q.What happens if a Master Administrator is not enrolled? (CE products)
A new CE product without an enrolled Master Administrator cannot authenticate or change settings. However, connect the device to BioStar to enroll a Master Administrator.
Q.Is Master Administrator setting supported after firmware upgrade on an existing device? (CE products)
Master Administrator is supported only on CE products with a CE-marked label.
Use the label sticker on the back of the product to identify CE products and Global (Non-CE) products. For details, see Master Administrator support policy.
Q.Can a Master Administrator be enrolled on a slave device? (CE products)
Yes. You can register a Master Administrator on a slave device.
Was this page helpful?