Before you begin
You will need 3-5 minutes free, your UNSW-managed Windows device, internet connectivity, your zID and password. 

Set up process

1. In your device search window, enter Sign-in options and click it. 
2. Select the available biometric you wish to set up and then click Get started. 
3. Follow the prompts.  After setting up facial and/or fingerprint, you will be prompted to set up a 6-digit PIN. 
   

If you cancel any screen before it completes, your biometric will not be configured. 
 

Tips:

• Remove any face coverings and ensure you are in a well-lit area to improve the accuracy of the sensor.
• Try not to move your finger too much between readings. The sensor is small and will only scan a fraction of your fingerprint at a time.  
• When setting up the PIN, ensure it is a minimum of 6-digits (numbers). 
   

Before you begin

You will need 3 to 5 minutes free, your UNSW-managed Mac device, internet connectivity, your zID and password.

Setup process

1. Look for the notification Registration Required. 
   You will receive a registration prompt on your Mac - hover over the notification and click Register.
2. Start the registration process. 
   A dialogue titled Platform Single Sign-on Registration will be displayed. Click Continue.
3. Authenticate your account.
   Choose Touch ID or your local Mac password to authenticate and follow the prompts.
4. Sign-in with your UNSW credentials.
   Enter your UNSW Microsoft Entra credentials (e.g. zID@ad.unsw.edu.au) and complete the sign-in process.
5. Enable Company Portal Passkeys.
   You will be prompted to enable AutoFill for Company Portal Passkeys. Click Open System Settings.
6. Configure AutoFill setttings.
   Navigate through System Settings, Passwords, AutoFill & Passwords till you reach Toggle ON, then enable:
   AutoFill from Passwords
   AutoFill from Company Portal
7. Confirm configuration.
   Once set up, you will receive a confirmation message. Click Close and exit System Settings.
8. Registration complete.
   You will see a final message confirming that your registration was successful. Click Close.

1. What are the risks to providing my biometric data?
   Biometric data — such as fingerprints and facial recognition templates — is considered personal information under the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act). Because biometric identifiers are unique to you and tied to your body, they carry specific privacy risks. Unlike a password, your biometric data cannot be changed if compromised. A breach of this kind of information could have long-term consequences, such as identity theft or unauthorised surveillance.
   
   The WHFB system is designed with strong security protections. When you enrol, your biometric data is securely stored locally on your UNSW-issued device and is never transmitted to UNSW or Microsoft. The data is protected by hardware-based security using a Trusted Platform Module (TPM), which includes encryption, isolation, and tamper-resistant mechanisms. Any attempt to physically access the biometric data on the chip will render it inaccessible, making it extremely challenging for attackers to compromise.
   
   While no system is completely immune to compromise, these safeguards significantly reduce the likelihood of unauthorised access. Even so, by enrolling, you should understand the nature of the data being collected, how it will be used, and that your participation in the trial is voluntary. UNSW adheres to strict privacy obligations under the PPIP Act and follows our internal Privacy Management Plan to minimise risks and ensure informed consent. If you have concerns or prefer not to use biometrics, an alternative login method is available.
   
2. Can I check which biometric options are available on my device?
   Yes. On your device, in the search window, enter Sign-in options to see available biometric options. 
   
3. Is it mandatory to set up a PIN?
   Yes. Your PIN is used should either fingerprint or facial recognition methods fail. 
   
4. Can I set up multiple biometric methods on one device?
   Yes. Windows Hello for Business allows multiple biometric (fingerprint, facial) methods, provided your device has the capability.  
5. Do I still need to remember my zID passphrase/password?
   Yes. Your zID password is required when logging into shared devices, devices that are not UNSW-managed or where you have not set up Windows Hello for Business
6. What can I use if my biometrics fail to recognise me?
   If either your facial or fingerprint biometrics fail, you will be prompted to enter your 6-character PIN. You can select other methods also, such as using your zID password.  
7. How can I reset my PIN if I forget it?
   There are two ways to reset your PIN if you have forgotten it. You will need internet connection for both these methods.
   
   A) Reset PIN from Setting
   1. Sign-in to your device using your zID password and in the search window enter Sign-in options.
   2. Select PIN (Windows Hello) and then I forgot my PIN and follow the instructions.
   
   B) Reset PIN from the lock screen
   1. On your lock screen, click the Sign-in options link, and select the PIN pad icon.
   2. Select I forgot my PIN.
   3. Select an authentication option from the list presented.
   4. Follow the instructions provided. When finished, unlock your desktop using your newly created PIN.
   
   
8. Does facial recognition work if I'm wearing glasses or a hat?
   Yes. It will usually work, however when setting it up please do not wear a facial mask and ensure that you have sufficient lighting for the sensor.  
   
9. Can I set-up Passwordless on my Apple Mac device(s)?
   Passwordless is currently only available for UNSW-managed Windows devices. While Mac devices support various forms of authentication like Touch ID, Face ID, and Apple’s own passwordless options (via iCloud Keychain or Apple ID), they do not directly integrate with Windows Hello for Business.
   
10. Can I set up Passwordless on my personal device(s) or my phone?
    No. This capability is limited to UNSW-managed Windows devices only. 
    
11. Can I set up Passwordless on a UNSW shared device?
    No.  Windows Hello For Business is limited to UNSW-managed Windows devices and will not be applicable to shared devices, e.g. in laboratories or the library.
    
12. Does the PIN/Biometrics work with the Incognito or InPrivate window?
    Yes. When accessing UNSW applications like SharePoint in Chromes’ Incognito or Edges’ InPrivate window, you will be prompted to sign in. In this case you can continue to use your zID password or select Sign-in options where you can select your preferred method (PIN, Fingerprint, Facial).
    
13. How many user profiles can enrol for Windows Hello for Business on a single Windows device?
    The maximum number of supported enrolments on a single device is 10. This lets 10 users each enrol their face and up to 10 fingerprints.
14. Where is Passwordless biometrics data stored?
    When you set up Windows Hello for Business, a representation of your biometrics, called an enrolment profile, is created. The enrolment profile biometrics data;
    - is device specific,
    - is stored locally on the device in an encrypted format,
    - does not leave the device,
    - doesn't roam,
    - never leaves the module, and is
    - never sent to Microsoft cloud or external server.
    
15. Why is a PIN or biometric gesture better than an online password?
    A PIN or biometric gesture is local to a device. One important difference between a zID password and a biometric/PIN is that the biometric/PIN is tied to the specific device on which it is set up. While someone who obtains your zID password can sign in to your account from anywhere, they can’t do so if they obtain your PIN because it is tied to the device. The PIN can't be used anywhere except on that specific device.
    
16. What happens to my biometric if my device is stolen? Is it safe?
    Contact the UNSW IT Service Centre and report your stolen device immediately. If your device is stolen, your biometric data, such as fingerprints or facial recognition, remain secure. Modern devices store biometric data in a secure enclave, which is a separate and isolated part of the device hardware.
    
17. Can I wipe biometric data from my device? 
    Yes. To wipe biometric data from your device, run a command in Command Prompt:
    1. On your keyboard, press windows and R keys. 
    2. In the Run window, type cmd and press Enter.
    3. In the command prompt window, type the following: certutil.exe -DeleteHelloContainer and press Enter                 
    4. In the same Command Prompt window, type: logoff.exe and press Enter.
    This will sign you out and complete the deletion process.
    
18. Will Passwordless cause issues for mapping a Network Drive?
    No. When setting up the Network Drive mapping for first time, login first using your password and complete the mapping. Once the mapping setup is complete, access the Network Drive without issues.

1. What is Platform Single Sign-On (PSSO)?
   Platform Single Sign-On is a macOS feature that securely connects your Mac login to your UNSW Microsoft zID account. Once connected, you can access UNSW services using the following options without repeated sign-ins:
   a) TouchID (recommended) or,
   b) Your zID password 
2. Why is UNSW implementing PSSO?
   PSSO supports UNSW’s move toward a passwordless and more secure digital environment by reducing password fatigue, streamlining access to UNSW systems, and improving security through modern authentication.
3. What credentials should I use to sign in?
   When prompted, you must enter your UNSW zID and password in the format: zID@ad.unsw.edu.au
4. How do I know if registration was successful?
   If you're uncertain whether your Mac is properly registered for Platform SSO or if an issue occurred during setup, follow these steps to verify and repair the configuration.
   a) Open Users & Groups. Go to System Settings > Users & Groups. Click the (i) icon next to your user account.
   b) Check Platform SSO Status. Scroll down to the Platform Single Sign-on section and ensure the following:
       Registration: Should say Registered
       Tokens: Should say SSO tokens present
   If either is missing or incorrect, proceed to step c).
   c) Repair Registration.  If registration failed, click the Repair button and follow the prompt to re-register your Mac.
5. Will my UNSW password still be required?
   Yes. Your UNSW password is still required for initial registration and in some instances where TouchID fails (fallback login).
6. Why do I keep seeing the PSSO registration pop-up? Can I disable it?
   You are seeing this notification because your Mac has not yet been registered for Platform Single Sign-On (PSSO). The registration pop-up cannot be permanently disabled. It will continue to appear until registration is completed. If you are unsure how to register, please follow set-up steps or contact the IT Service Centre for assistance.
7. Why am I being asked to save my UNSW credentials on my Mac?
   As part of the Mac PSSO rollout, printing to Follow-Me and certain queues require authentication. Saving your UNSW zID credentials in the macOS Keychain allows your Mac to automatically authenticate to print servers without repeated prompts.
8. Is it safe to store my UNSW password in Keychain?
   Yes. macOS Keychain is Apple’s secure credential vault that uses hardware-backed encryption and access controls. Credentials are encrypted at rest and only accessible by authorised system services.
9. How do I save my credentials to Keychain?
   a) Print a document.
   b) Open the Print job in the Dock
   c) Click the padlock icon on the right.
   d) Enter your zID and password.
   e) Tick Remember this password in my keychain, then click OK. You will only need to do this once.
   f) Mac will reuse these credentials automatically when printing.
10. Will saving my credentials to Keychain affect Follow-Me Printing?
    No. You can still release jobs at any Follow-Me printer. This change only ensures your job reaches the queue successfully.
11. Does this mean I no longer have to remember my password?
    No, you still need to remember your zID password, but you will use it far less often. PSSO reduces how often you must enter your password.
12. When will I still need to use my zID password?
    You may still be asked for your zID password in certain situations, such as:
    a) Initial PSSO registration
    b) Signing in on a new device
    c) Security verification
    d) Password changes or account recovery
    e) Signing in to services that are not yet enabled for UNSW Single Sign-On (SSO)
13. I am unable to start the registration process as per the user guide and get the following error message: This device is enrolled with another device management provider.
    You should not be signed into the Company Portal app. Please sign out and have it forget your identity.
    a) Log out of your Mac and back in.
    b) When you see the Registration Required notification, click on it to start the registration process and follow the set up guidance.