A context-aware biometric access control policy is provided. A request to access a protected resource received from a client device is identified. A resource hierarchy associates each of a plurality of protected resources with one or more respective confidence levels of authentication. A confidence level that is associated with the protected resource is identified based on the resource hierarchy. Instructions to capture a biometric token via the client device are generated based on a set of one or more confidence level parameters that is associated with the identified confidence level. The generated instructions are sent to the client device. A biometric token received from the client device is determined to authenticate the user of the client device and, in response, the request to access the protected resource is approved.