Single Sign-On (SSO) is a feature in the Managed version of DESlock+ (DESlock+ client managed by an Enterprise Server) that allows the FDE pre-boot login to login directly into Windows.
Coupled with the DESlock+ auto-login feature, this can allow a single password to authenticate through:
- The DESlock+ pre-boot loader
- Windows login
- DESlock+ Key-File login
Single Sign-On can be configured via the Enterprise Server either when initiating Full Disk Encryption, adding an FDE login or by later modifying an FDE login.
To use Single Sign-On, the workstation must be joined to a Windows domain. However the actual account used can either be a domain account or a local machine account.
Initiating Full Disk Encryption
To configure Single Sign-On when initiating Full Disk Encryption, simply click the Single Sign-On check box on the user FDE login page of the Start FDE Wizard. Please note this will disable the password options as these are not valid for a Single Sign-On login type as the password outside of the Enterprise Server.
When the DESlock+ client receives the request to enable Sign Sign-On they will be presented with a dialog to confirm their Windows login password. They must enter their normal windows password and click Verify. If this is successful, click OK to configure the login to use Single Sign-On.
For a full step by step guide, please see our article below:
KB101 - How to encrypt a hard drive using a managed version of DESlock+?
Adding a new FDE login
To configure Single Sign-On when adding a new FDE login, check the Single Sign-On option. This will limit the user selection on the following page of the wizard to only users who are activated on the workstation.
For a full step by step guide, please see our article below:
KB345 - How do I add an additional FDE login?
Changing an existing FDE login
To enable, or disable, Single Sign-On for an existing FDE login, check the relevant option on the Change FDE login interface and post the command to the client. Please note that the password options will be disabled when choosing Single Sign-On because the password will not be managed by the Enterprise Server.
For a full step by step guide, please see our article below:
KB380 - How do I remove Single Sign-On? (SSO)
Related Articles:
KB221 - Why does Single Sign-On (SSO) not log me in to Windows
KB207 - What happens when the network password is changed for a user with an SSO FDE login?
KB396 - Single Sign-On (SSO) Access Denied after Windows 10 upgrade
keywords: what SSO single sign-on sign network password access denied
Add a comment
Please log in or register to submit a comment.