We currently use Forticlient for our users to connect to our network via VPN, there is a setting on our Forticlient software to Auto Connect on sign in, this option is only allowed on the icon without the cog.
When trying to login using the cog user, that option isn't there, is there a setting somewhere?
Thanks and kind regards,
I'm afraid it's probably not compatible with the SafeGuard Credential Provider (the cog) and not too many products are sadly. This article may help further?
Sorry, forgot to ask is there an easy way to enable SafeGuard Credential Provider with installations that are out there?
Tried this but no joy...
I'm not sure what you're trying to do sorry? Fortinet isn't compatible with SafeGuard as far as I understand, so the users will need to log in with the Sophos cog (Credential provider) and then authenticate to other systems/VPN once logged in?
All standard installs will have the Sophos Credential Provider already installed - it's not an optional extra?
I didn't realise that it is installed as default with standard installs. So if it isn't compatible does that mean we can't use the "Sign-in" options for SafeGuard so we can connect VPN on sign in? Because looking at support.sophos.com/.../KB-000033955
Do you have a cog/Sophos CP at the welcome screen like this?
If you do then that article isn't relevant. That's to fix a fault it the credential provider has not installed, not a workaround to make it work with a VPN/other cred providers sadly. Yes, I'm afraid it's unlikely you can use that - users will need to sign in and then authenticate to the VPN. You could use Sign-in options potentially to auth with your VPN but then you would HAVE to auth with SafeGuard instead when you did log in! I didn't look too hard into this as we at the time didn't have an AO VPN - but either way it wasn't going to be transparent and seamless!
Yes we have the cog, but just wanted the "Sign in" options so we can connect the VPN on Sign in like Image 2 in the link you provided.
As long as we no it's not compatible then I don't need to investigate further.
SafeGuard needs to authenticate so it knows who you are for policies/management. It would be fantastic if it was done just the once and passed onto other systems, but sadly the range of other credential providers it works with are slim. Now a defined EOL has been given too - I'm doubtful that any new dev will go into the product. We advise our users to just use the Sophos cog (in terms they'd appreciate) and then log into the VPN once they're in Windows. In actual fact it's just a little more long winded but still works well.
Thanks, the reason we wanted automatic sign in for our VPN was for remoted users so GPO get applied i.e. Wallpapers etc
GPO's will still apply once they're logged in - just not so instantly. You could always add a scheduled task to poll for GPO changes more frequently? I'm afraid to say though - you're heading into the MDM territory more and more, exactly as we found ourselves too. We now use Intune/Autopilot for this (and other) reasons. We don't have file encryption as such, but we weren't using it anyway. Our MDM managed workstations (laptops AND PC's) look and feel like an on-premise device - despite not ever being on the home network. I appreciate this isn't helpful when you want to get SSG to work, but it's a great product for fixed estate. It's always been a bit more challenging for roaming devices. Feel free to PM me directly if you wish with more detail on what we've done. Cheers
Many thanks for your help on this, it's much appreciated. We are also looking into Intune too, so fingers crossed. Thanks again.