This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows logon and Pin

Hi all,

Im running Safguard 6.1 server and enabled encryption and eToken.

Now I would enable such a combination of logon:

at the POA eToken PIN and later at Windows logon the windows domain logoon. 

Which sittigs should be enabled in the authentification policy?

Currently i have this:

Logon mode eToken

logon options no ccyptographic

Pass trough to windows disabled pass-trought to windows

This works but after the logon to windows i see the popup from Safguard : please enter the pin for eToken

How i can disable this popup

Hope you can help me with this

Thanks all!

:48898


This thread was automatically locked due to age.
  • Hi Homer,

    sounds like the SafeGuard Enterprise Client with POA was setup correctly and eToken login is already working. A side note on your policy configuration:

    - "Logon mode eToken" > OK

    - "logon options no ccyptographic" > OK, the token stores your username and password and you unlock the information with your PIN.

    - "Pass through to windows disabled pass-trought to windows" > You should have this option enabled so that after logging on to POA with your eToken, you will be brought straight to your desktop without having to authenticate again. This will also remove the need to re-enter the Token PIN.

    If you want to have this option disabled, make sure to use the SafeGuard Credential Provider tile (the green white tile that represents a safe-dial) to logon to Windows. This will log you on to SafeGuard Enterprise and there will be no additional pop-up after logging on.

    Regards,

    ChrisD

    :48920
  • Hi Chris,

    thank you very much for you response.

    But i want to logon to the windows with windows domain account, because theey are some windows GPO policies linkes on it which we have to enforce.

    We have some policy we have to enforce, like a two factory authentification and harddisk encryption.

    So  i use etoken for 2 factory authetification at POA and  would like to use the windows domain login for windows itself to enforce all policies we have enable with the gpo.

    SO the config i have is pretty that i want but only this popup windows after the windows logon is what I want to diasable.

    Any Idea how to do that?

    with your suggestion i do not have an windows daomain login

    :48922
  • Hey Homer,

    which account did you put to the eToken?

    From my personal experience with non-cryptographic smartcard/token base logins, I would assume that the account that you want to put on the eToken (and therefore use to authenticate to POA) is the same account that sould be used for your domain login.

    So you login to POA with your eToken (which holds your domain account) and the POA then performs Single-Sign-On to Windows Desktop for your Domain User account.

    Let me know if that helps or if you have further questions.

    Cheers,

    ChrisD

    :48930
  • Hi ChrisD,

    that is the point I dow not want the single sign on to windows desktop. The user should enter his windows login at this point.

    The best way for is to logon in combination with windows logon and eToken as 2 Factory Authentification. 

    What i know is my account and account passowrd and what I have is the token.

    But this way is safaguard do not working as know.

    So i have to use the pin for the POA authtification and in a secons step i have to use the windowwslogin account to login to windows desktop. This way is working know but a safguard  popup is allways appearing after logon to desktop. And that is what I want to disable, this popup windows. How can i do that?

    PS. I put my windows domain account on eToken,  if you mean with "put on eToken" The account eToken applying process within safguard

    Hope you can help me with this

    Thanks

    :48944