Currently using Safeguard and Safenet tokens. Have established policies that require token at login, however after logging into windows users is able to remove token, lock the screen and log back into windows without the need for the token. Is there a way to stop that? kind of defeats the purpose of our MFA solution if the token is not needed anymore.
Hi nf
Please login to Safeguard Management Console | Policies | Authentication and share the screenshot of configuration under Token options and Lock Options. Please refer to the screenshot below.
Haridoss Sreenivasan
Technical Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
I am actually seeing a similar issue here.
I had to create some new policy's for machines with skylake processors since the tokens no longer work at POA which is a whole separate annoying issue on its own that needs fixed. The issue is when I did that we had to allow username/password at POA but now I am unable to make the safenet software FORCE token login at the windows cont-alt-delete screen users are able to log in without a token. All the Group policy options for the token software are the same just inheriting to a new sub ou. For the life of me I am unable to figure it out.
I have a question then does this option also control windows logon even though the description only says POA?
