Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
This article lists the supported middleware, smart cards, USB tokens, and smart card readers in SafeGuard Enterprise 8.20.
The following sections are covered:
Applies to the following Sophos products and versions SafeGuard File Encryption 8.2SafeGuard Management Center 8.2SafeGuard Synchronized Encryption 8.2SafeGuard Data Exchange 8.2SafeGuard Cloud Storage 8.2
On systems which are encrypted using BitLocker, there is no SmartCard/Token login support at pre-boot level. Two-factor authentication is only possible at the Operating System level (SafeGuard Credential Provider).
The following table shows the supported smart cards on the SafeGuard Credential Provider.
NOTE: If a smart card or token is not listed here, it has not been tested by QA and is therefore not supported. However, a smart card/token that is not listed here may work if it is supported in previous versions of the product or works with one of the supported middleware.
*You must configure the PKCS#11 module using the custom PKCS#11 option in a specific machine settings policy. The required value for PKCS#11 Module for Windows is Idprimepkcs11.dll (Gemalto MW installed) or eTPKCS11.dll (SafeNet MW installed)
**SafeNet token/smart cards are not supported if they are issued in FIPS initialized mode.
The following table shows the supported USB tokens on the SafeGuard Credential Provider.
NOTE: The use of smart cards/tokens for authentication at OS level requires the installation of an additional middleware application (see the Middleware column in the table above).
MD3810 MD830 MD840
5.0 4.4 4.3b
*SafeNet smart cards/tokens are not supported if they are issued in FIPS initialized mode.
The following table shows the smart card readers that were tested with the SafeGuard Credential Provider.
USB-CCID readers are supported on USB 1.x, USB 2.0, and standard USB 3.0 ports, which are backward compatible.
NOTE: If more than one smart card reader is present on a client, it is recommended to disable the ones that are not used to avoid issues. For internal readers, it may be necessary to disable them in the BIOS.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.