'Sign in' options not showing when logging in as Sophos Safeguard user Windows 10

Hi,

I have a problem where we are changing our VPN client over to Forticlient VPN, but when we go to log into Windows 10 as the Sophos Safeguard user (with the cog), the 'sign in' options underneath the user for the vpn is not showing. We are using Sophos Safeguard 8.

We could log in as the Windows user and use the sign in options, but then every time the user will be asked to enter their credentials for Sophos so it can create them a personal certificate and this would get onerous for the users to have to do that upon every login.

Is there a way around this please? I did read than you can hide the Windows users in group policy, but we would still be missing the 'sign in options'.

Picture below shows logging in as a windows user and the 'sign in' options showing.

       

Picture below shows the Sophos Safeguard login without the option for 'sign in'.

 

Any ideas for enabling this for the Sophos user login please?

Thanks for any replies.

  • Hi  

    Ideally, you should be able to log in to the machine once you enter the username and password and choose the domain in the last image and click on the --> mentioned in the password bar.

    Would you please suggest what happens if you do the above-mentioned steps?

  • In reply to Jasmin:

    Hi Jasmin, 

     

    That is correct and that does work, but I need to be able to make the 'sign in' options appear underneath the Sophos user account (as seen in first picture) so I can then set the options to VPN in, currently they are not available (3rd picture) If I just log in as the Sophos account, then I would need to go through different steps which isn't ideal. I need to be able to VPN in before log in so things like the mapped drives work straight away.

    Obviously in the current situation, working from home will be a priority so we are trying to get this resolved ASAP. 

     

    Thanks. Mark.

  • In reply to Mark Hannon:

    Hi Mark - Sorry I penned a reply earlier but forgot to send it!

     

    What you're referring to here is Credential Providers. Windows has its own (Windows Hello/standard login/PIN) but there's also alternatives like a Smart Card and Biometric, and Sophos SafeGuard (the cog login).

    Sadly these other providers need to be compatible with the SafeGuard Credential Provider and certainly in the terms of biometrics - very few are. It would appear that your VPN in this case doesn't seem to be compatible with the Sophos SafeGuard credential provider either.  Cached creds may help here, once logged on with the cached creds (works better if you don't have a changing password policy) then the VPN client can kick in as normal. Not ideal though if you have mapped drives that map on user login...

    Worth raising this though with Sophos - Is my Fortinet VPN client compatible with SafeGuard Credential Provider?

    Sorry I can't help much further, but please do update me/us on this!

  • In reply to Mark Hannon:

    Hi  

    We have observed this type of issue on the machines with omnipass filter for the credential provider which comes with few hardware vendors like Lenovo. I'd request you refer to this article.

    If that doesn't help, please refer to this article as well and check whether the credential provider is enabled.