[KB7141] Using Single Sign-On (SSO) in ESET Endpoint Encryption

Solution

ESET Endpoint Encryption (EEE) Client and EEE Server are separate products from ESET Full Disk Encryption (EFDE)

The article below applies only to the EEE Client or EEE Server and not EFDE.

Visit What's new in ESET Full Disk Encryption to view EFDE content.

Single Sign-On (SSO) is a feature in the managed version of ESET Endpoint Encryption. SSO allows the Full Disk Encryption (FDE) pre-start login to log the user directly into their Windows profile. 

SSO can be configured from the EEE Server when initiating FDE, adding an FDE login or modifying an FDE login.

The workstation must be joined to a Windows domain to use SSO. However, the actual account used can either be a domain account or a local machine account.

Initiate Full Disk Encryption

To configure SSO when initiating FDE, select the Single Sign-On check box on the user FDE login page of the Start FDE Wizard. Note this will disable the other password options. They cannot be used for an SSO login type as the password is outside of the EEE Server.

Figure 1-1

When the EEE client machine receives the request to enable SSO, a notification will be displayed to confirm the user Windows login password. Type the Windows password and click Verify. If the verification is successful, click OK to configure the login to use SSO.

Figure 1-2

Visit our Knowledgebase article for complete instructions to Encrypt a hard drive using ESET Endpoint Encryption Server.


Add a new FDE login

To configure SSO when adding a new FDE login, select the Single Sign-On option. The Single Sign-On option will limit the user selection on the next screen in the wizard to only users who are activated on the workstation. Visit our Knowledgebase article for complete instructions to Add an additional FDE login.

Figure 2-1


Changing an existing FDE login

To enable or disable SSO for an existing FDE login, select the relevant option on the Change FDE login interface and post the command to the client. Please note that the password options will be disabled when choosing SSO because the password will not be managed by the EEE Server. Visit our Knowledgebase article for complete instructions to Remove Single Sign-on.

Figure 3-1