Enable Single-Sign-On (SSO) on a system

Enabling SSO on a system allows the user to log on to the system with a single authentication process. It allows automatic logon to the operating system once the user authenticates through the Pre-Boot Authentication page.


  1. Click MenuSystemsSystem Tree, then select a group from the System Tree.
  2. Select the target system, then click ActionsAgentModify Policies on a Single System to open the Policy Assignment page.
  3. From the Product drop-down list, select Drive Encryption 7.2. The policy categories under Drive Encryption display the system's assigned policy.
  4. Select the Product Settings policy category, then click Edit Assignments to open the Product Settings page.
  5. If the policy is inherited, select Break inheritance and assign the policy and settings below next to Inherit from.
  6. From the Assigned Policy drop-down list, select the policy, then click Edit Policy to open the Policy Settings page.
    From this page, you can edit the selected policy or create a new policy.
  7. On the Log On tab, select Enable SSO under Windows.
  8. If required, select these options:
    • Must match user name — This option makes sure that the SSO details are captured only when the user’s Drive Encryption and Windows user name match. This should be used, where possible, to make sure that the Drive Encryption user who authenticated through pre-boot does not inadvertently capture SSO for a different user.
    • Using smart card PIN — This option allows the administrator to capture the smart card PIN for SSO.
    • Synchronize Drive Encryption password with Windows — When the user changes on the client, this option synchronizes the new password to the Drive Encryption user.
    • Allow user to cancel SSO — This option allows the user to cancel the SSO to Windows in the pre-boot stage only. When this option is enabled, an additional checkbox appears at the bottom of the Pre-Boot logon dialog box. This setting lasts for a single boot only.
  9. Click Save on the Policy Settings page, then click Save on the Product Settings page.
  10. Send an agent wake-up call.