User Authentication to Endpoint Security Clients (OneCheck)

OneCheck OneCheck settings define how users authenticate to Endpoint Security client computers. User Settings define how users authenticate to Endpoint Security client computers.

OneCheck User Settings include:

How users authenticate to Endpoint Security.

If users can access Windows after they are authenticated to Endpoint Security or if they must also log on to Windows.

What happens when a user enters invalid authentication details.

A limit for how many times a user can access a computer.

If Remote Help Users can be denied access to their Full Disk Encryption-protected computers or Media Encryption & Port Protection-protected devices for many different reasons. Remote Help can help users in these types of situations. The user contacts the Help Desk or specified administrator and follows the recovery procedure. is permitted. This lets users get help from an administrator, for example if their computers become locked after too many failed authentication attempts.

When OneCheck Logon is enabled, a different logon window opens that looks almost the same as the regular Windows authentication window. The logon credentials are securely stored internally. These actions define if you enable OneCheck Logon:

To configure OneCheck Logon properties, go to the Policy view > Data Protection > General > Full Disk Encryption > Advanced Settings > Windows Authentication:

Enable lock screen authentication (OneCheck) - Users log on one time to authenticate to the operating system, Full Disk Encryption A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE., and other Endpoint Security components. To configure the password properties for the single sign-on, go to Policy > Data Protection > OneCheck > Password Constraints.
Enable Check Point Endpoint Security screen saver - The screen saver is active only after a Full Disk Encryption policy was installed on the client. After selecting the Check Point Endpoint Security screen saver option, enter the text that appears when the screen saver is active, and the number of minutes the client remains idle before the screen saver activates.
Only allow authorized Pre-boot users to log into the operating system - If selected, only users that have permission to authenticate to the Pre-boot Authentication before the Operating System loads. on that computer can log on to the operating system.

Use Pre-boot account credentials in OS lock screen - If selected, users authenticate in the regular Operating System login screen but with the credentials configured for Pre-boot.

Best Practice - Best practice is to only use this feature when there is no Active Directory available. For customers that use Active Directory, we recommend a combination of User Acquisition, OneCheck Logon, and Password Synchronization that will let users use the same credentials for Pre-boot and Windows login.