OneCheck Logon

OneCheck Logon is a Single Sign-On solution that let users log on one time to authenticate to:

Full Disk Encryption
DLP
Windows
VPN

When OneCheck Logon is enabled, a different logon window opens that looks almost the same as the regular Windows authentication window. The logon credentials are securely stored internally.

These actions define if you enable OneCheck Logon:

Action	Description
Enable lock screen authentication (OneCheck) Enable OneCheck Identity Single Sign On for OS	Users log on one time to authenticate to the operating system, Full Disk Encryption, and other Endpoint Security components.
Use native sign on for OS	Use the native OS logon mechanism. You can enable Single-Sign On (not OneCheck) in OneCheck User Settings to have one log on that applies to the OS and Full Disk Encryption.

Action

Description

Enable lock screen authentication (OneCheck)

Enable OneCheck Identity Single Sign On for OS

Users log on one time to authenticate to the operating system, Full Disk Encryption, and other Endpoint Security components.

Use native sign on for OS

Use the native OS logon mechanism. You can enable Single-Sign On (not OneCheck) in OneCheck User Settings to have one log on that applies to the OS and Full Disk Encryption.

Double-click an action to edit the Properties.

To configure OneCheck Logon properties:

Select Enable lock screen authentication (OneCheck).
Optional: Configure the Check Point Endpoint Security screensaver.
- The screensaver is active only after a Full Disk Encryption policy has been installed on the client.
- After selecting the Check Point Endpoint Security screensaver option, enter the:
  - Text that shows when the screensaver is active.
  - Number of minutes the client remains idle before the screensaver activates.
Optional: Select Require that only an authorized Pre-boot user is allowed to log into Windows. If selected, only users that have permission to authenticate to the Pre-boot on that computer can log on to the operating system.
Optional: Select Use Pre-boot account credentials in OS lock screen. If selected, users authenticate in the regular Operating System login screen but with the credentials configured for Pre-boot.
Best practice is to only use this feature when there is no Active Directory available. For customers that use Active Directory, we recommend a combination of User Acquisition, OneCheck Logon, and Password Synchronization that will let users use the same credentials for Pre-boot and Windows login.