Single Sign-On With OneCheck Logon

OneCheck OneCheck settings define how users authenticate to Endpoint Security client computers. Logon is a Single Sign-On solution that let users log at one time to authenticate to all these :

• Full Disk Encryption A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE.

• DLP

• Windows

• VPN

When OneCheck Logon is enabled, a different logon window opens that looks almost the same as the regular Windows authentication window. The logon credentials are securely stored internally.

These actions define if you enable OneCheck Logon:

Action	Description
Enable lock screen authentication (OneCheck) Enable OneCheck Identity Single Sign On for OS	Users log on one time to authenticate to the operating system, Full Disk Encryption, and other Endpoint Security components.
Use native sign on for OS	Use the native OS logon mechanism. You can enable Single-Sign On (not OneCheck) in OneCheck User Settings to have one log on that applies to the OS and Full Disk Encryption.

Double-click an action to edit the Properties.

To configure OneCheck Logon properties:

1. Select Enable lock screen authentication (OneCheck).

2. Optional: Configure the Check Point Endpoint Security screensaver.

   • The screensaver is active only after a Full Disk Encryption policy has been installed on the client.

   • After selecting the Check Point Endpoint Security screensaver option, enter the:

     • Text that shows when the screensaver is active.

     • Number of minutes the client remains idle before the screensaver activates.

3. Optional: Select Require that only an authorized Pre-boot user is allowed to log into Windows. If selected, only users that have permission to authenticate to the Pre-boot Authentication before the Operating System loads. on that computer can log on to the operating system.

4. Optional: Select Use Pre-boot account credentials in OS lock screen. If selected, users authenticate in the regular Operating System login screen but with the credentials configured for Pre-boot.

   Best practice is to only use this feature when there is no Active Directory available. For customers that use Active Directory, we recommend a combination of User Acquisition, OneCheck Logon, and Password Synchronization that will let users use the same credentials for Pre-boot and Windows login.