Single Sign-On with OneCheck Logon

OneCheckClosed OneCheck settings define how users authenticate to Endpoint Security client computers. Logon is a Single Sign-On solution that let users log at one time to authenticate to all these :

When OneCheck Logon is enabled, a different logon window opens that looks almost the same as the regular Windows authentication window. The logon credentials are securely stored internally. These actions define if you enable OneCheck Logon:

  • To configure OneCheck Logon properties, go to Advanced Settings > Windows Authentication:

    • Enable lock screen authentication (OneCheck) - Users log on one time to authenticate to the operating system, Full Disk Encryption, and other Endpoint Security components. To configure the password properties for the single sign-on, go to Policy > Global Policy SettingsFull Disk Encryption.

    • Enable Check Point Endpoint Security screen saver - The screen saver is active only after a Full Disk Encryption policy has been installed on the client. After selecting the Check PointEndpoint Security screen saver option, enter the text that appears when the screen saver is active, and the number of minutes the client remains idle before the screen saver activates.

    • Only allow authorized Pre-boot users to log into the operating system - If selected, only users that have permission to authenticate to the Pre-bootClosed Authentication before the Operating System loads. on that computer can log on to the operating system.

    • Use Pre-boot account credentials in OS lock screen - If selected, users authenticate in the regular Operating System login screen but with the credentials configured for Pre-boot.

      Best Practice - Best practice is to only use this feature when there is no Active Directory available. For customers that use Active Directory, we recommend a combination of User Acquisition, OneCheck Logon, and Password Synchronization that will let users use the same credentials for Pre-boot and Windows login.