|SafeGuard Full Disk Encryption / SafeGuard Power-on Authentication (POA)|
SafeGuard Enterprise works with certificate-based logon. So users need keys and certificates to successfully log on at the SafeGuard Power-on Authentication. However, user-specific key and certificates are only created after a successful Windows logon. Only users who have successfully logged on to Windows can also be authenticated in the SafeGuard Power-on Authentication.
To clarify how a user logs on in SafeGuard Enterprise, a brief introduction follows. For a detailed description of the SafeGuard POA logon procedures, see the SafeGuard Enterprise user help.
When logging on for the first time, SafeGuard Enterprise autologon appears after starting the endpoint.
An autouser is logged on.
The client is automatically registered on the SafeGuard Enterprise Server.
The machine key is sent to the SafeGuard Enterprise Server and stored in the SafeGuard Enterprise Database.
Machine policies are sent to the endpoint.
The Windows logon dialog is displayed. The user logs on.
User ID and a hash of the user’s credentials are sent to the server.
User policies, certificates and keys are created and sent to the endpoint.
The SafeGuard POA is activated.
When the endpoint restarts, the SafeGuard POA appears.
Certificates and keys are available for the user and they can log on at the SafeGuard POA.
All the data is securely encrypted with the user's public RSA key.
Any other users who want to log on must first be imported to the SafeGuard POA.