Enhanced authentication - the .Unconfirmed Users group

Users who log on to SafeGuard Enterprise need to be authenticated against Active Directory before they have access to their key rings.
Note: If you use BitLocker managed by SafeGuard Enterprise you need to allow registration of new SGN users for Everybody:
  1. In the Policies navigation area, create a new policy of the type Specific Machine Settings or select an existing one.
  2. In the User Machine Assignment (UMA) section, go to the Allow registration of new SGN users for setting and select Everybody from the drop-down list.
  3. Go to Users and Computers and assign the policy to your user groups.

If users cannot be authenticated when they log on they will be moved to the .Unconfirmed Users group. This group is displayed in the global root node and in every domain or workgroup.

Possible reasons for which users cannot be authenticated when they log on are:
Note: Only Active Directory users can be authenticated. This requires that Active Directory is configured properly.

As long as users reside in the .Unconfirmed Users group they do not have access to their key rings.

If you click on an .Unconfirmed Users group, details of the users in the group are displayed in the Unconfirmed Users tab on the right-hand pane, for example, the reason why the user has been moved to this group.

The Client Status dialog on the users' endpoints displays unconfirmed user under SGN user state:.