|SafeGuard Full Disk Encryption / SafeGuard Power-on Authentication (POA)|
There are various types of user in SafeGuard Enterprise. For more information on how the default behavior of these user types can be changed, see Policy types and their fields of applications.
Owner: The first user to log on to an endpoint after the installation of SafeGuard Enterprise is not just entered as an SGN user, but also as the owner of that endpoint. Provided that the default settings have not been changed, an owner has the right to enable other users to log on to the endpoint and become SGN users.
SGN user: A "full" SGN user is allowed to log on at the SafeGuard Power-on Authentication, is added to the UMA (User Machine Assignment) and is provided with a user certificate and a key ring for accessing encrypted data.
SGN Windows user: A SGN Windows user is not added to the SafeGuard POA, but has a key ring for accessing encrypted files, just as a SGN user. He is also added to the UMA, which means that he is allowed to log on to Windows on that endpoint.
SGN guest user: A SGN guest user is not added to the UMA, is not provided with rights to log on to the SafeGuard POA, is not assigned a certificate or a key ring and is not saved to the database. See Specific machine settings - basic settings for information on how to prevent a SGN guest user from logging on to Windows.
Service account: With service accounts, users (for example rollout operators, members of the IT team) can log on to endpoints after the installation of SafeGuard Enterprise without activating the SafeGuard POA and without being added as SGN users (owners) to the endpoints. Users included on a service account list are treated as SGN guest users after their Windows logon at the endpoint.
POA user: After activation of the POA it might still be necessary to perform administrative tasks. POA users are predefined local accounts that are allowed to pass the POA. There is no automatic logon to Windows. The users logging on with POA user accounts log on to Windows with their existing Windows accounts. The accounts are defined in the Users and Computers area of the SafeGuard Management Center (user ID and password) and assigned to the endpoint in POA groups. For further information, see POA users for SafeGuard POA logon.