Enable SafeGuard POA autologon with default token PINs

A default token PIN that is distributed by policy enables automatic user logon at the SafeGuard Power-on Authentication. This avoids the need to issue each single token separately and enables users to automatically log on at the SafeGuard Power-on Authentication without any user interaction.

When a token is used at logon and a default PIN is assigned to the computer, the user is passed through at the SafeGuard Power-on Authentication without having to enter a PIN.

As a security officer you can set the specific PIN in a policy of the type Authentication and assign it to different computers or computer groups, for example to all computers residing in the same location.

To enable autologon with a default token PIN:

  1. In the SafeGuard Management Center, click Policies.
  2. Select a policy of the type Authentication.
  3. Under Logon Options in Logon mode, select Token.
  4. In PIN used for autologon with token, specify the default PIN to be used for autologon. PIN rules do not need to be observed in this case.
    Note: This setting is only available if you select Token as possible Logon Mode.
  5. In Pass through to Windows set Disable pass-through to Windows. If you do not select this setting when a default PIN is specified, you will not be able to save the policy.

    If you want to enable the Pass through to Windows option, you can later create another policy of the type Authentication with this option enabled and assign it to the same computer group, so that the RSOP has both policies active.

  6. Optionally specify further token settings.
  7. Save your settings and assign the policy to the relevant computers or computer groups.

If the autologon on the endpoint has been successful, Windows is started.

If the autologon on the endpoint has failed, the user is prompted to enter the token PIN at the SafeGuard Power-on Authentication.