Fingerprint logon at the OS on BitLocker encrypted client

  • Article ID: 120185
  • Updated: 29 Mar 2016


When using fingerprint authentication on a client that is encrypted with BitLocker (non - Lenovo hardware or unsupported Lenovo models) the SafeGuard Authentication Application appears after logon to the operating system. 

First seen in
SafeGuard BitLocker Client 7.0
SafeGuard BitLocker Client 6.10.0

Operating systems
Windows 8

An authentication at the SafeGuard Credential Provider or the SafeGuard Authentication Application is only possible on supported Lenovo Clients.

Additional information

If only the BitLocker client is managed by SafeGuard and access to the keyring is not required (for example when the file based encryption modules like DataExchange, FileShare or CloudStorage are not installed) the appearance of the Authentication Application can be limited using a system policy.

After applying the required system policy, the SafeGuard Authentication Application only appears for user initialization and after password changes.

This behavior is managed through a Policy_S setting called InsistOnSGNAuth (default: true). The corresponding XML (Disable_InsistOnSGNAuthentication.xml) is available in the "Tools\System policies\" folder of the product DVD (or download).

What To Do

The XML which sets the value to "false" has to be signed with the company certificate.

  1. Open SafeGuard Management Center | Tools | Options | Certificates
  2. Press the Sign button and browse to the XML file which was mentioned earlier in this article.


  3. After browsing to the file just click "OK" and the MC creates a new file which is called "originalxmlname_Signed".
  4. Copy this new file into the Import folder of the LocalCache on the SafeGuard Client:

    The location on the client: %ALLUSERSPROFILE%\Utimaco\SafeGuard Enterprise\import

  5. Open Start | Run | CMD  and execute the tool "SGMcmdintn.exe" in the command line. After a successful import the XML-file disappears from the Import folder.



If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent