SafeGuard Enterprise: How to enable a new user to authenticate at POA level

  • Article ID: 107857
  • Rating:
  • 20 customers rated this article 4.1 out of 6
  • Updated: 17 Feb 2016

Enabling a new user at POA level.

Known to apply to the following Sophos product(s) and version(s)
SafeGuard Device Encryption

Operating systems
All supported operating systems

What To Do

This describes a possible scenario:

Currently only User1 is allowed to log on to the POA. Now an additional user wants to log on to the SafeGuard Enterprise client.

  1. User1 (owner) switches on the SafeGuard Enterprise client, and the POA dialog appears. User2 cannot log on at POA level because they do not have the necessary keys and certificates.

    It is the owner of the SafeGuard Enterprise client  (User1) who has to enable User2 to log on to POA, 

  2. User1 logs on at POA level. The "Passthrough Logon to Windows" option must be deactivated so that the Windows logon dialog (GINA/Credential Provider) appears.

  3. The Windows logon dialog appears (Gina/ Credential Provider) and User2 enters their Windows credentials.

    Note: When using Windows Vista or Windows 7 ensure that the SafeGuard Enterprise credential provider is used to authenticate on the system (the one with the keyhole symbol).

  4. Now User2 is generated in the SafeGuard Enterprise system core (connection to the AD and SGN Server required).

    Once the SGN client has been rebooted, User2 can log on to POA.


If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent