cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

MDE Smart Card with SSO

Jump to solution

Hello, we have a problem with no locking workstation when I remove smart card.

How is it look like. Whan I turn the computer, the first step is McAfee preboot screen where i need type PIN with inserted smardcard (PKI). Next step is loading windows and followed automatic SSO login. This is looking great. But..... Whan I remove card from reader so nothing happens and I'm still signed in. We have in GPO value "Lock Workstation" and when i turn off SSO in ePO DE policy its working correctly. Is there anybody who know where can be problem please?

Thank you very much

PS: It's on Windows 10 b1903

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: MDE Smart Card with SSO

Jump to solution

Hi @VitezslavKu ,

Thank you for the information.

The credentials which you enter in the MDE login screen are usually replayed to the windows login UI screen and that is how the SSO mechanism works. 

If your GPO policies are defined for credential providers then when SSO is enabled MDE controls the automatic login functionality for windows, however MDE does not know to lock-down the machine when the card is removed. That is why when you disable SSO your GPO rules work.

I do not have an answer, however support can help you on the same if you raise a support ticket and support can check with dev to check your requirement in depth. Kindly share the GPO rule configurations in the support ticket. 

 

Thank you.

Regards,
Jithendran S
McAfee Employee

View solution in original post

3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: MDE Smart Card with SSO

Jump to solution

Hi @VitezslavKu ,

Thank you for writing in here.

When are you removing the card? after login to the Windows Desktop screen or after authentication at the MDE PBA screen?

 

Regards,
Jithendran S
McAfee Employee
Highlighted

Re: MDE Smart Card with SSO

Jump to solution

Hi, when I remove card after PBA the OS is automatic sign in. And when I remove card in after logo on in windows so the system i still signed in. And that's what I don't want.

Thank you

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: MDE Smart Card with SSO

Jump to solution

Hi @VitezslavKu ,

Thank you for the information.

The credentials which you enter in the MDE login screen are usually replayed to the windows login UI screen and that is how the SSO mechanism works. 

If your GPO policies are defined for credential providers then when SSO is enabled MDE controls the automatic login functionality for windows, however MDE does not know to lock-down the machine when the card is removed. That is why when you disable SSO your GPO rules work.

I do not have an answer, however support can help you on the same if you raise a support ticket and support can check with dev to check your requirement in depth. Kindly share the GPO rule configurations in the support ticket. 

 

Thank you.

Regards,
Jithendran S
McAfee Employee

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community