3 Replies Latest reply on May 27, 2009 12:00 AM by mrgui

    Single Sign-on before User Profile Created

      Hi All,

      From much experimenting (and reading the docs) I understand that the users SSO credentials are stored in their user profile, that’s fine.

      The problem I have is that we have a requirement for SSO to work even though the user has never logged onto that machine before (and therefore does not yet have a profile created). Both the Endpoint username and password match the Windows passwords so it would be great if Endpoint would simply pass the credentials straight through to the Windows logon.

      Even though I'd configured Endpoint to attempt to logon to Windows using Endpoint credentials (which should work), it still fails if the user has never logged onto the machine before (and therefore doesn’t have a profile).

      Does anyone know if it is possible for SSO to work the first time, even without a profile?

      Many Thanks

        • 1. RE: Single Sign-on before User Profile Created
          i don't think it will work if a user has truely never logged on. If this is in a corporate environment, what a lot of IT staff do is log onto A N Other laptop using the client, both pre-boot and windows, then sync up the SSO details to the server.

          Then any machine that sync's (regardless of who is logged on) will get those SSO cred's. A password reset by the helpdesk, using "force change at next log-on" would then force user to change password upon first entry to windows and then the passwords should sync themselves back up.
          • 2. RE: Single Sign-on before User Profile Created
            Are you talking about WINDOWS profiles? The password is not stored in the users profile - it's stored in the SafeBoot File System (SbFS). The only thing that is a hindrance to you is perhaps that because no one has logged into the system, the client hasn't brought down the user accounts yet --- but if that was the case, then encryption shouldn't have started.
            • 3. RE: Single Sign-on before User Profile Created
              If you have another password sync utility for your Active Directory domain, you can create an external call that sets the MEE password and SSO information through the API.