Configuring SSO with AD
Jetico Central Manager features support for integration with Active Directory for Single-Sign-On. The corresponding checkbox is available in Company Settings under Password Options on Client Computers.
When enabled, for client computers that have Single-Sign-On activated and configured as part of an encryption policy, Microsoft Active Directory (AD) user credentials will prevail over the encryption password at boot time. This allows for smoother integration with existing enterprise environment by immediately syncing any changes Administrator makes in AD, such as password change, user account deactivation, etc.
NOTE: Integration with Active Directory for Single-Sign-On will only apply to EFI client computers
Below is a step-by-step guide on how to enable this functionality:
- At the Company Page, scroll all the way down and click Company Settings.
- Switch to BestCrypt Volume Encryption tab.
- Tick the ‘Enable Active Directory integration for Single Sign-On’ checkbox.
- Under AD domain, fill out the domain name for your organization;
Under AD host IP, fill out the IP address of the Active Directory server;
Optionally, fill out a secondary IP address of the Active Directory server
Then click Check.
- Fill out a user name and a password for an account with Administrator privileges in the domain, then click Check again.
- Click Save at the bottom of the Company Settings page to apply the changes. You should expect to see the following message:
- To finish setting up, stop and start the Server again via Jetico Server Monitor:
- You will be prompted to re-enter the password for the Super Admin account, i.e. the first Admin account created.
- You are all set up. Make sure "Allow Single-Sign-On" is activated as part of the encryption policy you will be using.
- Assign policy to a selected Computer or a Group of Computers.
- After the encrypted computer receives the new policy, on reboot, the AD boot prompt will be available.
- Entering the Active Directory user login and password will log the user straight in to Windows.
AD boot prompt in Text mode:
AD boot prompt in GUI mode (non-customizable version):