1. Home
  2. Docs
  3. LDS Edition Administrator’s Guide
  4. Single Sign-On

Single Sign-On

Single Sign-On supports multiple authentication credentials in configurable combinations, providing the utmost flexibility in customizing the feature to your environment.

Configuring Single Sign-On

Configuration of Single Sign-On requires two steps.

  • Disable the Session Authentication Policy setting for the computers where you want to implement
  • Create managed logons for any resources that you want users to be able to access during a Windows session without needing to provide additional authentication. These logons must have their Start Authentication Immediately property set to Yes when they are created by the

Disabling Session Authentication

In Active Directory, disable Session Authentication for the OU (or domain) where you want to use SSO.

  • In the Group Policy Management Editor, click Session Authentication Policy at the following location: Computer Configuration/Policies/Software Settings/DigitalPersona/Security/Authentication.
  • On the Session Policy tab, select Disabled.

Creating managed logons

In order to implement SSO, the managed logon for each resource that will be part of SSO must include use of the Start Authentication Immediately setting.

When creating a managed logon for a resource (through the Password Manager Admin Tool),

  • On the Logon Screen Properties page of the Logon Screen Wizard, choose Yes for the Start Authentication Immediately

Note that this must be used in conjunction with disabling the Session Authentication Policy in order to create an SSO experience. If the Session Authentication Policy is not disabled, authentication will start immediately, but the user will still be prompted for additional authentication.