SmartEncrypt can be configured to allow users to use their Azure Active Directory (AAD) credentials for Single Sign-on (SSO) to log in to the desktop client, rather than a separate username and password.
Good to know...
- SSO credentials only work for the SmartEncrypt Client, not the Management Console - Users with roles that allow access to the Management Console (Administrators and Helpdesk users) need to ensure they set a separate, standalone password via the Console.
- Standard Users do not have permission to access the Console and can only log in to the client regardless of whether they are using SSO or have a password configured in the Console.
- SSO credentials only work for the SmartEncrypt Client, not the Management Console - Users with roles that allow access to the Management Console (Administrators and Helpdesk users) need to ensure they set a separate, standalone password via the Console.
- Standard Users do not have permission to access the Console and can only log in to the client regardless of whether they are using SSO or have a password configured in the Console.
Enabling SSO via AAD is a simple process, involving the Management Console and the SmartEncrypt desktop client:
1. Configure the SmartEncrypt Console
To enable SSO in the Management Console, navigate to the Settings page in the SmartEncrypt Management Console and:
- In the Single Sign-on panel, set the Enable Azure AD Single Sign-on to the 'on' position
- Enter the Domain or tenant name used in your organisation (e.g. contoso.com)
- Enter fa2f3ecc-ab68-481d-84cd-7ce90ea6762f in the Application or client ID field
- Save settings
2. Configuring the SmartEncrypt client
Good to know...
- This step can be omitted if deploying and installing the client via Microsoft Intune or similar with a Powershell configuration script at the bottom of the article.
- For manual deployments, the Domain and Application ID configuration details can be provided to the user via an instructional email when the user account is created.
- This step can be omitted if deploying and installing the client via Microsoft Intune or similar with a Powershell configuration script at the bottom of the article.
- For manual deployments, the Domain and Application ID configuration details can be provided to the user via an instructional email when the user account is created.
- When logging in for the first time, users will be presented with a login screen:
- To configure the client for SSO use with Azure AD, check the Login using company credentials (SSO) checkbox to switch to the Azure SSO Configuration view and:
- Enter any values in the Domain and Application ID fields, for example (contoso.com and appid)
- Then when prompted at the Microsoft authentication screen (this may appear behind the SmartEncrypt screen):
- Enter their registered email address
- Continue through the Microsoft authentication process
- SmartEncrypt should be logged in now
3. Powershell script for automated SmartEncrypt SSO settings deployment
The following script inserts appropriate user settings into registry for SmartEncrypt to skip the Domain/AppId screen.
The script needs to be run as a logged-in user (not System) after SmartEncrypt has been deployed.
if(!(Test-Path "HKCU:\Software\SmartEncrypt\Azure")) {
New-Item -Path "HKCU:\Software\SmartEncrypt\Azure"
}
New-ItemProperty -Path "HKCU:\Software\SmartEncrypt\Azure" -Name "ApplicationId" -PropertyType String -Value "fa2f3ecc-ab68-481d-84cd-7ce90ea6762f" -Force
New-ItemProperty -Path "HKCU:\Software\SmartEncrypt\Azure" -Name "Tenant" -PropertyType String -Value "contoso.com" -Force
Comments
0 comments
Please sign in to leave a comment.