ESET Online Help

Select the category
Select the topic

Single Sign-On (SSO)

Single Sign-On (SSO) is a feature in the managed version of ESET Endpoint Encryption client (EEE client) managed by an ESET Endpoint Encryption server that allows the user to directly logon to their Windows account from the pre-boot (FDE) login page.

Coupled with the EEE auto-login feature, this can allow a single password to authenticate through:

The EEE FDE login

Windows logon

EEE Key-File login


Single Sign-On can be configured via the EEE Server either when initiating Full Disk Encryption (FDE), adding an FDE login or by later modifying an FDE login. See the section here: Full Disk Encryption.

To use Single Sign-On, the workstation must be joined to a Windows domain. However, the actual account used can either be a domain account or a local machine account.

Initiating Full Disk Encryption

To configure Single Sign-On when initiating Full Disk Encryption, simply click the Single Sign-On check box on the user FDE login page of the Start FDE Wizard.


The password options will be disabled when choosing Single Sign-On because the password will not be managed by the EEE Server.

fde options

Adding a new FDE login

To configure Single Sign-On when adding a new FDE login, select the Single Sign-On option. This will limit the user selection on the following page of the wizard to only users who are activated on the workstation.


Changing an existing FDE login

To enable, or disable, Single Sign-On for an existing FDE login, select the relevant option on the Change FDE login interface and post the command to the client.


The password options will be disabled when choosing Single Sign-On because the password will not be managed by the EEE Server.


Client behaviour

When the EEE client receives a request to enable Sign Sign-On they will be presented with a dialog to confirm their Windows login password. They must type their normal windows password and click Verify. If this is successful, click OK to configure the login to use Single Sign-On.



If a user changes their Windows password from within Windows, the pre-boot login will be automatically updated so Single Sign-On (SSO) will still work.

If a windows user has their password changed on another workstation, or it is changed for them on the server, then the local pre-boot information will become out of sync.

The user should log in to the pre-boot loader using this previous password, or use recovery and choose a temporary password.

When the user boots to Windows, they will need to log into Windows manually as SSO will fail.

After they have logged into Windows, they will be prompted to reconfigure Single Sign-On and type their new password.

See more information about Full Disk Encryption login type.