Planning for the Windows interactive logon experience
AccessAgent can be deployed on Windows workstations with or without a Credential Provider.
The following table shows the supported logon screen, desktop configuration, and whether strong authentication is supported when AccessAgent is deployed with or without the ESSO Credential Provider.
| When AccessAgent is deployed with | Interactive logon with | Supported desktop configurations | Strong authentication support |
|---|---|---|---|
| ESSO Credential Provider mode on | ESSO AccessAgent screen Windows Logon screen |
|
Yes |
| ESSO Credential Provider mode off | Windows Logon screen |
|
No |
| Kerberos mode | Windows Logon screen |
|
Yes |
- With the ESSO Credential Provider mode, users log on to their Windows desktops through the ESSO AccessAgent screen with their ISAM ESSO credentials.
Users are logged in to their Wallets, and automatically logged on to their Windows with their Windows credentials.
- With the ESSO Credential Provider mode off, users log on to their Windows desktops through the regular Windows Logon screen with their Active Directory credentials.
AccessAgent then uses the same credentials to log on the users to their cached Wallets and to IMS Server.
AccessAgent uses a module that is called ESSO Network Provider to capture the Active Directory credentials and to use these credentials to automatically log on the users to their Wallets.Note: Active Directory password synchronization must be enabled for ESSO Network Provider to work properly.
ESSO Credential Provider might be bypassed to login with the standard Microsoft Logon UI by clicking Go to Windows to log on.
The ESSO AccessAgent screen is required for shared desktop and private desktop configurations and for using strong authentication. ESSO Credential Provider also provides self-service sign-up and password reset services on the ESSO AccessAgent screen.