PGP Whole Disk Encryption (WDE) allows regular passphrase users and Single Sign-On (SSO) users.
With PGP WDE SSO users, the user enters the passphrase at PGP BootGuard (pre-boot) and once the user authenticates, the system will automatically login to the user’s Windows profile without requiring the user to enter the credentials a second time.
Since PGP Whole Disk Encryption version 10.2 MP5, there are some instances where the auto-login process, which would normally log the user into the Windows profile, can halt. When this halt has occurred, a user account will be displayed “PGP SSO” with no apparent method to login to any other Windows profile.
There are a few scenarios where this has occurred that can prompt this behavior:
1.The Windows user password has expired and must be changed per Windows policy.
2.The PGP WDE SSO account has used credentials that do not correspond to the Windows login or Domain login.
In the first scenario, a user’s Windows or Domain password has expired. Once this has been detected by the Windows login process, in order to login to Windows, the user must first change the Windows password. Once this has completed, this behavior will no longer be seen.
In the second scenario, a PGP WDE SSO user may have been created with a username or domain that does not exist. If this is the case, it will be necessary to correct the PGP WDE SSO user, and then the halting process will go away.
In both of these scenarios, it may be difficult to login to Windows because there is no “switch user” icon available at this prompt.
This issue is fixed in the following release:
PGP Desktop 10.2.1 MP2
The fix involves adding a "Switch User" button such that users can click the button and login with the new Windows password, or change the Windows password as applicable.