Configure Windows clients protected by another Credential Provider

If another credential provider (such as, McAfee or Symantec) overwrites Windows login, you must add a new Windows registry key to enable Smart Login with Identity as a Service.

note

For Windows passwordless integration, if you are using Microsoft Intune you must permit Bluetooth advertising and Bluetooth proximal connections for Windows workstations. For more information, see https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10.

Permit Bluetooth advertising and proximal connections

If using Microsoft Intune, enable the required connections, as follows:

1. Go to the applicable Endpoint Manager Intune Portal:
   • https://endpoint.microsoft.com (for Commercial customers)
   • https://endpoint.microsoft.us (for Government customers)
2. In the navigation pane, click Endpoint security.
3. Under Manage, click Attach Surface Direction.
4. Select the Device Control policy that applies to the device.
5. Click Properties.
6. Next to Configuration Settings, click Edit.
7. Ensure that the required services are not blocked.

Add a new registry setting to allow Smart Login

1. Add a new String Value Windows registry key with the key name EntrustSmartLoginProvider under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft/Windows\CurrentVersion\Authentication\LogonUI.
2. Modify the value to the GUID of your credential provider. You can find this value under LastLoggedOnProvider when a user logs in to Windows.