What’s the difference between lock, switch user, and sign out?
GateKeeper Authentication lock options.
Windows 10 has three options when the user leaves the computer with their GateKeeper token: lock, switch user, and sign out. GateKeeper proximity lock allows either the user to select their default option. Similarly, admins can control enforce options for users. Picking the right option is crucial for certain industries like healthcare with EMRs.
Lock: This option will lock the computer but keep all the user’s programs running. It is similar to hitting the Windows key + L key on Windows machines. This option is great when there is only a single user on the computer – such as individually assigned laptops.
Switch User (Disconnect Session): This option will lock the computer and disconnect the current user’s session on Windows machines. This will allow another user to access their own account quickly after they authenticate using their own GateKeeper token. This method is similar to the “Switch User” option in Windows and macOS. This option is best when there are multiple users accessing the computer (shared workstation / kiosk computer).
Sign out: Signing out is logging out. This option will log out the currently connected user when their token goes out of range. Therefore, this will close all running programs and ready the computer for the next user to log in.
GateKeeper Proximity can perform either lock, switch user, or sign out. Locking, switching users, or signing out can be done through proximity or token button press. Then, users no longer need to remember to lock their PCs when they leave.
To change lock settings, follow the directions below.
Change Lock Settings from the GateKeeper Hub admin console.
All computers in the same Group will be subject to the same configurations for lock and unlock setting.
1) First, login to your GateKeeper Hub admin console.
2) Then, click Group Settings on the left side.
3) Afterwards, find the Group you want to make changes to and click “Manage Settings” to the right of the Group’s name.
4) Now you can edit GateKeeper lock options, unlock settings, advanced settings, and limit the features end users have control over on their client computers.
Lock Settings
Listed below are the options for each setting along their explanations for Proximity Lock Method and Button Lock Method.
Set on Client computer: | Allows end-users to choose the settings on the Client application on their own computers. Then users can choose their own settings. |
Disable: | Turns off the feature. Not recommended. Then the PC will not lock automatically. |
Lock Workstation: | Auto-locks the computer. Leaves the current session active and available for any user to login. |
Disconnect Session: | Locks the computer and enables switching between local or AD user accounts on Windows 7 and Mac (OS 10.13 and 10.14) computers. |
Logout: | Logs the user out from the computer. |
Inactivity Lock Method will lock the computer if the user is inactive (no keyboard or mouse activity) for the specified time. Use Lock Workstation if you are the only user or Disconnect Session (Switch User) if multiple people use this computer. The user has the following Lock options available in the drop-down menu. Note 1: For macOS, Lock Workstation and Logout options are not supported.
- Disabled
- Lock Workstation
- Disconnect Session (Switch User)
- Logout
Token Visibility Timeout feature allows you to set a timer for how long the computer will remain unlocked if suddenly the software receives no data from the token. Sudden signal loss can happen if a user places their hand over the token or buries it in their pocket. This feature is set in 15-second increments (15, 30, 45, 60).
Lock Delay Timeout delays locking the computer after a lock decision has been made for this time period. Choose a value for this delay if you want to prevent the computer from locking immediately when you walk away.
Operating System Timeout disables your screen saver from starting when your computer times out. Choose the appropriate option to keep your timeout policy enabled or to disabled. If your timeout policy is set by your network administrator, this setting will not override the network policy.
Disconnect Remote Session allows user to enable or disable disconnecting remote session when the local computer is locked.
- Enable
- Disable
Lock Sensitivity changes the lock/unlock distance for your computer. The higher the sensitivity, the shorter the distance needed to lock. We recommend Medium sensitivity for the best lock/unlock experience for most environments. For instance, if your computer locks while you’re working, lower the sensitivity level.
Motion Detection Sensitivity is useful for adapting your locking and unlocking experience in different environment. High level setting motion sensitivity will allow the computer to lock quicker. If the system is locking too much while you are sitting at your desk, reduce the motion sensitivity to the Low level.
Change Lock Settings from Client desktop application.
1. First, open your GateKeeper Client application on your PC.
2. Then, click Settings in the lower left.
3. Then, you will see tabs for Lock Settings, Unlock Settings, Advanced Settings, and Server Settings. Then select Lock Settings.
GateKeeper Lock Options and Settings
Proximity Lock Method defines how GateKeeper automatically secures your computer when you walk away. Use Lock Workstation if you are the only user. If multiple people use this computer, then use Disconnect Session (Switch User). The user has the following Lock options available in the dropdown. However, for macOS, Lock Workstation and Logout options are not supported.
- Disabled
- Lock Workstation
- Disconnect Session (Switch User)
- Logout
Button Lock Method defines how GateKeeper secures your computer when you press the action button on your token or phone app. Use Lock Workstation if you are the only user or Disconnect Session (Switch User) if multiple people use this computer. The user has the following Lock options available in the drop-down menu. However, for macOS, Lock Workstation and Logout options are not supported.
- Disabled
- Lock Workstation
- Disconnect Session (Switch User)
- Logout
Other advanced GateKeeper lock options
Inactivity Lock Method will lock the computer if the user is inactive (no keyboard or mouse activity) for the specified time. Use Lock Workstation if you are the only user or Disconnect Session (Switch User) if multiple people use the computer. The user has the following Lock options available in the drop-down menu. However, for macOS, Lock Workstation and Logout options are not supported.
- Disabled
- Lock Workstation
- Disconnect Session (Switch User)
- Logout
Disconnect Remote Session allows user to enable or disable disconnecting remote session when the local computer is locked. However, this requires the Client software version to be 3.9 or higher.
- Enabled
- Disabled
Token Visibility Timeout sets a lock timer if no token is detected within this time period. This is a backup locking mechanism if the proximity signal is not detected. 30 seconds is the default setting.
Lock Delay Timeout delays locking the computer after a lock decision has been made for this time period. Choose a value for this delay if you want to prevent the computer from locking immediately when you walk away.
Operating System Timeout disables your screen saver from starting when your computer times out. Choose the appropriate option to keep enable or disable your screensaver timeout.
Motion Detection Sensitivity is useful for adapting your locking and unlocking experience in different environment. High level setting motion sensitivity will allow the computer to lock quicker. Conversely, if the system is locking while you are sitting at your desk, reduce the motion sensitivity to the Low level.
See GateKeeper Enterprise advanced MFA in action.
Take a self-guided tour of how you can evolve from passwords. Then you're really saving time with automation.