Signing in with the Authentication Agent service account
Kaspersky Endpoint Security allows you to add an Authentication Agent service account when encrypting a drive. The service account is necessary to gain access to the computer, for example, when the user forgets the password. You can also use the service account as a reserve account. To add an account, select a service account in disk encryption settings and enter the name of the user account (by default, ServiceAccount). To authenticate using the agent, you will need a one-time password.
Open the Kaspersky Security Center Administration Console.
In the Managed devices folder in the Administration Console tree, open the folder with the name of the administration group to which the relevant client computers belong.
In the workspace, select the Devices tab.
Double-click to open the computer properties window.
In the computer properties window, select the Tasks section.
In the task list, select Manage Authentication Agent accounts and open the task properties by double-clicking.
In the task properties window, select the Settings section.
In the list of accounts, select the Authentication Agent service account (for example, WIN10-USER\ServiceAccount).
In the Action drop-down list, select View account.
In account properties, select the Show original password check box.
Copy the one-time password for logging in with the service account.
In the main window of the Web Console, select Devices → Managed devices.
Click the name of the computer on which you want to view the list of Authentication Agent accounts.
This opens the computer properties.
In computer properties, select the Tasks tab.
In the task list, select Manage Authentication Agent accounts.
In the task properties, select the Application Settings tab.
In the list of accounts, select the Authentication Agent service account (for example, WIN10-USER\ServiceAccount).
In account properties, select the Show password check box.
Copy the one-time password for logging in with the service account.
Kaspersky Endpoint Security automatically updates the password every time a user authenticates with the service account. After authenticating using the agent, you must enter the Windows account password. When signing in with the service account, you cannot use the SSO technology.