1059 - How to enable Bi-directional password synchronization

  • Updated on Feb 6, 2026
  • 1 minute(s) read
  • VN
 Prev Next

Enabling Bi‑Directional Password Synchronization in SecureDoc

Overview

This article explains how to configure bi‑directional password synchronization between Windows and SecureDoc. When enabled, changes made to a user’s Windows password will synchronize with their SecureDoc Pre‑Boot Authentication (PBA) password.

Important: Password synchronization occurs only when the user changes their Windows password locally on the system using Ctrl+Alt+Del.

Prerequisites

  • SecureDoc Enterprise Server (SES) access
  • An existing SES device profile
  • SecureDoc client installed on the endpoint

Applies to:

Operating System: Windows

SecureDoc Versions: All versions

Configuration Steps

1. Enable Password Synchronization in the SES Profile

  1. In the SES Console, select the desired Device Profile and choose Modify.
  2. Navigate to the General tab.
  3. Enable the option: Synchronize SecureDoc with Windows Password (bi-directional).

A screenshot of a computer AI-generated content may be incorrect.

  1. Save the profile.

2. Push the Updated Profile to Existing Devices

For devices already deployed:

  1. In the SES Console, go to the Devices tab.
  2. Right‑click the target device and select Assign Device Profile to Devices.

A screenshot of a computer AI-generated content may be incorrect.

  1. Choose the updated profile and click OK.
  2. Restart the device to apply the changes.

A screenshot of a computer AI-generated content may be incorrect.

3. End‑User Experience

Once the updated profile is applied:

  1. The user logs in at Pre‑Boot Authentication (PBA).
  2. The user then logs into Windows using their Windows password.
  3. After this login, password synchronization becomes active.
  4. On the next reboot, the user must enter their Windows password at PBA.

Password Change Requirements

Because synchronization requires the Ctrl+Alt+Del password change workflow:

  • If Windows prompts the user to change their password automatically, instruct them to cancel the prompt.
  • Instead, they must press Ctrl+Alt+Del → Change a Password, complete the change, and then restart the device.
  • At the next boot, the user must enter the new Windows password at PBA.

Troubleshooting

If password synchronization does not occur:

  • Disable the SecureDoc Credential Provider on the endpoint.
  • Re‑enable the Credential Provider.
  • Restart the device and test again.