Installing Monofor Identity Client - Windows
Primary Requirement of Passwordless Login on Windows
Monofor Identity Client only runs on TPM which is a security module that needs to be enabled on the machine (Virtual or Physical). All installations must be on Console Session, or Physically, or with your Installation Distribution platform.
For more information please visit Microsoft Documentation about it.
How to install with parameters (EXE Version)
🗄️ Download the EXE version (this one includes all requirements)
https://download.monofor.com/identity/monofor-identity-installer-v2.2.1.0.exe
Automated Install Script for EXE
./monofor-identity-installer-v2.2.1.0.exe /install /quiet URL="https://your-account-url" TENANT_ID="your-tenant-id" APP_KEY="your-app-id" APP_SECRET="your-app-key"
or, setup key version;
./monofor-identity-installer-v2.2.1.0.exe /install /quiet URL="https://your-account-url" KEY="setup-key-obtained-from-management"
What parameters you can override?
The installer contains parameters that you can customize during the installation process. Please click here to see all the parameters.
How to install with parameters (MSI Version)
🗄️ Download the MSI version (this one does not include VC_redist.x64_2022.exe which is required).
https://download.monofor.com/identity/monofor-identity-installer-v2.2.1.0.msi
Automated Install Script for MSI
msiexec /i "monofor-identity-installer-v2.2.1.0.msi" /q URL="https://your-account-url" TENANT_ID="your-tenant-id" APP_KEY="your-app-id" APP_SECRET="your-app-key"
or, setup key version;
msiexec /i "monofor-identity-installer-v2.2.1.0.msi" /q URL="https://your-account-url" KEY="setup-key-obtained-from-management"
Setup Parameters via Command Line Interface (CLI)
Parameter | Description | |
---|---|---|
URL | Your environment’s account page URL. | |
KEY | Setup Key (you can obtain from Management, Application Setup page) | |
APP_KEY | Windows App’s Rest API Key | Optional if you are using Setup Key |
APP_SECRET | Windows App’s Rest API Secret | Optional if you are using Setup Key |
TENANT_ID | Environment Tenant Id | Optional if you are using Setup Key |
FEATURES | This can be used for opt in or opt out features such as MFA, Passswordless, Mobile Unlock, Self-Service Portal etc. You can use comma seperated values to enable for multiple features. Click here to see all feature keys. | |
DEBUG_MODE |
| You can opt in to see detailed logs. This could cause to expose some sensitive informations. Please be carefull and use only for investigation. |
Features
Name | Description |
---|---|
PWLESS | Passwordless default feature, required to enable following options. |
PWLESS_QR | Enable Passwordless login with QR Code option. |
PWLESS_PUSH | Enable Push login |
PWLESS_MOBILE | Enable Mobile Lock / Unlock feature |
MFA | Enable Multi-Factor authentication. Required for followed options. |
MFA_RDP_ONLY | Enable MFA for only RDP sessions |
MFA_HIDE_OTHERS | Hide other credential providers |
SSP | Enable Self-Service Portal options for user. |
If you want to use Passwordless and its sub-features together, you need to enable the main feature first. For example, if you want to enable only the QR Code Passwordless option, you need to use a CLI command like the following.
./setup.exe /install /quiet URL="https://your-account-url" KEY="Setup-Key" FEATURES="PWLESS,PWLESS_QR"
Setup Actions and Timeouts
The setup depends on certain actions to complete all processes successfully. The primary requirement of this setup is the TPM 2.0 Device (Trusted Platform Module). Installation requires to creation of a certificate on the TPM devices which must be completed in under 60 seconds. If action exceeds this timeout, the setup process will be marked as interrupted.
Antivirus Exceptions
It is best practice to exclude Monofor Identity Agent service executables and files from antivirus scans.
C:\Program Files\Monofor\*.*
C:\Windows\System32\monofor-identity-security.ini