IDSecurity Agent installation via Endpoint Central

Here are the step-by-step instructions on how to deploy Identity360's IDSecurity Agent for Windows using ManageEngine Endpoint Central.

This page will guide you through the steps involved in installing the Identity360 IDSecurity Agent using Endpoint Central. This document is written with the assumption that you are a system administrator with basic knowledge of ManageEngine Endpoint Central.

System requirements

The different platforms supported by the IDSecurity Agent are listed below.

Windows Server versions Windows OS versions
Windows Server 2022 Windows 11
Windows Server 2019 Windows 10
Windows Server 2016 Windows 8.1
Windows Server 2012 R2 Windows 8

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable MFA for Windows logins. Visit our store for pricing details.
  2. Currently, the IDSecurity Agent is supported only for Windows devices that are joined to Azure AD or are part of a hybrid AD setup.
  3. Configure MFA settings located in the Identity360 admin portal before installing the IDSecurity Agent. Go to Applications > Multi-factor Authentication > MFA for Endpoints > MFA for Windows machines.
  4. IDSecurity Agent installation via Endpoint central

Steps for installing the IDSecurity Agent on a Windows machine

Step 1: Creating an MSI package

  1. Log in to Endpoint Central as an admin.
  2. Navigate to Software Deployment > Package creation > Packages > Add Package and select Windows.
  3. On the Enter Package Details page, enter a Package Name, and click the MSI/MSP radio button.
  4. Click the License Type drop-down and select Commercial.
  5. In the Local installable field, select From Local Computer.
  6. Click Browse and select the Identity360CloudIDSecurityAgent.msi file.
  7. Note: Locate this file in Identity360's admin portal by navigating to Applications > Multi-factor Authentication > MFA for Endpoints > Install IDSecurity Agent > Step 1 > Download.

    IDSecurity Agent installation via Endpoint central
  8. Locate and copy the Installation Key from the Identity360 admin portal, under Applications > Multi-factor Authentication > Install IDSecurity Agent > Step 2.
  9. IDSecurity Agent installation via Endpoint central
  10. Back on the Enter Package Details page in Endpoint Central, enter Identity360CloudIDSecurityAgent.msi in the MSI/MSP File Name field.
  11. IDSecurity Agent installation via Endpoint central
  12. Enter the Installation Key obtained from step 7 into the MSI/MSP Properties for installation field in the format shown below while replacing <KEY> with the copied Installation Key.
  13. Installation command
    Copy to Clipboard
    INSTALLATION_KEY=<KEY>

    Note: If a new installation key is generated, copy the command with the new installation key from the Identity360 admin portal and update the MSI/MSP Properties for installation field with the new command for all new installations.

  14. Click Add Package.
  15. You have now created a software package that you can deploy to the computers in your domain.

Step 2: Customizing the IDSecurity Agent

The customizations.json file is used to customize the IDSecurity Agent's default parameters. Before proceeding with the installation, ensure you prepare a customizations.json file similar to the provided sample below. This file should contain the necessary parameters that require modification.

Upload the customizations.json file along with the MSI file by navigate to Software Deployment > Package creation > Packages > Add Package > Windows. Click Browse in the Locate Installable field on the Enter Package Details page to upload the file.

Note: If customization is not required, the MSI will automatically utilize the default parameters.

IDSecurity Agent installation via Endpoint central

If you do not customize the file as mentioned in the previous step, you can still make adjustments later by editing the customizations.json file located in the C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\conf folder.

Note: Please refrain from making any modifications to any files aside from customizations.json found in the installation folder, as these files are integral to the functioning of the IDSecurity Agent. Any changes to these files may disrupt functionality of both the agent and the system.

Sample customizations.json file

JSON
Copy to Clipboard
{
 "LogPath": "C:\\Program Files\\ManageEngine\\Identity360 Cloud IDSecurity Agent\\logs",
 "LogLevel": "NORMAL",
 "LogRotationMaxSize": "50",
 "LogArchivePath": "C:\\Program Files\\ManageEngine\\Identity360 Cloud IDSecurity Agent\\logs\\archive",
 "Title": "IDSecurity Agent",
 "WebclientFaviconPath": "C:\\Program Files\\ManageEngine\\Identity360 Cloud IDSecurity Agent\\resources\\favicon.ico"					
}

The table below contains the list of default values and descriptions for all parameters.

Parameter name Default value Description
LogPath C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\logs

The log file is stored here.

Caution: Modifying the value is advised only if there is a valid reason to do so. If the value is altered, ensure that the folder permissions include write permissions for the Users group and the SYSTEM account.

LogLevel NORMAL The default value is set to NORMAL, providing information essential for regular operation. If the value is changed to DEBUG, the log will incorporate detailed troubleshooting information crucial for the support team. Exercise caution, as setting the value to DEBUG will generate extra log entries, potentially causing a rapid increase in the log file's size.
LogRotationMaxSize 50 This parameter determines the maximum size of the log file. Upon reaching the specified limit, with a minimum of 10MB and a maximum of 50MB, a new log file is generated, and the previous log file is archived to the path specified in LogArchivePath.
LogArchivePath C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\logs\archive This refers to the file path where log files are archived once they reach the specified LogRotationMaxSize limit.
Title IDSecurity Agent This is the title of the MFA prompt.
WebclientFaviconPath C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\resources\favicon.ico This is the icon of the MFA prompt.

Step 3: Deploying an MSI package

  1. Select the package you have created in the Packages tab. Select Computer Configuration from the Install/Uninstall Software drop-down.
  2. IDSecurity Agent installation via Endpoint central
  3. On the Install/Uninstall Windows Software page that opens, enter a Name.
  4. In the Define Target section, select the required domains and computers to which you'd like to deploy the MSI package.
  5. IDSecurity Agent installation via Endpoint central
  6. Click Deploy Immediately.

Step 4: Uninstalling the IDSecurity Agent

1. Uninstalling the IDSecurity Agent for specific computers

The following steps can be used when it becomes necessary to remove the IDSecurity Agent from particular computer machines.

  1. Log in to Endpoint Central as an admin.
  2. Navigate to Inventory > Views > Software > IDSecurity Agent.
  3. From the table, select the computer(s) from which the agent should be uninstalled.
  4. Click on Uninstall.
  5. IDSecurity Agent installation via Endpoint central

2. Uninstalling the IDSecurity Agent from all machines

The following steps can be used to uninstall IDSecurity Agent across all machines.

  1. Select the package you have created in Step 1.
  2. Select Computer Configuration from the Install/Uninstall Software drop-down.
  3. IDSecurity Agent installation via Endpoint central
  4. On the Install/Uninstall Windows Software page that opens, enter a Name.
  5. Choose Uninstall as the operation type in the Install/Uninstall Software section.
  6. In the Define Target section, select the required domains and computers.
  7. IDSecurity Agent installation via Endpoint central
  8. Click Deploy Immediately to initiate the uninstallation process.

Updating the Installation Key

In case the current installation of the IDSecurity Agent is compromised, regenerate a new Installation Key by navigating to Applications > Multi-factor Authentication > Install IDSecurity Agent > Step 2 > Regenerate in Identity360 admin portal. Copy the command along with the newly generated key and follow these steps to update the Installation Key.

  1. Log in to Endpoint Central as an admin.
  2. Navigate to Software Deployment > Package creation > Packages and select the package created Step 1.
  3. IDSecurity Agent installation via Endpoint central
  4. On the page that opens, select Modify from the Actions dropdown menu.
  5. IDSecurity Agent installation via Endpoint central
  6. Replace the current Installation Key found at Installation > Installation Details > MSI/MSP Properties for installation on the Modify Package page with the new key copied from Step 3. Then, proceed to click on Modify Package.
  7. IDSecurity Agent installation via Endpoint central

Updating the Installation Key

Please regenerate a new Installation Key using the link in Identity360 admin portal if the current Installation Key is compromised. Follow these steps to regenerate a key:

  1. Log in to the Identity360 admin portal.
  2. Go to Applications > Multi-factor Authentication > Install IDSecurity Agent > Step 2 > Regenerate..
  3. After generating a new Installation Key, copy the command along with the new Installation Key from the Identity360 admin portal.
  4. Update the Installation Command field with the new command for all new installations.
Note:
  • Please treat the Installation Key like a password. It is sensitive information and must not be shared.
  • The generation of a new Installation Key will not affect the existing installations of the IDSecurity Agent on installed machines.

Copyright © 2024, ZOHO Corp. All Rights Reserved.