IDSecurity Agent installation via MCM

Here are the step-by-step instructions on how to deploy the Identity360's IDSecurity Agent for Windows using the Microsoft Configuration Manager (MCM).

About the IDSecurity Agent

The IDSecurity Agent is an extension of the standard credential provider from Microsoft. When installed, it can enable MFA for local Windows logins, RDP logins, and UAC actions to protect machines from credential-based attacks.

Supported platforms

The different platforms supported by the IDSecurity Agent are listed below.

Windows servers Windows clients
Windows Server 2022 Windows 11
Windows Server 2019 Windows 10
Windows Server 2016 Windows 8.1
Windows Server 2012 R2 Windows 8

IDSecurity Agent installation using MCM

MCM, formerly known as Microsoft System Center Configuration Manager (SCCM), is a system management software product developed by Microsoft for managing large groups of computers running Windows OS. Using its software distribution capability, you can install the IDSecurity Agent to the desired computers in a domain.

Prerequisites

  1. The MFA and SSO license for Identity360 is required to enable MFA for Windows logins. Visit our store for pricing details.
  2. Currently, IDSecurity Agent is supported only for Windows devices that are joined to Azure AD or part of a hybrid AD setup.
  3. Configure MFA settings located at Applications > Multi-factor Authentication > MFA for Endpoints > MFA for Windows machines in the Identity360 admin portal before installing the IDSecurity Agent.

Steps for installing the IDSecurity Agent on a Windows machine

Step 1: Create a network share

  1. Download the Identity360CloudIDSecurityAgent.msi file by logging into Identity360 admin portal > Applications > Multi-factor Authentication > MFA for Endpoints > Install IDSecurity Agent > Step 1 > Download.
  2. IDSecurity Agent installation via MCM
  3. Paste it in a network share.
  4. Note: Make sure that the MCM administrator has read access to the network share in which the Identity360CloudIDSecurityAgent.msi file is located.
    IDSecurity Agent installation via MCM

Step 2: Create an application

  1. Go to the Microsoft Endpoint Configuration Manager console.
  2. Navigate to Software Library > Application Management drop-down > Applications > Create Application.
  3. IDSecurity Agent installation via MCM
  4. In the General tab, click Browse next to the Source folder field.
  5. IDSecurity Agent installation via MCM
  6. Select the MSI file from the network share.
  7. IDSecurity Agent installation via MCM
  8. Click Next after viewing the imported information from the Import Information tab.
  9. IDSecurity Agent installation via MCM
  10. In the General Information tab, specify an appropriate name and necessary information. In the Installation program field, enter the following MSI command, while replacing <MSIPATH> and <KEY> as per the parameters mentioned below:
  11. Installation command
    Copy to Clipboard
    msiexec.exe /i "<MSIPATH>" /qn INSTALLATION_KEY=<KEY>

    The above command is used to execute the MSI file, intended for installation via MCM.

    Parameters for the msiexec.exe command:

    Key Description
    /i "<MSIPATH>"

    This is the actual MSI file path.

    <MSIPATH> should be replaced with the actual MSI file path. The file path should be a valid network share path. For example, "\\server\share\Identity360CloudIDSecurityAgent.msi".

    INSTALLATION_KEY=<KEY>

    This is a mandatory parameter for authorizing a Windows machine with Identity360.

    Path to copy the installation key: Login to Identity360 admin portal > Applications > Multi-factor Authentication > MFA for Endpoints > Install IDSecurity Agent > Step 2

    Replace <KEY> with the actual installation key.

    IDSecurity Agent installation via MCM
  12. Customizing the IDSecurity Agent:
  13. The customizations.json file is used to customize the IDSecurity Agent's default parameters. Before proceeding with the installation, ensure you prepare a customizations.json file similar to the provided sample below. This file should contain the necessary parameters that require modification. Place this file in the same network path as the MSI file created in step 2 of creating a network share. If customization is not required, the MSI will automatically utilize the default parameters.

    If you have not prepared a customizations.json file during installation, you can still make adjustments by editing the file located at C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\conf\customizations.json

    Note: Please refrain from making any modifications to any files aside from customizations.json found in the installation folder, as these files are integral to the functioning of the IDSecurity Agent. Any changes to these files may disrupt functionality of both the agent and the system.

    Sample customizations.json file:

    JSON
    Copy to Clipboard
    {
        "LogPath": "C:\\Program Files\\ManageEngine\\Identity360 Cloud IDSecurity Agent\\logs",
        "LogLevel": "NORMAL",
        "LogRotationMaxSize": "50",
        "LogArchivePath": "C:\\Program Files\\ManageEngine\\Identity360 Cloud IDSecurity Agent\\logs\\archive",
        "Title": "IDSecurity Agent",
        "WebclientFaviconPath": "C:\\Program Files\\ManageEngine\\Identity360 Cloud IDSecurity Agent\\resources\\favicon.ico"
    } 

    The table below contains the list of default values and descriptions for all parameters.

    Key Default Value Description
    LogPath C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\logs

    The log file is stored here.

    Caution: Modifying the value is advised only if there is a valid reason to do so. If the value is altered, ensure that the folder permissions include write permissions for the Users group and the SYSTEM account.

    LogLevel NORMAL The default value is set to NORMAL, providing comprehensive information essential for regular operation. If the value is changed to DEBUG, the log will incorporate detailed troubleshooting information crucial for the support team. Exercise caution, as setting the value to DEBUG will generate extra log entries, potentially causing a rapid increase in the log file's size.
    LogRotationMaxSize 50 This parameter determines the maximum size of the log file. Upon reaching the specified limit, with a minimum of 10MB and a maximum of 50MB, a new log file is generated, and the previous log file is archived to the path specified in LogArchivePath.
    LogArchivePath C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\logs\archive This refers to the file path where log files are archived once they reach the specified LogRotationMaxSize limit.
    Title IDSecurity Agent Title of the MFA prompt.
    WebclientFaviconPath C:\Program Files\ManageEngine\Identity360 Cloud IDSecurity Agent\resources\favicon.ico Icon of the MFA prompt.

    *Every key-value pair is a required parameter in the customizations.json file. The values can be replaced or modified.

  14. Select Install for system from the Install behavior drop-down.
  15. IDSecurity Agent installation via MCM
  16. In the Summary tab, confirm the selected settings by clicking Next.
  17. IDSecurity Agent installation via MCM
  18. In the Completion tab, click Close to finish.
  19. IDSecurity Agent installation via MCM

Step 3: Specify the operating system requirements

  1. Select the application you have created for IDSecurity Agent in the Applications tab, then click Properties.
  2. IDSecurity Agent installation via MCM
  3. From the Properties tab, select the Deployment Types tab, then select the IDSecurity Agent's MSI file, and click Edit.
  4. IDSecurity Agent installation via MCM
  5. From the MSI file's Properties tab, select the Requirements tab. Click Add.
  6. IDSecurity Agent installation via MCM
  7. In the Condition field, select Operating system from the drop-down. Click OK.
  8. IDSecurity Agent installation via MCM
  9. In the Operator field, select One of from the drop-down.
  10. IDSecurity Agent installation via MCM
  11. Select the required operating systems, and click OK to finish.
  12. IDSecurity Agent installation via MCM

Step 4: Deploy the application

  1. Select the application you have created for IDSecurity Agent in the Applications tab, then click Deploy.
  2. IDSecurity Agent installation via MCM
  3. In the Deploy Software Wizard, click Browse next to the Collection field.
  4. IDSecurity Agent installation via MCM
  5. In the Select Collection window, choose Device Collections and then select the machines where the client software should be deployed. Click OK, then proceed by clicking Next.
  6. IDSecurity Agent installation via MCM
  7. In the Content tab, select Distribution Point from the Add drop-down.
  8. IDSecurity Agent installation via MCM
  9. Select the required Distribution Points from the list provided, then click OK.
  10. IDSecurity Agent installation via MCM
  11. Make sure that the distribution points that you selected are shown in the list. Click Next.
  12. IDSecurity Agent installation via MCM
  13. In the Deployment Settings tab, select Required to configure a custom schedule for the installation of the client software. Click Next.
  14. IDSecurity Agent installation via MCM
  15. In the Scheduling tab, specify the schedule for the deployment. Click Next.
  16. IDSecurity Agent installation via MCM
  17. Make the necessary changes in the User Experience tab. Click Next.
  18. IDSecurity Agent installation via MCM
  19. Make the necessary changes in the Alerts tab. Click Next.
  20. IDSecurity Agent installation via MCM
  21. In the Completion tab, confirm the settings chosen and click Close.
  22. IDSecurity Agent installation via MCM

Updating the Installation Key

In case the current installation of the IDSecurity Agent is compromised, regenerate a new Installation Key by navigating to Applications > Multi-factor Authentication > Install IDSecurity Agent > Step 2 > Regenerate in Identity360 Admin portal. Copy the command along with the newly generated key and follow these steps to update the Installation Key.

  1. Select the application you have created for IDSecurity Agent in the Applications tab, then click Properties.
  2. IDSecurity Agent installation via MCM
  3. From the Properties tab, select the Deployment Types tab, then choose the IDSecurity agent's MSI file, and click Edit.
  4. IDSecurity Agent installation via MCM
  5. In the MSI file's properties tab, select the Programs tab.
  6. If the installation key is regenerated, modify the new Installation Key in the Installation Program field.
  7. If the MSI file needs to be updated, replace the file in the network share. In the same window from the above step, select Browse in the Product code field, and choose the MSI file from the network share.
  8. IDSecurity Agent installation via MCM
    IDSecurity Agent installation via MCM
  9. Click OK to finish.
  10. IDSecurity Agent installation via MCM

You have now deployed the Identity360CloudIDSecurityAgent.msi file on the selected client machines.

Copyright © 2024, ZOHO Corp. All Rights Reserved.