Requirements
- Windows Server 2012r2 or higher.
- Windows Desktop 10 or higher.
- Intel 64-bit Chipset architecture.
How to download the Evo Credential Provider Agent (MSI)
To download a Zip File of the MSI, click HERE or follow the steps below:
- From your Evo Portal, on the left nav menu, select My Company. (Alternatively, select Customers and choose a customer from the list.)
- Select Applications from the left nav menu.
- Click the Windows Desktop card.
- Click Download Evo Windows Login Agent.
- Select the download location for the file. (C:/Downloads may be the default location.)
How to install the agent with a script
Now that the MSI package has been downloaded there are few ways you can proceed with installing the agent.
How to install the agent on a single desktop
Rather than scripting the installation, you can simply complete the installation on a case-by-case basis by following the installation wizard.
For this installation you will need the following information handy. (1) Your Evo URL and (2) Evo directory name.
- Transfer the MSI file to the workstation you wish to install on.
- From the workstation, open an explorer window and navigate to where the downloaded file was saved (e.g.: C:\Downloads).
- Double-click the MSI file (EvoCredentialProviderSetup.msi) downloaded.
- On the Welcome Screen, Click Next.
- Check I accept the terms of the License Agreement.
- Click Next.
- Optional, to force all workstation logins go through Evo Secure Login only, Click Evo Login Only.
- !!This will require any user trying to access the workstation to use Evo!!
- Click Next.
- In the Environment URL field, enter your Evo domain.
- Be sure to include the https:// and remove the trailing / at the end of the url. It should look like such - https://yourenvironment.evosecurity.com
- In the Evo Directory field, enter the associated Evo Directory (For an EvoCloud directory, append '_local' to the directory).
- In the Fail-safe user field, enter a backup user that can login to the workstation. This is usually a local administrative account, or a privileged account that you know the credentials to. This user will have the capability to by-pass the Evo login and does not require an Evo license.
- Select the appropriate Authentication Mode.
- End User Only > Will only allow for a regular user (non-Elevated) to login.
- Elevated Only > Will only allow Elevated users to login.
- Both > Will allow for either an end user or elevated user to login. (Recommended option)
- NOTE: If you have selected Elevated Only or Both. You will need to enter an Access token and Secret key as generated within your Evo portal. (see: Access Tokens)
- Optional, Select an MFA Grace Period for user lockout.
- For more info about how the MFA Grace period works see: MFA Grace Period
17. Click Next.
18. Click Install.
19. Click Finish.
(*) If you generate a new shared key, you will need to update the key on the Evo Secure Login app for Windows where it has been previously configured. See How to modify the configuration.
How to test the connection
Now that you’ve completed the installation, it is always a good idea to test that things are working as expected.
- From Windows Explorer, navigate to C:\Program Files\EvoSecurity\EvoSecureLogin.
- Double-click the EvoSettingsEditor.exe file.
- Click Test Connection.
- Enter the username for a user synced with Evo.
- Click Connect.
- If test was successful, close the settings editor.
- If errors were encountered, close the test connect screen. And confirm the settings. Update where appropriate and click Apply.
- Repeat steps 3-5 to retest the connection.
If the test connection continues to fail, please contact Evo Support for assistance. To ensure that your users aren’t locked out, we recommend uninstalling the agent temporarily and walking through the process with our support team.
How to modify the configuration
Modifying the configuration of the Evo Secure Login for Windows has never been easier.
- From Windows Explorer, navigate to C:\Program Files\EvoSecurity\EvoSecureLogin.
- Double-click the exe file.
- Make the edits you want.
- Click Apply.
How to uninstall the agent
You can uninstall the application from Add or Remove Programs. Locate Evo Secure Login, click Uninstall.
Or if you still have the MSI package available, you can double-click the package and follow the uninstall wizard (Next > Remove > Remove > OK > Finish).
*Windows Server 2012 Differences*
Functionality and User Interface wise, there is no difference between using 2012 and 2016/19. The limitation appears during the UAC prompt. The 2012 UAC prompt DOES NOT support push notifications, only the Login/unlock. The other difference is during installation. Windows server 2012 enables TLS 1.2 client protocols if they have not been abled before. When uninstalling, this will NOT remove the enabled protocols, so they much be disabled manually.