Synopsis
This step-by-step guide will describe how to edit the EvoCredentialProviderSetup.msi file using Microsoft Orca.
Using Orca to edit msi file
Requirements
- The latest EvoCredentialProviderSetup.msi downloaded and unpacked to your machine.
- ECPS Customer Configuration Sheet(The JSON file that you made a copy of while creating an Access Token for this customer).
- MS Orca installed to edit MSI file.
Steps
- Launch the Orca application.
- Go to File, click on Open, and browse to the downloaded file EvoSecurityProviderSetup.msi, then select Open.
- On the Tables menu, select Property.
- Find the Property named CREDENTIAL_MODE and double-click the 90 under the Value column to edit it.
- Option 1 - Type in 10 to enable Elevated Login ONLY operating mode.
- Option 2 - Type in 90 to enable Evo Secure Login (No Elevated Access) ONLY operating mode.
- Option 3 - Type in 100 to enable both Evo Secure Login and Elevated Access operating mode.
- Now, right-click Property on the right-hand pane and then select Add Row.Silent.
- In the Add Row dialog box, type ENVIRONMENTURL in the text box. DO NOT press the OK button yet.
- Click on Value and type in your Evo Environment URL. For our demo we will use https://demo.evosecurity.com. Then click OK.
- Once again, right-click Property on the right-hand pane and then select Add Row.
- In the Add Row dialog box, type DOMAIN in the text box. DO NOT press the OK button yet.
- Click on Value and type in the Evo Directory name for that customer. For our demo we will use evo.demo. Then click OK.
- Once again, right-click Property on the right-hand pane and then select AddRow.
- In the Add Row dialog box, type ACCESSTOKEN in the text box. DO NOT press the OK button yet.
- Click on Value and type in your Evo Access Token. For our demo we will use AccessToken123. Then click OK.
- Once again, right-click Property on the right-hand pane and then select Add Row.
- In the Add Row dialog box, type APIKEY in the text box. DO NOT press the OK button yet.
- Click on Value and type in your Evo API Key(This is the SecretKey that you generated and saved a copy of in the Access=>Shared Key section). For our demo we will use abc123@@@. Then click OK.
- Click on File, select Save (please do not use "Save As"), type in a File name in the text box, and click Save to save your MSI file. In this demo, we will save the file as CustomerECPS.msi.
- Exit Orca.
Conclusion
This concludes the steps to edit the MSI file for Elevated Login operating mode. Please proceed to Deploy .MSI Package via GPO, to create a GPO for deployment.
Appendix
Below are additional MSI Properties that can be optionally set if desired.
FAILSAFEUSER Property
The FAILSAFEUSER property can be used to set a user for which Evo Secure Login will not try attempt two factor authorization but will login the user with the credentials they provide. This is an optional setting available for only one user.
If the computer is attached to a domain, then this setting should be DOMAIN\USERNAME where DOMAIN is the Windows Active Directory domain and USERNAME is the username for the user on that domain.
However, if the computer is not attached to a domain, it is preferable that it would be WORKGROUP\USERNAME where WORKGROUP should be the literal string “WORKGROUP” (without quotes) and USERNAME will be the login name for that machine. You can use Orca to add the FAILSAFEUSER property.
SOLEPROVIDER Property
The SOLEPROVIDER property can be used to set Evo Secure Login as the only credential provider available on the computer where it is installed. By default, this feature is set to 0 which is disabled. You can use Orca to edit the default SOLEPROVIDER property and set it to 1 to enable it.