+ All Categories
Home > Documents > Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client...

Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client...

Date post: 29-Jul-2020
Category:
Upload: others
View: 62 times
Download: 0 times
Share this document with a friend
10
Installing ADSelfService Plus login agent using Desktop Central www.adselfserviceplus.com
Transcript
Page 2: Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client software (GINA/Credential Provider agent) using ManageEngine Desktop Central. This

Table of Contents

Document summary

Steps for installing the login agent on Windows machines

Step 1: Creating an MSI package

Step 2: Deploying an MSI package

Steps for installing the login agent on macOS machines

Step 1: Creating a macOS package

Step 2: Deploying a package

Steps for installing the login agent on Linux machines

1

1

1

3

4

4

6

6

Page 3: Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client software (GINA/Credential Provider agent) using ManageEngine Desktop Central. This

Document summaryThis document will guide you through the steps involved in installing the  ManageEngine 

ADSelfService Plus login agent (GINA/macOS/Linux agent) using ManageEngine Desktop

Central. This document is written with the assumption that you are a system

administrator with basic knowledge of Desktop Central. 

Steps for installing the login agent on Windows machinesStep 1: Creating an MSI package

Select Commercial from the License Type drop-down.

In the Local installable form field, click This computer (used across multiple remote offices).

Click Add Files. In the window that opens, select the ADSelfServicePlusClientSoftware.msi file located in the bin folder (by default, it's located at C:\ManageEngine\ADSelfService Plus\bin).

Back in the Package Details page, enter an MSI / MSP File Name.

In the MSI / MSP Properties for installation field, enter the following command:SERVERNAME="xyz" PORTNO="9251" PROTOCOL="https"

Log in to Desktop Central as an admin.

Navigate to Software Deployment > Packages > Add Package and select Windows or Mac based on your requirements.

Skip the Network Share configuration settings.

In the Enter Package Details page, enter a Package Name, and click the MSI/MSP radio button.

1

Page 4: Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client software (GINA/Credential Provider agent) using ManageEngine Desktop Central. This

1. FRAMETEXT="" (Enter an appropriate Frame text. Frame text can only be displayed on Windows XP/Windows Server 2003 and lower)

2. BUTTONTEXT="" (Enter an appropriate Button text)

3. IMAGEPATH="" (Enter the folder path of the BMP file to be used as the client software icon)

4. WRAPPING PROVIDER="" (Enter the GUID of your third party Credential Provider client, if any)

5. PROD_TITLE="" (Enter an appropriate Product title)

Sample code: SERVERNAME="xyz" PORTNO="9251" PROTOCOL="https" FRAMETEXT="Can't log on?

Click on password reset or unlock button" BUTTONTEXT="Reset password/unlock account"

IMAGEPATH="C:\Users\adssp-selfservice\Desktop\Images\Product title" 

Note:

In the above command, “xyz” should be the server hostname in which ADSelfService Plus is installed. You'll

also need to change the PORTNO and PROTOCOL in the above command. If you want your client software

to have the default layout (depicted in Figure 1), only enter the above given command; otherwise, you can

customize it with the following parameters

Figure 1. Frame text, button text, and icon for Windows XP/Windows Server 2003 and lower.

2

Page 5: Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client software (GINA/Credential Provider agent) using ManageEngine Desktop Central. This

Figure 2. Button text and icon for Windows 8, Windows Server 2012, and above.

Figure 3. Product title text.

Click Add Package.

You have now created a software package that you can deploy to the computers in your

domain.

Step 2: Deploying an MSI package

Select the package you have created in the Packages tab.

Select Computer Configuration from the Install/Uninstall Software drop-down.

3

Page 6: Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client software (GINA/Credential Provider agent) using ManageEngine Desktop Central. This

1. Log in to Desktop Central as an admin.

2. Navigate to Software Deployment > Packages > Add Package and select Windows or Mac based on

your requirements.

3. Enter a Package Name.

4. Select Commercial from the License Type drop-down.

5. Click on the Installation tab.

Click Deploy Immediately.

In the Install/Uninstall Windows Software page that opens, enter a Name.

In the Define Target section, select the required domains and computers to which you'd like

to deploy the MSI package.

4

Steps for installing the login agent on macOS machinesStep 1: Creating a macOS package

Page 7: Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client software (GINA/Credential Provider agent) using ManageEngine Desktop Central. This

5

In the command mentioned above, the appropriate values must be mentioned for the parameters below.

-pkg - Enter the file location of the ADSelfServicePlusMacLoginAgent.pkg file.

-serverName - Enter the hostname of the server in which ADSelfService Plus is installed.

-protocol - Enter the protocol that the server uses to communicate.

-portNumber - Enter the port number for ADSelfService Plus.

-loginMFA - Enter “true” if you want multi-factor authentication to be enabled during login. Enter

“false” if you don't want multi-factor authentication to be enabled.

-bypassMFAServerUnreach - Enter “true” if you want to bypass login multi-factor authentication when

the ADSelfService Plus server is unreachable. If not, enter “false”.

-showRPUALink - Enter “true” if you want to display the Reset Password/Unlock Account link and

allow users to reset their password or unlock their accounts. If you only want login multi-factor

authentication to be enabled, enter “false”.

If you want your login agent to have the default layout (depicted in Figure 1), only enter the command

above; otherwise, you can customize it with the following parameters:

-buttonText - Enter the text to be displayed in the Reset Password/Unlock Account button.

-prodTitle - Enter the text to be displayed in the ADSelfService Plus window for password resets and

account unlocks.

6. In the Upload Files section that appears, click Add Files and then select Choose Files.

7. In the window that opens, browse and select the installMacAgent.sh file located in the bin folder (by

default, it's located at C:\ManageEngine\ADSelfService Plus\bin). The installMacAgent.sh file will be

uploaded.

8. Follow the steps above to upload the ADSelfServicePlusMacLoginAgent.pkg as well.

9. Click Show in the Advanced Settings section. In the section that appears, enter the following command

in the Installation Command field:

sudo -u root sh installMacAgent.sh -remoteInstall -install -pkg <File

Location>/ADSelfServicePlusMacLoginAgent.pkg -serverName "<Server Name>" -protocol

"<Server Protocol>" -portNumber "<Server Port Number>" -loginMFA "<true/false>"

-bypassMFAServerUnreach "<true/false>" -showRPUALink "<true/false>"

Page 8: Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client software (GINA/Credential Provider agent) using ManageEngine Desktop Central. This

6

10. Click Add Package.

11. You have now created a software package that you can deploy to the computers in your domain.

1. In the Packages tab, select the package you have created.

2. Select Computer Configuration from the Install/Uninstall Software drop-down.

3. In the Install/Uninstall Windows Software page that opens, enter a Name. In the Define Target section,

select the required domains and computers to which you'd like to deploy the MSI package.

4. Click Deploy Immediately.

2. In the Add Configurations page that opens up, click Computer under Custom Script.

3. In the Custom Script (Computer) section that opens, provide a Name for the configuration.

4. Under Execute Script From, select Command Line.

5. In the Command Line field, enter the following command:

1. Navigate to Configurations. Under Add Configurations, hover over Configurations and select Linux.

-serverUnreachMsg - Enter the message to displayed when the server is not reachable during

endpoint multi-factor authentication.

-imagePath - Enter the file path for the Reset Password/Unlock Account button image.

Step 2: Deploying a package

Steps for installing the login agent on Linux machines

Page 9: Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client software (GINA/Credential Provider agent) using ManageEngine Desktop Central. This

-serverName - Enter the hostname of the server in which ADSelfService Plus is installed.

-protocol - Enter the protocol that the server uses to communicate.

-portNumber - Enter the port number for ADSelfService Plus.

-title - Enter the title to be displayed.

-linkText - Enter the link text to be displayed.

-contextPath - Enter the server context path.

-restrictBadCert - Enter “true” if you want the login agent to work even when the SSL certificate

applied is invalid. Enter “false” if you don't want the login agent to work in that situation.

-loginMFA - Enter “true” if you want multi-factor authentication to be enabled during login. Enter

“false” if you don't want multi-factor authentication to be enabled.

-bypassMFA - Enter “true” if you want to bypass login multi-factor authentication when the

ADSelfService Plus server is unreachable. If not, enter “false”.

-serverUnreachMsg - Enter the message to be displayed when the server is unreachable.

-defaultDomain - Enter the default domain that the Linux machines are binded to.

7

6. In the Dependency Files field, click Browse. In the window that opens, select the installLinuxAgent.sh

file located in the bin folder (by default, it's located at C:\ManageEngine\ADSelfService Plus\bin. The

installLinuxAgent.sh file will be uploaded.

7. Follow the steps above to upload the ADSSPLinuxClient.tar.gz and ADSSPLinuxClient64.tar.gz files as

well.

8. Specify the Exit Code as “0”.

9. In the Define Target section, select the domains and computers to which you'd like to deploy the MSI

package.

10. Click Deploy Immediately.

sudo bash installLinuxAgent.sh -install -serverName '<Server Name>'' -portNumber

'<Server Port Number>' -protocol '<Server Protocol>' -title '<Title>' -linkText '<Link Text>'

-contextPath 'ssp' -restrictBadCert '<true/false>' -loginMFA '<true/false>' -bypassMFA

'<true/false>' -serverUnreachMsg '<message to be displayed>' -selfService '<true/false>'

-defaultDomain '<domain name>'

Page 10: Installing ADSelfService Plus Client software using ... · ManageEngine˜ADSelfService Plus client software (GINA/Credential Provider agent) using ManageEngine Desktop Central. This

ADSelfService Plus is an integrated Active Directory self-service password management and single sign-on solution. It offers password self-service, password expiration reminders, a self-service directory updater, a multiplatform password synchronizer, and single sign-on for cloud applications. Use the ADSelfService Plus Android and iPhone mobile apps to facilitate self-service for end users anywhere at any time. ADSelfService Plus supports the IT help desk by reducing password reset tickets and spares end users the frustration caused by account lockouts and forgotten passwords. 

For more information, please visit www.manageengine.com/products/self-service-password.


Recommended