Deploy Desktop MFA

Expand Desktop MFA to your organization.

Day 1 Control Center for your Pilot

Follow these steps below to configure your Control Center for Day 1 use with your pilot team.

Your HYPR Control Center installation will come with a pre-configured application that you can use for Desktop MFA. This application name is "HYPR Default Workstation Application" and it has the application ID: HYPRDefaultWorkstationApplication as shown in the image below:

The default application also comes with pre-configured policies for user registration and authentication. You can view these policies in the Policy Management section but you should not need to modify them.

Preparing for HYPR Desktop MFA Installation

To ensure that your environment is configured properly to work with HYPR, please ensure you do the following.

  1. Ensure you have Admin access to the workstations you're installing to.
  2. Ensure that you have Active Directory Certificate Services (ADCS) configured properly by following these instructions.
  3. Ensure that your workstations can communicate to your HYPR tenant over port 443.

🚧

A Restart is Required After Installation

After installing the HYPR for Desktop MFA client, you will need to restart the machine in order for the installation to complete successfully.

Installing HYPR across Multiple Workstations (Using SCCM)

To install HYPR using SCCM, follow the below instructions.

  1. Get the HYPR installer file (WorkforceAccess_x64.msi) that was emailed to you or that you received from your HYPR Deployment Advisor.
  2. Follow the parameters below to see which parameters you'll need to provide for your installation via SCCM. For more information on these parameters read this table.
msiexec.exe /qn /i .\WorkforceAccess_x64.msi HYPRAPPID="HYPRDefaultWorkstationApplication" HYPRRP="https://my.tenanturl.com/rp" HYPRSUPPORT="[email protected]" HYPRHASH="abcdef...fedcba" HYPRTEMPLATE="HYPRUser"
  1. Create the application using Configuration Manager by following Microsoft's instructions found here. Be sure to use the parameters in step #2 in the "Installation Program" field.
  2. Follow Microsoft instructions to deploy the client.

📘

Need Assistance? Contact your HYPR Team Expert.

Deploying HYPR Manually on a Windows Workstation

To install HYPR manually on a workstation, simply double click on the installer and follow these steps to continue through the installation.

  1. Your Relying Party URL will be https://yourTenantHost.com/rp
  2. Your Application ID will be HYPRDefaultWorkstationApplication
  3. Your Public Key Pinning value will be the TLS fingerprint of your HYPR tenant. You can get this value by using the command below:
openssl s_client -connect yourTenantHost.com:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin | tr -d ':'

## Sample Response:
## SHA1 Fingerprint=A945A262C792EA954F0E60BD0FAA7630EE64BDF4

📘

Public Key Pinning for *.gethypr.com

If your HYPR tenant is on the *.gethypr domain, your pinning value should be A945A262C792EA954F0E60BD0FAA7630EE64BDF4

  1. Your Certificate Template name should be the name of the certificate template you configured in the Preparing for HYPR Desktop MFA Installation above. The default value is called "User"
  2. For the support email, put in an email that is a distribution list for support staff.

Deploying HYPR Direct with JSON File

If you received a zip file with the HYPR installer in it and it contains a "hypr.json" file, This file is pre-configured with the parameters in the above section.

To complete the installation, simply double click the .msi installer and it will read the parameters from the hypr.json file.

🚧

Be sure to extract the .zip file

In order for the installer to pick up the "hypr.json" file, you need to ensure that the zip file is extracted and that you click the installer in the extracted folder.

Next Steps

If you want to configure HYPR with your SSO Provider, follow these steps.
Otherwise invite your team to your pilot.