Deploy Desktop MFA

Expand Desktop MFA to your organization.

Day 1 Control Center for Your Pilot

Follow these steps below to configure your Control Center for Day 1 use with your pilot team.

Your HYPR Control Center installation will come with a pre-configured application that you can use for Desktop MFA. This application name is HYPR Default Workstation Application and it has the application ID HYPRDefaultWorkstationApplication, as shown in the image below:

The default application also comes with pre-configured policies for user registration and authentication. You can view these policies in the Policy Management section but you should not need to modify them.

Preparing for HYPR for Desktop MFA Installation

To ensure that your environment is configured properly to work with HYPR, please ensure you do the following.

  1. Ensure you have Admin access to all workstations where HYPR for Desktop MFA will be installed.
  2. Ensure that you have Active Directory Certificate Services (AD CS) configured properly by following these instructions.
  3. Ensure that your workstations can communicate to your HYPR tenant over port 443.


A Restart Is Required after Installation

After installing the HYPR for Desktop MFA client, you will need to restart the machine for the installation to complete successfully.

Installing HYPR across Multiple Workstations Using Endpoint Configuration Manager

To install HYPR using Endpoint Configuration Manager (was System Center Configuration Manager, or SCCM), follow the steps shown here:

  1. Get the HYPR installer file (WorkforceAccess_x64.msi) that was emailed to you or that you received from your HYPR Deployment Advisor.
  2. Determine which of the parameters listed here you will need to provide for your installation via Endpoint Configuration Manager. For more information on these parameters read this table.
    msiexec.exe /qn /i .\WorkforceAccess_x64.msi HYPRAPPID="HYPRDefaultWorkstationApplication" HYPRRP="
  3. Create the application using Endpoint Configuration Manager by following Microsoft's instructions found here. Be sure to use the parameters from Step #2, above, in the installation program field under Create the application.
  4. Follow Microsoft's instructions to deploy the client.


Need Assistance? Contact your HYPR Team Expert.

Deploying HYPR Manually on a Windows Workstation

To install HYPR manually on a workstation, double click on the installer and follow these steps to continue through the installation.

  1. Your Relying Party URL will be
  2. Your Application ID will be HYPRDefaultWorkstationApplication.
  3. Your Public Key Pinning value will be the TLS fingerprint of your HYPR tenant. You can get this value by using the command below:
    openssl s_client -connect < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdin | tr -d ':'
    Sample Response:
    SHA1 Fingerprint=A945A262C792EA954F0E60BD0FAA7630EE64BDF4


Public Key Pinning for *

If your HYPR tenant is on the *.gethypr domain, your pinning value should be A945A262C792EA954F0E60BD0FAA7630EE64BDF4

  1. Your Certificate Template name should be the name of the certificate template you configured in the Preparing for HYPR for Desktop MFA Installation above. The default value is called User.
  2. For the support email, enter an email that is a distribution list for support staff.

Deploying HYPR Direct with JSON File

If you received a .zip file with the HYPR installer in it and it contains a hypr.json file, This file is pre-configured with the parameters in the above section.

To complete the installation, double click the .msi installer and it will read the parameters from the hypr.json file.


Be sure to extract the .zip file

In order for the installer to pick up the hypr.json file, you need to ensure that the .zip file is extracted and that you click the installer in the extracted folder.

Next Steps

If you want to configure HYPR with your SSO provider, follow these steps.
Otherwise invite your team to your pilot.