Installation and Configuration

Client Installation

HYPR Workforce Access for Windows can be installed silently or using the installer user interface. Administrative access to the target workstation is required. Introduction of new keys will be made as a result of a successful installation.

Silent Install

The HYPR Workforce Access Client can be installed on the command line using msiexec.

Command Line Parameters

Parameter NameDescriptionValuesDefault
HYPRAPPIDThe application ID as specified in the Control CenterA character array [0..256]No default. Mandatory Field
HYPRRPThe URI of the Control Center. Replace your.domain.here with your domain in the example URI below:

https://<your.domain.here>/rp

This URI must end in /rp
A character array [0..256]No Default. Mandatory Field
HYPRSUPPORTThe email address where support requests will be mailedA valid email addressNo Default. Optional
HYPRHASHThe SHA1 Hash of the server SSL certificate. This serves as the Public Key Pinning value.A SHA1 hash of the server SSL certificate.No Default. Mandatory
HYPRTEMPLATECertificate template nameA valid certificate template nameDefault is User template. Optional

πŸ“˜

Example Installation

From a command prompt with administrative priveleges

msiexec.exe /qn /i .\EmployeeAccess.msi HYPRAPPID="WindowsUnlock" HYPRRP="https://my.host.com/rp" HYPRSUPPORT="[email protected]" HYPRHASH="abcdef...fedcba" HYPRTEMPLATE="HYPRUser"

❗️

CAUTION

  • The Alternate Subject Name must include the User Principal Name (UPN) in the certificate template

  • Default user template User will be used if HYPRTEMPLATE parameter wasn't specified

  • The installer file name shall not be changed unless otherwise noticed by HYPR.

Installer user interface

Rather than performing a silent install, you can use the installer wizard provided by HYPR. Double click the .msi installer provided to you by HYPR. You will see the installer user interface Window

  1. Click Next
  1. Accept the End User Agreement Terms
  1. Enter provided parameters
  1. If any of four parameters of Relying Party URL, Application ID, Public Key Pinning or Support Email do not meet their required criteria, a warning message will pop up.

Certificate Template can be left blank to make use of default user templates.

  1. Click Install

When the installation finishes you will be prompted to restart the workstation to complete the installation.

🚧

Certificate Template Configuration

If you're using the installer user interface for installation and would like to specify the User Certificate Template, then you'll need to set it manually in Registry Editor. See keys and values below.

❗️

REQUIRED

You must restart your workstation after installation completes in order to use the application

Registry Keys

Installation requires that keys are installed into the registry of the target workstation. These keys are required for normal functioning of the application.

NameDescription
Application IDThe application ID specified during installation. If you do not specify one this will be blank. This can be updated afterwards by an admin.
Machine IDA unique identifier for the workstation. This should never be changed
Public Key PinningSHA1 hash of the server SSL certificate
Relying Party UrlThe URI as provided by the installer
Support EmailThe support email for your organization
Certificate TemplateCertificate template name
Recovery Pin TextThe text message displayed on the login screen when the user clicks "Don't have your phone?"

πŸ“˜

New Key Added

After Installation, the following keys will be added to under the following path:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C822931E-86C5-4482-85C1-049523A13A09}

Updated about a month ago

Installation and Configuration


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.