Installation of the login agent on Windows (GINA), macOS, or Linux

Supported platforms

To protect machines with MFA and to let domain users reset passwords from their Windows, macOS, or Linux login screens, admins have to deploy the login agent on the users’ machines.

The different platforms supported by the login agent are listed below.

Windows servers	Windows clients (both workgroup and domain-joined)	macOS clients	Linux clients
Windows Server 2022	Windows 11	macOS 15 Sequoia	Red Hat Enterprise Linux 8.x-9.x *
Windows Server 2019	Windows 10	macOS 14 Sonoma	Rocky Linux 8.x-9.x *
Windows Server 2016	Windows 8.1	macOS 13 Ventura	Ubuntu 16.x-20.04.4
Windows Server 2012 R2	Windows 8	macOS 12 Monterey	Fedora 27.x-31.x
Windows Server 2012	Windows 7	macOS 11 Big Sur	CentOS 7.X
Windows Server 2008 R2	Windows Vista	macOS 10.15 Catalina
Windows Server 2008		macOS 10.14 Mojave
		macOS 10.13 High Sierra
		macOS 10.12 Sierra
		OS X 10.11 El Capitan
		OS X 10.10 Yosemite

* Machines running Red Hat Enterprise Linux and Rocky Linux can be secured with machine login MFA. Self-service password resets and unlocks from the login screen are currently not supported for these platforms.

Different methods to deploy the Login Agent

The login agent can be deployed on users' machines in one of the following ways:

A. From the ADSelfService Plus admin console

The ADSelfService Plus admin portal is a simple and effective way to install the login agent on domain-joined Windows, macOS and Linux machines.

Note: The login agent cannot be installed on Windows workgroup machines from the admin console.

Installation Steps

1. In the ADSelfService Plus web portal, go to Configuration > Administrative Tools > GINA/Mac/Linux (Ctrl+Alt+Del) > GINA/Mac/Linux installation.
2. Click New Installation.
3. Select a domain and then the computers on which you want to install the login agent.
4. Click Install.

Click here for detailed information on installing and customizing the Login Agent through the ADSelfService Plus Admin Portal.

The Login Agent Installation Key

• Please treat the Installation Key like a password. It is sensitive information and must not be shared. Please regenerate a new Installation Key using the link in the product GUI if the current Installation Key is compromised.
• If a new Installation Key is regenerated, copy the command with the new Installation Key from the product admin portal and update the Installation Command field with the new command for all new installations done via GPO, SCCM, Endpoint Central or other third-party installation applications.
• The generation of a new Installation Key will not affect the existing installations of the Login Agent on installed machines.

B. Manual installation

1. Using the Installation Wizard

Manual agent installation on Windows/macOS/Linux clients using the installer package

1. From the ADSelfService Plus admin portal, navigate to Configuration → Administrative Tools → GINA/Mac/Linux (Ctrl+Alt+Del).
2. Click Manual Installation Steps (GINA/MAC/Linux) to open the Manual Installation Steps pop-up.

To install the Login Agent on Windows, macOS, and Linux machines, follow the steps given under the respective tabs.

2. Using the Command Line Interface (CLI)

a. Login agent CLI installation on workgroup and domain-joined Windows machines

When the login agent is installed manually using the MSI package on computers running Windows Vista and later operating systems with User Account Control (UAC) enabled, it may not function properly. In such cases, you can install the Windows login agent manually through the Command Prompt, as shown here.

b. Login agent CLI installation on domain-joined macOS machines

1. Copy the ADSelfServiceMacLoginAgent.pkg file from the product <Installation Directory>/bin folder and paste it onto the machine where the login agent is to be installed.
2. Copy the macOS CLI command from the ADSelfService Plus admin portal. Go to Configuration > Administrative Tools > GINA/MAC/LINUX (Ctrl + Alt + Del) > Installation Help Guide > macOS Login Agent CLI installation > View Command to find it. It is shown in the pop-up that appears on clicking View Command.



3. Open the Terminal on the Mac, navigate to the directory that the installer package was copied to, then paste the command, and execute it.

Note: Use the macOS CLI command when you are silently installing the Login Agent via the terminal or via any 3rd party endpoint management tools like Endpoint Central.

c. Login agent Installation on domain-joined Linux machines

1. Copy the installLinuxAgent.sh and ADSSPLinuxClient.tar.gz files from the product <Installation_Directory>/bin folder and paste them onto the target Linux machine on which the login agent is to be installed.
2. Copy the Linux CLI command from the ADSelfService Plus admin portal. Go to Configuration > Administrative Tools > GINA/MAC/LINUX (Ctrl + Alt + Del) > Installation Help Guide > Linux Login Agent CLI installation > View Command to find it. It is shown in the pop-up that appears on clicking View Command.



3. Open the Terminal on the Linux machine and navigate to the directory that the installer package was copied to. Paste and execute the command.

C. Via GPO

Follow the steps in this login agent installation guide to install the Windows login agent on domain-joined Windows machines, using GPO.

D. Via the Microsoft Configuration Manager

Follow the steps in this login agent installation guide to install the Windows login agent on domain-joined Windows machines using Microsoft Configuration Manager.

E. Via Endpoint Central

Follow the steps in this Login Agent installation guide to install the login agent on domain-joined Windows, macOS, and Linux machines using Endpoint Central.

Note: The installation of the login agent via GPO and SCCM deployment methods is only applicable on domain-joined Windows machines.

Uninstalling or updating the login agent:

You can find the steps to uninstall or update the login agent on Windows, macOS, and Linux machines, in this guide.