.. role:: bold-underline :class: bold-underline Installing The Client ===================== A Brief Overview ++++++++++++++++ This document describes how to install OmniDefend client components. There are two types of OmniDefend Client Components required. 1. OmniDefend Chrome Extensions 2. OmniDefend Clients OmniDefend Chrome/Edge Extensions should be installed from Google Chrome Store. .. image:: /images/OD-Square-Shape-Logo-01.png :align: center .. _chrome-edge-extensions: OmniDefend Chrome/Edge Extensions ++++++++++++++++++++++++++++++++++++ A Chrome/Edge extension is a small program that extends the functionality of the Google Chrome/Microsoft Edge browser. OmniDefend uses extension to access biometric devices and provide Single Sign On capabilities. OmniDefend required following two extensions for MFA and SSO Functionalities. 1. OmniDefend MFA Extension (Supports OmniDefend MFA functionality with biometric devices) https://chrome.google.com/webstore/detail/omnidefend-mfa-extension/bjmgfifmindcopelajhaahpibmmojkga 2. OmniDefend SSO Extension (Support OmniDefend SSO functionality for Web Applications and Desktop Applications) https://chrome.google.com/webstore/detail/omnidefend-sso-extension/deeppkmgnnimofmekmncjmncpcbodmbl OmniDefend SSO extension requires OmniDefend Server Information to connect. Please edit the registry file below (``Clients_Configuration.reg``) and update the ``ServerUrl``, ``ClientId``, ``ClientSecret``, ``SupportKioskMode`` and ``AutoLogin`` values under Google Chrome Extension Configuraton Information and Microsoft Edge Extension Configuraton Information in registry files. Please install updated registry files on the client systems. .. code-block:: ini Windows Registry Editor Version 5.00 ; -------------------------------------------------- ; Google Chrome Extension Configuraton Information ; -------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\deeppkmgnnimofmekmncjmncpcbodmbl] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\deeppkmgnnimofmekmncjmncpcbodmbl\policy] "ServerUrl"="" "ClientId"="" "ClientSecret"="" "SupportsKioskMode"="" "AutoLogin"="" ; -------------------------------------------------- ; Microsoft Edge Extension Configuraton Information ; -------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\deeppkmgnnimofmekmncjmncpcbodmbl] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\deeppkmgnnimofmekmncjmncpcbodmbl\policy] "ServerUrl"="" "ClientId"="" "ClientSecret"="" "SupportsKioskMode"="" "AutoLogin"="" ; ---------------------------------------------------- ; Windows Credential Provider Configuraton Information ; ---------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Softex] [HKEY_LOCAL_MACHINE\SOFTWARE\Softex\OmniDefend\CredProv] "ServerUrl"="" "ClientId"="" "ClientSecret"="" Manual Installation ------------------- Please go to above two links to install the extensions. Please click on “Add to Chrome” blue button to install the extensions. Please update the appropriate registry files and run the registry files to enable the OmniDefend functionalities. The files are listed below: :bold-underline:`Chrome Registry Policy` .. code-block:: ini Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\deeppkmgnnimofmekmncjmncpcbodmbl] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\3rdparty\extensions\deeppkmgnnimofmekmncjmncpcbodmbl\policy] "ServerUrl"="" "ClientId"="" "ClientSecret"="" "SupportsKioskMode"="" "AutoLogin"="" :bold-underline:`Edge Registry Policy` .. code-block:: ini Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\deeppkmgnnimofmekmncjmncpcbodmbl] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\3rdparty\extensions\deeppkmgnnimofmekmncjmncpcbodmbl\policy] "ServerUrl"="" "ClientId"="" "ClientSecret"="" "SupportsKioskMode"="" "AutoLogin"="" :bold-underline:`CredProv Setting Registry File` .. code-block:: ini Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Softex] [HKEY_LOCAL_MACHINE\SOFTWARE\Softex\OmniDefend\CredProv] "ServerAddress"="" "ClientId"="" "ClientSecret"="" .. _group-policy-deployment: Deploy Extension via Group Policy --------------------------------- System administrator can use group policy to deploy the Chrome/Edge extension on required systems. :bold-underline:`Chrome Extension:` Please perform following steps on the domain controller server. 1. Check if ``C:\Windows\PolicyDefinitions\chrome.admx” and “C:\Windows\PolicyDefinitions\en-US\chrome.adml`` file exist on server. Please skip to step 6, if file exist. 2. Download google policy templates at https://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip 3. Unblock and unzip the downloaded ``policy_templates.zip`` 4. Copy ``\windows\admx\chrome.admx`` file under ``C:\Windows\PolicyDefinitions``. 5. Copy ``\windows\admx\en-US\chrome.adml`` file under ``C:\Windows\PolicyDefinitions\en-US`` 6. Go to ``Start → Run``. Type ``gpmc.msc`` and click OK to launch Group Policy Management. 7. Under Group Policy Management, open a node of Server Domain and select ``EDIT`` by right click to Default Domain Policy. This action will open Group Policy Management Editor as you can see below. .. image:: /images/group-policy-management.png 8. Under Group policy management Editor. Select ``Computer Configuration > Policies > Administrative Templates/Google Chrome/Extensions`` option 9. Select and double click on the ``Configure the list of force-installed apps and extensions`` option. Select ``Enabled`` radio button. This action will enable the ``Show`` button under Options: 10. Click Show button and add following two entries. If you already have entries in the ``Show Contents`` window, please add following two entries at the end. Click OK on the ``Show Contents`` window and Click Apply on the ``Configure the list of force-installed apps and extensions`` window. ``bjmgfifmindcopelajhaahpibmmojkga;https://clients2.google.com/service/update2/crx`` ``deeppkmgnnimofmekmncjmncpcbodmbl;https://clients2.google.com/service/update2/crx`` 11. Select and double click on the “Extension management settings” option. Select “Enabled” radio button. This action will enable the text box below Extension management settings under Options. Add following text in the text box. If you already have text in the text box, please add following text at the end. .. code-block:: ini {"bjmgfifmindcopelajhaahpibmmojkga": {"update_url":"https://clients2.google.com/service/update2/crx","override_update_url":true,"installation_mode":"force_installed"},"deeppkmgnnimofmekmncjmncpcbodmbl":{"update_url":":"https://clients2.google.com/service/update2/crx","override_update_url":true,"installation_mode":"force_installed ","toolbar_pin":"force_pinned"}} 12. Once Group Policy applied to the user’s system, The Chrome Extensions will automatically get installed on the user’s system. To forcefully apply the policy, run ``gpupdate /force`` in Command Prompt with Elevated Rights [Administrator Mode] on user’s system. :bold-underline:`Edge Extension:` Please perform following steps on the domain controller server. 1. Check if ``C:\Windows\PolicyDefinitions\msedge.admx`` and ``C:\Windows\PolicyDefinitions\en-US\msedge.adml`` file exist on server. Please skip to step 6, if file exist. 2. Download Edge policy templates at https://www.microsoft.com/en-us/edge/business/download 3. Unblock and unzip the downloaded ``MicrosoftEdgePolicyTemplates.zip`` 4. Copy ``\windows\admx\msedge.admx`` file under ``C:\Windows\PolicyDefinitions``. 5. Copy ``\windows\admx\en-US\msedge.adml`` file under ``C:\Windows\PolicyDefinitions\en-US`` 6. Go to ``Start → Run``. Type ``gpmc.msc`` and click OK to launch Group Policy Management. 7. Under Group Policy Management, open a node of Server Domain and select ``EDIT`` by right click to Default Domain Policy. This action will open Group Policy Management Editor. 8. Under Group policy management Editor. Select ``Computer Configuration > Policies > Administrative Templates/Microsoft Edge/Extensions`` option 9. Select and double click on the ``Control which extensions are installed silently`` option. Select ``Enabled`` radio button. This action will enable the ``Show`` button under Options: 10. Click Show button and add following two entries. If you already have entries in the “Show Contents” window, please add following two entries at the end. Click OK on the “Show Contents” window and Click Apply on the “Configure the list of force-installed apps and extensions” window. ``bjmgfifmindcopelajhaahpibmmojkga;https://clients2.google.com/service/update2/crx`` ``deeppkmgnnimofmekmncjmncpcbodmbl;https://clients2.google.com/service/update2/crx`` 11. Select and double click on the “Extension management settings” option. Select “Enabled” radio button. This action will enable the text box below Extension management settings under Options. Add following text in the text box. If you already have text in the text box, please add following text at the end. .. code-block:: ini {"bjmgfifmindcopelajhaahpibmmojkga": {"update_url":"https://clients2.google.com/service/update2/crx","override_update_url":true,"installation_mode":"force_installed"},"deeppkmgnnimofmekmncjmncpcbodmbl":{"update_url":":"https://clients2.google.com/service/update2/crx","override_update_url":true,"installation_mode":"force_installed","toolbar_state":"force_shown"}} .. image:: /images/edge-extension-management.png 12. Once Group Policy applied to the user’s system, The Chrome Extensions will automatically get installed on the user’s system. To forcefully apply the policy, run ``gpupdate /force`` in Command Prompt with Elevated Rights [Administrator Mode] on user’s system. 1. Universal SSO Engine. The OmniDefend SSO Enginge can be an identity provider to any site that complies with the above standards. 2. Desktop Applications. The ``OmniVault`` securely replays the username and password into the login screen. Terminal emulator applications are compatible as well. 3. SSO Store. The SSO store allows an organization to quickly pull the SSO profile for any given application into the login portal. 4. Multifactor Authentication. Using an industry leading variety of MFA compatible biometric devices 5. Directory Integration 6. Federation .. image:: /images/OD-Square-Shape-Logo-01.png :align: center .. _od-client-exe: OmniDefend Client .exe Installation +++++++++++++++++++++++++++++++++++ OmniDefend clients should be downloaded from OmniDefend Server and must be installed to use OmniDefend functionalities. :bold-underline:`Standard Deployment` 1. OmniDefend MFA Client (Supports OmniDefend MFA functionality with biometric devices) ``https:///api/modules/installed/OmniDefend.WebAuth.Api.Server-/download/OmniDefend%20MFA%20Client%20(64-bit).exe`` 2. OmniDefend SSO Client (Support OmniDefend SSO functionality for Desktop Applications) ``https:///api/modules/installed/OmniDefend.Vault.Api.Server-/download/OmniDefend%20SSO%20Client%20(64-bit).exe`` 3. OmniDefend Credential Provider Client (Support Windows Login functionality using OmniDefend) ``https:///api/modules/installed/OmniDefend.WinLogon.Api.Server-/download/OmniDefend%20Credential%20Provider%20Client%20(64-bit).exe`` 4. OmniDefend Client Bundle (Install MFA Client, SSO Client and Credential Provider Client together) ``https:///api/modules/installed/OmniDefend.WebAuth.Api.Server-/download/OmniDefend%20Client%20Bundle%20(64-bit).exe`` :bold-underline:`Deploy OmniDefend Client Software to remote computers`` System administrator can deploy the registry file and OmniDefend client software to remote computers on the required systems. Supported commands for the remote deployment: ``Install: /i`` ``Uninstall: /u`` ``Silent: /s`` For example, installing/upgrading OmniDefend MFA client silently, you should run: ``“OmniDefend MFA Client (64-bit).exe” /i /s`` .. image:: /images/OD-Square-Shape-Logo-01.png :align: center .. _od-client-msi: OmniDefend Client .msi Installation +++++++++++++++++++++++++++++++++++ OmniDefend clients also can be deployed remotely using MSI files. You can request separate MSI files instead of bundle exe. OmniDefend Credential Provider Client requires OmniDefend Server Information to connect. Please edit provided registry file ``Clients_Configuration.reg`` and update the ``ServerAddress``, ``ClientId`` and ``ClientSecret`` values under Windows Credential Provider Configuraton Information section in registry file. Please install updated registry file on the client systems. :bold-underline:`MFA Client (Supports OmniDefend MFA functionality with biometric devices)` 1. Required Module: * OmniDefend ``MFA Core Module.msi``: This is required module for the OmniDefend MFA functionality. 2. Device Specific Plugin Module * ``OmniDefend WBF Plugin.msi``: This plugin module supports fingerprint matching capability of MFA functionality using WBF Drivers. * ``OmniDefend Futronics Plugin.msi``: This plugin module supports fingerprint matching capability of MFA functionality using Futronic Drivers. * ``OmniDefend PalmSecure Plugin.msi``: This plugin module supports Fujitsu PalmSensor matching capability of MFA functionality. * ``OmniDefend PCSC Plugin.msi``: This plugin module supports Badge matching capability of MFA functionality. :bold-underline:`OmniDefend SSO Client (Support OmniDefend SSO functionality for Desktop Applications)` 1. Required Module: * ``OmniDefend SSO Core Module.msi``: This is required module for the OmniDefend SSO functionality. :bold-underline:`OmniDefend Credential Provider Client (Support Windows Login functionality using OmniDefend)` 1. Required Module: * ``OmniDefend UI Broker Module.msi``: This is required module for the Windows Login functionality. * ``OmniDefend Credential Provider Client.msi``: This is required module for the Windows Login functionality.