Skip to main content


Desktop client PowerShell installation

This guide describes how to deploy idemeum desktop client to a fleet of Windows workstations with PowerShell.


idemeum offers a PowerShell script that can be executed to silently install or upgrade idemeum desktop client. Script will pull the latest binary and will perform base installation or upgrade as necessary.

Obtain PowerShell command

  • Navigate to your idemeum tenant and access admin portal
  • Access Settings -> Desktop installation
  • Choose PowerShell submenu
  • Click Copy
  • You will be presented with the command that you can copy and execute directly on the workstation
Please note that every time you generate a PowerShell command, idemeum will create a new set of client credentials, therefore all previously generated commands and client credentials will be invalidated.

Install or update desktop client

  • Open PowerShell as Administrator
  • Make sure the execution policy is set to RemoteSigned
Set-ExecutionPolicy RemoteSigned
By default Windows PowerShell execution policy is set to Restrictred, therefore you might not be able to execute the script. To allow script execution you need to set execution policy to RemoteSigned.
  • Execute the command that you obtained in the previous step. In case the client is already installed, PowerShell script will check if the client needs to be updated to the latest version, and will perform the update.
Restart will be required after the desktop client installation.

Uninstall desktop client

  • Open PowerShell as Administrator
  • To uninstall idemeum client and updater please execute the following PowerShell commands on the workstation
Start-Process -FilePath "msiexec.exe" -ArgumentList "/x {93B9CC98-6004-411E-A8BF-88F7C3BC5541} /qn" -Wait
Start-Process -FilePath "msiexec.exe" -ArgumentList "/x {71216D26-573B-402B-A3F5-A7CB9F950CFF} /qn" -Wait
Restart-Computer -Force

You can execute the commands directly or you the following script.

Advanced settings

Idemeum PowerShell script allows to pass certain parameters to customize the installation or update behavior. Here are the additional options that you can pass to the script command that you obtain from the idemeum admin portal:

  • -restartAfterInstall - pass true or false depending on whether you want the computer to restart or not. We recommend to perform the restart after the installation to make sure the credential provider is properly loaded. The default value is true. See the example below.
cd $env:TEMP; Invoke-WebRequest -Uri "" -OutFile "idemeumDesktopAppInstall.ps1"; .\idemeumDesktopAppInstall.ps1 -tenantFQDN '******' -corpEmail '****' -clientId '****' -clientSecret ''****'' -masterKey ''****'' -tenantDisplayName '***' -restartAfterInstall 'false'
  • -autofillEnabled - pass true or false depending on whether you want to enable autofill service for desktop applications. The default value is false.
  • -credentialProviderEnabled - pass true or false depending on whether you want to install idemeum credential provider. The default value is true.
  • -authType - pass the way you want users to authenticate, qrcode or rfid