Knowledgebase

Desktop client PowerShell installation

This guide describes how to deploy idemeum desktop client to a fleet of Windows workstations with PowerShell.

Overview

idemeum offers a PowerShell script that can be executed to silently install or upgrade idemeum desktop client. Script will pull the latest binary and will perform base installation or upgrade as necessary.

Obtain PowerShell command

Navigate to your idemeum tenant and access admin portal
Access Settings -> Desktop installation
Choose PowerShell submenu
Click Copy
You will be presented with the command that you can copy and execute directly on the workstation

❗

Please note that every time you generate a PowerShell command, idemeum will create a new set of client credentials, therefore all previously generated commands and client credentials will be invalidated.

Install or update desktop client

Open PowerShell as Administrator
Make sure the execution policy is set to RemoteSigned

Set-ExecutionPolicy RemoteSigned

❗

By default Windows PowerShell execution policy is set to Restrictred, therefore you might not be able to execute the script. To allow script execution you need to set execution policy to RemoteSigned.

Execute the command that you obtained in the previous step. In case the client is already installed, PowerShell script will check if the client needs to be updated to the latest version, and will perform the update.

❗

Restart will be required after the desktop client installation.

Uninstall desktop client

Open PowerShell as Administrator
To uninstall idemeum client and updater please execute the following PowerShell commands on the workstation

Start-Process -FilePath "msiexec.exe" -ArgumentList "/x {93B9CC98-6004-411E-A8BF-88F7C3BC5541} /qn" -Wait
Start-Process -FilePath "msiexec.exe" -ArgumentList "/x {71216D26-573B-402B-A3F5-A7CB9F950CFF} /qn" -Wait
Restart-Computer -Force

You can execute the commands directly or you the following script.

uninstall-idemeum-client.ps1

Uninstall idemeum desktop client

uninstall-idemeum-client.ps1

235 Bytes

Advanced settings

Idemeum PowerShell script allows to pass certain parameters to customize the installation or update behavior. Here are the additional options that you can pass to the script command that you obtain from the idemeum admin portal:

-restartAfterInstall - pass true or false depending on whether you want the computer to restart or not. We recommend to perform the restart after the installation to make sure the credential provider is properly loaded. The default value is true. See the example below.

cd $env:TEMP; Invoke-WebRequest -Uri "https://asset.idemeum.com/desktoplogin/idemeumDesktopAppInstall.ps1" -OutFile "idemeumDesktopAppInstall.ps1"; .\idemeumDesktopAppInstall.ps1 -tenantFQDN '******' -corpEmail '****' -clientId '****' -clientSecret ''****'' -masterKey ''****'' -tenantDisplayName '***' -restartAfterInstall 'false'

-autofillEnabled - pass true or false depending on whether you want to enable autofill service for desktop applications. The default value is false.
-credentialProviderEnabled - pass true or false depending on whether you want to install idemeum credential provider. The default value is true.
-authType - pass the way you want users to authenticate, qrcode or rfid

Quick-start guides

Elevated computer access

Elevated Entra ID access

LAPS

Multi-tenant MSP portal

Desktop client

Passwordless MFA

Cloud directory

Cloud RADIUS

Cloud LDAP

RFID Single Sign-On

Single Sign-On

Security

Downloads

Support