Introduction
The LogonBox Credential Provider provides Desktop Integration for Windows 10, Windows 8.1/8 and Windows 7.
Downloads
Microsoft Installer packages are available which also provide support for unattended installs. No reboot is required before the logon dialogue will show the account action options.
You can find downloads for the provider in the Downloads link at the top right of the LogonBox web UI, in the Windows Desktop Integration section.
Installation
Run the installer on your machine (with admin rights) which will start the install wizard. Click Next on the first
screen.
This will install the prerequisite Visual C++ redistributable, click Next.
Click Next to start the main setup.
Accept the default directory, or alter it if preferred and click Next.
Type in the IP address or host name of your LogonBox server.
If you don't yet have a signed certificate you can choose to allow unsigned certificates.
Click Next, then Install to start the file copy.
The install files should now be extracted. Click Finish to complete the installation.
Altering the reset link text
It is possible to quickly alter the text that users are prompted for on their login screens for unlocking their accounts or resetting their passwords.
This can be done from the LogonBox web UI. Navigate to Authentication Flows->Authentication Options->Credentials Provider.
Here you have options to change the Reset Text and Unlock Text, as well as other items relating to the Windows Desktop feature (see Desktop Multifactor Authentication).
Silent install options
The Windows login client can also be installed from the command line allowing you to push this out via a group policy update, to install the client specify the LogonBox hostname (note this must be done with admin privileges):
For the Executable
LogonBox+Credential+Provider.msi /qb LOGONBOX_URL=<hostname>
Replacing <hostname> with your own hostname or IP i.e. test.logonbox.com. (Note that this is a host only and not a URL as the parameter seems to imply.
Additional command line options can be found by running the exe with the /h switch like so, LogonBox+Credential+Provider.msi /h.
For the MSI
LogonBox+Credential+Provider.msi /qb LOGONBOX_URL=<hostname>
Replacing <hostname> with your own hostname or IP i.e. test.logonbox.com. (Note that this is a host only and not a URL as the parameter seems to imply.
Additional command line options can be found by running the msi with the /? switch like so, LogonBox+Credential+Provider.msi.msi /?.
Creating a transforms file for the MSI
For deploying silent installs via a GPO, you need a transforms file (MST) to pass the LOGONBOX_URL parameter.
Here is an example using the tool called Orca.
Run Orca and go to File->Open and open the Credentials Provider MSI file.
Select the Transform->New Transform menu.
Select the Property table.
Right click in the main window and select Add Row.
For the Property, add LOGONBOX_URL.
For the Value, add <hostname>
(replacing <hostname> with your own server's hostname)
Now you can click Transform->Generate Transform and save out your MST file which can be used in a GPO.
Alternatively, you could select File->Save Transformed As and write out a new version of the MSI with this transform applied.
Automatic Profile Completion on Login
If you want to force a user to complete their LogonBox profile on logging in to Windows, you can do this by also installing the Windows Desktop feature.
If this is not installed, navigate to Updates, Features & Licensing->Authentication and download the Windows Desktop feature.
Accept the prompt and restart the LogonBox service once downloaded with the power icon at bottom right.
After the restart log back on to the web UI and navigate to Authentication Flows->Authentication Options->Windows Login and turn on the Enable Desktop MFA option and click Apply.
Now when a user logs on to Windows, if they are missing some information required for a self service password reset, they will be prompted to complete this information before logging on to the desktop.
