--- title: Mac login command line reference description: The following tables provide an overview of the command line commands you can use for the PingID integration for Mac login component: pingid page_id: pingid:pingid_integrations:pid_mac_login_command_line_reference canonical_url: http://docs.pingidentity.com/pingid/pingid_integrations/pid_mac_login_command_line_reference.html revdate: July 2, 2024 section_ids: running-the-installer-from-the-cli: Running the installer from the CLI --- # Mac login command line reference The following tables provide an overview of the command line commands you can use for the PingID integration for Mac login ## Running the installer from the CLI The general command line is `./InstallPingID [options] [filepath_opt]` Where: `[filepath_opt]` takes the form `-p ` or `--package `. **PingID properties** | Parameter\ | Description | | ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `-f, --orgSettingsFilePath ` | The full file path of the PingID properties file. For example, `/Users/admin/Downloads/pingid.properties`.The PingID properties file is referenced from this location during the installation process.You must specify either:- `-f, --orgSettingsFilePath`OR all of the following parameters:- `-a, --orgAlias` - `-k, --orgKey` - `-u, --authenticatorAddress` - `--idpUrl` - `-t, --token` If any of the above parameters are specified, and /orgSettingsFilePath is also specified on the command line, then the values are retrieved from the pingid.properties file only, and the values of these other parameters specified on the command line are ignored. | | `-a, --orgAlias ` | The organization's alias. This value is an entry in the PingID properties file.If the `--orgSettingsFilePath` parameter is not specified, it is mandatory to provide the `--orgAlias` parameter.If both the `--orgSettingsFilePath` and `--orgAlias` are specified, the value is retrieved from the`pingid.properties` file, and the value of the `--orgAlias` parameter is ignored. | | `-k, --orgKey ` | The organization's base64 key. This value is an entry in the PingID properties file.If the `--orgSettingsFilePath` parameter is not specified, it is mandatory to provide the `--orgKey` parameter.If both the `--orgSettingsFilePath` and `--orgKey` are specified, the value is retrieved from the`pingid.properties` file, and the value of the` --orgKey` parameter is ignored. | | `-u, --authenticatorAddress ` | The URL of the PingID data center to which the organization is associated.It is the URL that is listed on the line in the `pingid.properties` file that begins with` authenticator_url=`.If the `--orgSettingsFilePath` parameter is not specified, it is mandatory to provide the `--authenticatorAddress` parameter.If both the `--orgSettingsFilePath` and `--authenticatorAddress` are specified, the value is retrieved from the `pingid.properties` file, and the value of the `--authenticatorAddress` parameter is ignored. | | `--idpUrl ` | The URL of the server used for PingID API requests.Take this value from the`idp_url` entry in the `pingid.properties` file.If the `--orgSettingsFilePath` parameter is not specified, you must provide the `--idpUrl` parameter.If both the `--orgSettingsFilePath` and `--idpUrl` parameters are specified, the value is retrieved from the `pingid.properties` file, and the value of the `--idpUrl` parameter is ignored. | | `-t, --token ` | The identifier of the API key. This value is an entry in the PingID properties file.If the `--authenticatorAddress` parameter is not specified, it is mandatory to provide the `--token` parameter.If both the `--orgSettingsFilePath` and `--token` are specified, the value is retrieved from the `pingid.properties` file, and the value of the `--token` parameter is ignored. | | `--usernameMapping ` | Use the `usernameMapping` parameter if you want to use an Active Directory attribute to identify users. Use one of the following values:- `UPN` - use the *userPrincipalName* attribute - `SAM` - use the *SamAccountName* attribute - `SID` - use the *objectSid* attribute - `None` - use the legacy username parsing convention`None` is the default value, so if you do not include the `usernameMapping` parameter, the legacy username parsing convention will be used. | | `--excludeLocalAccounts ` | Use the `excludeLocalAccounts` parameter to control whether PingID authentication should be applied to local user logins.- 0 - Use PingID authentication for local user logins as well - 1 - Do not use PingID authentication for local user logins | | `-i, --ignoreConnectionErrors` | The installer attempts to address the PingID authenticator heartbeat to confirm connectivity. If there is no response before installing any of the elements, continue the installation. | | `-s, --silent` | The installer will prompt with a **Log out now?** message box. | | `-m, --very-silent` | The installer will sign out without asking. | **Domain** | Parameter\ | Description | | ------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `-d, --domainPostfix <@organization domain name>` | Configures the installation to append the value supplied in this parameter to the username at sign-on time. You can define a suffix, such as @domain.com, but not a prefix, such as domain/. Enter the leading "@" before the domain name, for example --domainPostfix @somewhere.com.This parameter has a maximum length of 50 characters, including the leading "@". | | `--skipDomainValidation` | By default, domain validation is carried out for the domain that you specify with the `--domainPostfix` option. You can use the `--skipDomainValidation` option to specify that PingID should skip domain validation. | **Offline Authentication** | Parameter\ | Description | | ------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `-o, --offlineAuthType ` | The `--offlineAuthType` parameter specifies whether to allow PingID offline (manual) MFA.Possible values for *\* are:- 0: Allow offline MFA with the PingID mobile app. - 1: If the user does not have a paired PingID mobile app with their account, bypass MFA during login. - 2: Do not allow offline MFA. | | `-r, --rsa_padding ` | By default, OAEP padding is used in the encryption for offline authentication. Use `--rsa_padding none` if you do not want to use OAEP padding for offline authentication. | **HTTP Request Timeout** | Parameter\ | Description | | -------------------- | ------------------------------------------------------------------------------ | | `--timeout ` | Defines HTTP request timeout value. Possible values are between 1000-30000 ms. | **Common** | Parameter\ | Description | | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `-h, --help` | Show a user guide. | | `-v, --version` | Show the Installer version. | | `--allowFullPermissionsPropertiesFile` | If you include the `--allowFullPermissionsPropertiesFile` option during installation, PingID will allow you to use the full-permissions properties file (rather than the restricted-permissions properties file intended for use with Mac login). However, it is strongly recommended that you refrain from doing so. Using the full-permissions properties file with Mac login is a security risk (for details, see [CVE-2022-23717](https://nvd.nist.gov/vuln/detail/CVE-2022-23717)). |