PingID Administration Guide

Installing passwordless Windows Login integration on client computers (CLI)

While you can install the integration for passwordless Windows Login on your users' computers with the UI wizard that is provided, you can also use the CLI-based installation that is described in this topic.

Mandatory parameters

The following parameters are mandatory and should be copied from the Configuration tab of the application you created for Windows Login - Passwordless, in PingOne.

  • /OIDCDiscoveryEndpoint - the OIDC discovery endpoint, from the URL section of the Configuration tab

  • /OIDCClientID - the client ID, from the General section of the Configuration tab

  • /OIDCSecret - the client secret, from the General section of the Configuration tab. Click the Show Secret icon, and then copy the text displayed.

Optional Parameters

  • /DIR - the path where the software should be installed. If this parameter is not specified, it will be installed toC:\Program Files\Ping Identity\PingID\Windows Passwordless

  • /LOG - specify a path if you want a log file to be created for the installation

  • /VERYSILENT - neither the background window nor the installation progress window are displayed

  • /SILENT - the background window is not displayed, but the installation progress window is displayed

  • /ProxyAddress - proxy URI, if you are using a proxy

  • /ProxyUserName - user name if you are using a proxy

  • /ProxyPassword - password if you are using a proxy

  • /HttpRequestTimeout - timeout to use for HTTP requests, in milliseconds - can be between 1000 and 30000, default is 10000 milliseconds

  • /NORESTART - prevents installer from restarting the system following a successful installation. Note that Windows Login - Passwordless will not work until after the computer is rebooted.

  • /RSA_PADDING -use the value oaep to specify that OAEP padding should be used in the encryption for offline authentication (default). If you do not want to use OAEP padding for offline authentication, use the value none.

  • /ALG_KEY_TYPE - set the registry key algorithm type. Possible values:

    • 0 = RSA

    • 1= ECC

  • /AllowInsecureDiscouragedUV - Skip user verification for Windows login passwordless users when using any FIDO device. Possible values:

    • 0 = Disabled

    • 1 = Enabled

      Use this option with caution, as it relies solely on the FIDO device to authenticate, and does not distinguish between different users.
  • /SUPPORT_CAMERA_LAUNCHER: When enabled, the user can scan the manual authentication QR code from their device camera. When the user scans the manual authentication QR code with their device camera, PingID mobile app opens automatically, displaying the manual authentication key. This option requires PingID mobile app 2.3 or later. Possible values:

    • 0 = Disabled

    • 1 = Enabled

Sample installation command

"PingIDWindowsLogin - Passwordless_1.0.0.0.exe" /LOG=C:\Users\user\Desktop\log.txt /VERYSILENT /ProxyAddress=http://1.1.1.1:8080/ /ProxyUserName=<username> /ProxyPassword=<password>/HttpRequestTimeout=5000 /OIDCDiscoveryEndpoint=https://auth-test.pingone.com/71ab9623-dd25-4eaf-8a72-597ee70532b1/as/.well-known/openid-configuration /OIDCClientID=17fbc3dc-aa45-6854-9a82-761d906cbcff /OIDCSecret=<secret>