Skip to main content
Skip table of contents

User Interface - User Mode

The Windows Agent can be installed in a User Interface configuration called User Mode.

For instructions on using different 3rd party signing tools with the Windows Agent see Use Cases & Guides. With the Agent installed in User Mode, certificates are available in the Personal Store in Windows.

Install the User Agent

  1. Download the Signum Windows Agent MSI installer.

  2. In the same directory as the MSI installer, create a new plain text file with the extension .bat, for example “signum-agent-config.bat” .

  3. Copy and paste the text below, modifying the properties as needed to match the environment. Ensure the file name of the agent matches the file name of the msi that was downloaded.

CODE 
msiexec /i kf-agent-x64-4.30.1-456b2f45-MS-WO_Trust.msi ^
RTPRIMARY="Deployment URL" RTSECONDARY="Deployment URL" ^
CLIENTID="The ClientID from the SaaS Portal" ^
AuthMode="SAML2" AGENTMODE="USER" DefaultDomain="somedomain.com" ^
Language="en-US" ^  
echo Exit Code is %errorlevel%

  1. With both the .bat file and msi in the same directory, run the .bat file by double clicking in Windows Explorer and this will launch the Installer.

The agent installed with AGENTMODE="USER" includes an interactive User Interface. A Windows process named “RTTrayApp” will be running. An icon for the Keyfactor Signum Agent is available in the System tray:

Right-click on the tray Icon to bring up several options.

Configure the User Agent

Go to the About section for information about the Agent:

Settings Section

The Settings section allows a user assigned to a LocalUsers Domain to update their credentials to the service.

This option is only present if the AuthMode is LocalUsers.

Certificates Section

The Certificates section of the Agent displays the certificates that are available to the authenticated user, as determined by the defined access policies.

If multiple certificates are listed and no selection is made, all listed certificates are made available by default. Selecting specific certificates restricts availability to only the chosen certificates.

The certificates that are made available through the Agent are also visible in the authenticated user’s Personal Store (MY) in Windows.

Login Section

Selecting Login on the Agent brings up a login window where a LocalUser can enter their credentials. The option to remember user credentials is disabled by default. If enabled, the user is automatically logged in after restarting the machine. Logging out of the Agent would again prompt for the credentials.

To enable this feature, reach out to Keyfactor.

If you log in to a Saml or Oauth Domain after clicking Login, the default browser opens to the IDP login page matching the identity provider that was defined in the Admin Web Console and included in the “DefaultDomain” Agent parameter.

Logout

Selecting Logout terminates the Signum session and requires the user to re-authenticate to connect.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close