Getting Started
- Overview & Company
  - About Identity and Access Management
  - About Evo Security
- Initial Setup & Requirements
  - Evo Prerequisites & Supported Operating Systems
  - Evo Authenticator Mobile App 5.1 (iOS and Android)
  - Evo Supported Authentication Methods
Directory Environments
- Environments
  - What type of Directory do I need?
  - Set up Evo on Active Directory (LDAP)
  - Set up Evo on Azure AD
  - What is Evo Cloud? Evo's Directory as a Service (DaaS) - How to get Started
  - Sync with Google Workspace
  - Unsupported - Microsoft Azure Virtual Desktop
Deployment & Configuration
- Installation & Setup
  - WS-Federation integration for Office 365 login
  - Elevated Access: Extended User Access Control session
  - Integrating Evo with Windows Desktops
  - Evo Secure Login for Windows / Troubleshooting Secure Login
  - LDAP Agent Settings Editor
  - Azure AD - Federating Microsoft 365 domain
  - Azure AD/On-Prem AD Hybrid Environment - Federating Microsoft 365 Domain
  - Sync with On-Prem Active Directory (LDAP)
  - Sync with Azure AD (AAD) using Microsoft Entra admin center
  - (New UI) Evo Cloud: Directory-As-A-Service Setup and Installation
- Advanced Configurations
  - Windows Credential Provider Best Practices
  - Can you install the Credential Provider on Azure AD joined machines?
  - How to protect Remote Desktop using Evo Security (RDP Support)
  - How to Change Windows Credential Provider Settings in Silent Mode after Installation
- Scripts & Automation
  - Deploy & Uninstall Evo Agent via PowerShell
- Branding & Customization
  - How do I update the Logos to match my company brand? (Web Page and Agent)
Product Information
Evo Portal
- Navigation & Managment
  - Welcome to the New Evo Portal!
  - Tenants Page
  - Onboarding Section
  - Policies Page
  - Rules Section (Global)
  - Integrations Page
  - Settings Section
  - Dashboard Page
  - Directories Page
  - Vault Section
  - Users Page
  - Groups Page
  - Help Desk Verification
  - Help Desk Verification with Microsoft Authenticator and Evo Secure Login
  - Elevated Access: End User Elevation
  - Access Tokens Page
  - Keys (Hardware Keys) Page
  - Endpoints Section
  - Applications Page
  - Elevation Section (Tenant)
  - Main Dashboard
  - Role-Based Permissions / List of Roles
  - Setup Elevated Access
  - Elevated Access: End User Elevation
- User & Directory Managment
  - How do I add or delete customers?
  - How do I add, edit or disable a Domain Account? ( Old UI )
  - How do I add, edit, or delete a directory?
  - How do I disable, enable, or delete user devices (Endpoints)?
  - User Groups
  - Custom Aliases ( Old UI )
  - Local Accounts ( Old UI )
  - Web Accounts
  - How do I manage my user licenses? (Billing and Administration)
- Security & SSO Settings
  - How do I add a rule for single sign-on (SSO) expiration?
  - Password Rotation with Evo
  - Identity Provider (IdP) Login
Integrations
- SSO & Identity Providers
  - Connect Web Apps via SAML with Evo: Version 3
  - Integrating Evo with Box.com (SAML/SSO)
  - Integrating Evo with Keeper
  - What SAML integrations are available?
  - Integrating Evo with Dropbox
  - Integrating Evo with Salesforce
- PSA / Documentation Tools
  - Evo Password Integration with ITGlue
  - Integrating Evo with IT Glue
  - Evo Password Integration with Hudu
  - Evo Integration with Autotask
  - Evo Integration with ConnectWise
  - Integrating Evo with Liongard
- Monitoring & Networking
  - Integrating Evo with Auvik
  - Integrating Evo with Domotz
User Onboarding & Guidance
- MFA & Access Behavior
  - How does the "MFA Status" toggle work?
  - Set Evo Secure Login as default option at login screen
  - MFA Grace Period
  - Temporary Authentication Lockout
- Account Management
  - How do I reset my Evo password?
  - How do I see authentication activity?
  - How do I convert user types?
  - How do I manage my users / users devices?
- End User Documentation
  - How do I create my user account?
  - How do i log in?
  - How do I register my device?
  - Evo Authenticator watch app
  - Using Evo Secure Login (End User)
  - Using Evo Security (End User) - Azure AD
  - Using Evo Security (End User) - Active Directory
  - Installing the macOS Credential Provider
Troubleshooting & FAQs
- Directories Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
  - Error Fetching AD Groups: How to fix AAD Client Secret expired
  - Troubleshoot issues with the Evo LDAP Agent
  - On-prem AD Virtual Machine hosted on Azure (timeout settings)
- Secure Login Troubleshooting
  - Last User Caching: Evo Login Only & Fast User Switching
  - Error: Login Denied due to Temporary Lockout
  - Error Message: the account is disabled or not found
  - How to Fix Secure Login Always Requests Offline Code
  - How to use Offline code to login to Windows machine without Internet
- Elevated Access Troubleshooting
  - Error: The user has not been granted the requested logon type at this computer
  - How to Troubleshoot Elevated Access / Domain Accounts
- Mobile App Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
- End User Troubleshooting
  - User cannot login after changing email
- RADIUS Troubleshooting
  - RADIUS - Secure RADIUS Servers with TLS/radsecproxy (CVE-2024-3596)
  - Requesting a RADIUS Server in Evo / RADIUS Troubleshooting
Support & Resources
- Support & Resources
  - Where to go for help / feature requests
  - Adding Evo Users to the Evo Support Portal
  - Setting up Mobile Email to Provide Logs to Evo
  - How do I add, edit, or delete email campaigns?
  - How do I update Evo software?
More

Deploy & Uninstall Evo Agent via PowerShell

Last updated on July 28, 2025

Evo Credential Provider Installer (v2.3+ Only)

This article contains a PowerShell script to install, upgrade, or remove the Evo Credential Provider on Windows systems. It supports both interactive and silent operation modes, enabling easy integration into manual admin workflows or automated deployment systems (e.g., RMM tools, Intune, GPO, etc.).

Basic Install Script

.\InstallEvoAgent.ps1 -EnvironmentUrl "https://myorg.evosecurity.com" -EvoDirectory "MyOrg" -AccessToken "abc123" -Secret "xyz789"

Note: if you’re looking to install a beta agent, please append -Beta to your Basic Install Script.

Manual Installation Example

This Basic script invokes the “InstallEvoAgent.ps1” and will need to be saved locally at your desired path when you plan to Deploy. Example: Save “InstallEvoAgent.ps1” to C:\Scripts Locally > CD C:\Scripts in Administrator PowerShell > Run Basic Install Script

Note: In the Example Below I’m using additional Flags for Enabling End User Elevation & Addition of a failsafe user

-EnvironmentUrl, -EvoDirectory, -AccessToken, and -Secret parameters are required except on upgrades or removal. When upgrading, any unspecified parameters are inherited from the previous install.

NinjaRMM Example

In NinjaRMM you can go to Administration > Library > Automation and Click + Add > New Script. From here you can go to our GitHub where we have our InstallEvoAgent.ps1 script and Copy & Paste the entire script into Ninja.

On the right hand side you will then name the script, choose PowerShell for the language, operating system, Architecture & what it will Run as.

Then in parameters you would click add and then input your desired parameters which include -EviromentURL, -EvoDirectory, -AccessToken, -Secret Example: -EnvironmentUrl "https://myorg.evosecurity.com" -EvoDirectory "MyOrg" -AccessToken "abc123" -Secret "xyz789"

Once all of that is configured you can hit “Save” on the top right and then you can proceed to go to your devices in Ninja > Run Automation > Script and choose the newly saved Evo Install.PS1 script you just configured.

Once ran and completed you will see so in Ninja.

Additionally, our installation script includes additional parameters that allow for a more robust and customizable deployment, should you wish to extend beyond the basic installation script.

Parameter	Description	Default
`-EnvironmentUrl`	Evo portal base URL (e.g., `https://yourorg.evosecurity.com`)
`-EvoDirectory`	Your Evo organization/directory name
`-AccessToken`	Evo API access token
`-Secret`	Evo API secret
`-FailSafeUser`	Optional username to use as a fallback if Evo login fails
`-MFATimeOut`	Optional grace period to not require MFA for an unlock (in minutes from previous MFA prompt)	0
`-CredentialMode`	`SecureLogin`, `ElevatedLogin`, or `SecureAndElevatedLogin`	SecureAndElevatedLogin
`-OnlyEvoLoginCredential`	If set, Evo becomes the only credential provider	0
`-RememberLastUserName`	Optional flag to remember the last username used	1
`-DisableUpdate`	Optional flag to disable auto updates	0
`-JitMode`	Optional flag to enable Just-In-Time admin accounts	0
`-EndUserElevation`	Optional flag to enable end-user elevation	0
`-UserAdminEscalation`	Optional flag to prompt admins with the end-user elevation prompt instead of the standard UAC prompt	0
`-NoElevatedRDP`	Optional flag to disable elevation for RDP sessions when Evo is the sole login agent	1
`-MSIPath`	Optional path to `.msi` or `.zip` file
`-Upgrade`	Ensure only newer versions replace installed ones
`-Remove`	Uninstalls the Evo Credential Provider
`-Interactive`	Runs installer with UI instead of silent mode
`-Log`	Enables install/uninstall logging
`-Beta`	Pulls installer from Evo's beta channel
`-Json`	Legacy option to supply a JSON config blob or file
`-Help`	Displays built-in help text
`-CustomPrompt`	Optional string to customize the login prompt
`-CustomImage`	Optional path to custom login image (URL or local file path

Features

Installs the Evo Credential Provider MSI or ZIP package (automatically extracts ZIP)

Automatically downloads the latest stable or beta version if no path is provided

Supports uninstall/removal logic

Silent mode support for unattended installations

Upgrade-safe: checks version before proceeding

Accepts legacy JSON blob configs or individual parameters

Includes integrated Help functionality and CLI examples

Removal

.\Install-EvoAgent.ps1 -Remove -Interactive -Log

Legacy JSON Blob

.\Install-EvoAgent.ps1 -Json '{ "EnvironmentUrl": "...", "EvoDirectory": "...", "AccessToken": "...", "Secret": "..." }’

Legacy JSON File

.\Install-EvoAgent.ps1 -Json 'c:\path\to\install.json’

Notes

Admin Rights Required: Must be run from an elevated shell unless Interactive is used.

Supports both x64 and ARM64 architectures.

Logs (if enabled) are written to the system temporary folder.

Evo Security has also set up a new Git Repo for this deployment script. If you want to help change anything in there, feel free to open a pull request. If you find an issue, you can use the GitHub issues to let us know.

Evo Security GitHub Link

Please contact support@evosecurity.com for assistance.

Did this answer your question?

😞

😐

🤩

How to Change Windows Credential Provider Settings in Silent Mode after Installation How do I update the Logos to match my company brand? (Web Page and Agent)