Getting Started
- Overview & Company
  - About Identity and Access Management
  - About Evo Security
- Initial Setup & Requirements
  - Evo Prerequisites & Supported Operating Systems
  - Evo Authenticator Mobile App 5.1 (iOS and Android)
  - Evo Supported Authentication Methods
Directory Environments
- Environments
  - What type of Directory do I need?
  - Set up Evo on Active Directory (LDAP)
  - Set up Evo on Azure AD
  - What is Evo Cloud? Evo's Directory as a Service (DaaS) - How to get Started
  - Sync with Google Workspace
  - Unsupported - Microsoft Azure Virtual Desktop
Deployment & Configuration
- Installation & Setup
  - WS-Federation integration for Office 365 login
  - Elevated Access: Extended User Access Control session
  - Integrating Evo with Windows Desktops
  - Evo Secure Login for Windows / Troubleshooting Secure Login
  - LDAP Agent Settings Editor
  - Azure AD - Federating Microsoft 365 domain
  - Azure AD/On-Prem AD Hybrid Environment - Federating Microsoft 365 Domain
  - Sync with On-Prem Active Directory (LDAP)
  - Sync with Azure AD (AAD) using Microsoft Entra admin center
  - (New UI) Evo Cloud: Directory-As-A-Service Setup and Installation
- Advanced Configurations
  - Windows Credential Provider Best Practices
  - Can you install the Credential Provider on Azure AD joined machines?
  - How to protect Remote Desktop using Evo Security (RDP Support)
  - How to Change Windows Credential Provider Settings in Silent Mode after Installation
- Scripts & Automation
  - Deploy & Uninstall Evo Agent via PowerShell
- Branding & Customization
  - How do I update the Logos to match my company brand? (Web Page and Agent)
Product Information
Evo Portal
- Navigation & Managment
  - Welcome to the New Evo Portal!
  - Tenants Page
  - Onboarding Section
  - Policies Page
  - Rules Section (Global)
  - Integrations Page
  - Settings Section
  - Dashboard Page
  - Directories Page
  - Vault Section
  - Users Page
  - Groups Page
  - Help Desk Verification
  - Help Desk Verification with Microsoft Authenticator and Evo Secure Login
  - Elevated Access: End User Elevation
  - Access Tokens Page
  - Keys (Hardware Keys) Page
  - Endpoints Section
  - Applications Page
  - Elevation Section (Tenant)
  - Main Dashboard
  - Role-Based Permissions / List of Roles
  - Setup Elevated Access
  - Elevated Access: End User Elevation
- User & Directory Managment
  - How do I add or delete customers?
  - How do I add, edit or disable a Domain Account? ( Old UI )
  - How do I add, edit, or delete a directory?
  - How do I disable, enable, or delete user devices (Endpoints)?
  - User Groups
  - Custom Aliases ( Old UI )
  - Local Accounts ( Old UI )
  - Web Accounts
  - How do I manage my user licenses? (Billing and Administration)
- Security & SSO Settings
  - How do I add a rule for single sign-on (SSO) expiration?
  - Password Rotation with Evo
  - Identity Provider (IdP) Login
Integrations
- SSO & Identity Providers
  - Connect Web Apps via SAML with Evo: Version 3
  - Integrating Evo with Box.com (SAML/SSO)
  - Integrating Evo with Keeper
  - What SAML integrations are available?
  - Integrating Evo with Dropbox
  - Integrating Evo with Salesforce
- PSA / Documentation Tools
  - Evo Password Integration with ITGlue
  - Integrating Evo with IT Glue
  - Evo Password Integration with Hudu
  - Evo Integration with Autotask
  - Evo Integration with ConnectWise
  - Integrating Evo with Liongard
- Monitoring & Networking
  - Integrating Evo with Auvik
  - Integrating Evo with Domotz
User Onboarding & Guidance
- MFA & Access Behavior
  - How does the "MFA Status" toggle work?
  - Set Evo Secure Login as default option at login screen
  - MFA Grace Period
  - Temporary Authentication Lockout
- Account Management
  - How do I reset my Evo password?
  - How do I see authentication activity?
  - How do I convert user types?
  - How do I manage my users / users devices?
- End User Documentation
  - How do I create my user account?
  - How do i log in?
  - How do I register my device?
  - Evo Authenticator watch app
  - Using Evo Secure Login (End User)
  - Using Evo Security (End User) - Azure AD
  - Using Evo Security (End User) - Active Directory
  - Installing the macOS Credential Provider
Troubleshooting & FAQs
- Directories Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
  - Error Fetching AD Groups: How to fix AAD Client Secret expired
  - Troubleshoot issues with the Evo LDAP Agent
  - On-prem AD Virtual Machine hosted on Azure (timeout settings)
- Secure Login Troubleshooting
  - Last User Caching: Evo Login Only & Fast User Switching
  - Error: Login Denied due to Temporary Lockout
  - Error Message: the account is disabled or not found
  - How to Fix Secure Login Always Requests Offline Code
  - How to use Offline code to login to Windows machine without Internet
- Elevated Access Troubleshooting
  - Error: The user has not been granted the requested logon type at this computer
  - How to Troubleshoot Elevated Access / Domain Accounts
- Mobile App Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
- End User Troubleshooting
  - User cannot login after changing email
- RADIUS Troubleshooting
  - RADIUS - Secure RADIUS Servers with TLS/radsecproxy (CVE-2024-3596)
  - Requesting a RADIUS Server in Evo / RADIUS Troubleshooting
Support & Resources
- Support & Resources
  - Where to go for help / feature requests
  - Adding Evo Users to the Evo Support Portal
  - Setting up Mobile Email to Provide Logs to Evo
  - How do I add, edit, or delete email campaigns?
  - How do I update Evo software?
More

LDAP Agent Settings Editor

Last updated on June 11, 2025

The LDAP Agent now ships with an LDAP Agent settings editor which is launchable via the Windows Start menu. The program runs with elevated privileges, so when a user starts it, they will be prompted by UAC. This limits the running of the program to solely administrators of the computer the LDAP Agent is installed on.

The editor has several functions:

start/stop/restart the LDAP agent or check its running status

change settings for the agent after installation

test the connectivity of the agent

generate a zip file containing debug information that could be sent via email

Status/Start/Stop/Restart

At the top is the agent status which in this case shows running. To the right of it are three buttons for start, stop, and restart of the service. If you press one of those buttons the program will take the action on the LDAP Agent and also update the status to indicate running or stopped.

Changing Running Settings

Sometimes during an install, data may have been entered incorrectly or may need to be changed. If that is the case, then the environment URL, Evo directory, access token, secret, sync interval, or sync groups may be changed. The “Apply” button is how the settings are saved. If the agent is running, they will be commanded to shut down the service before applying the settings. The secret is used in cryptography and is stored in a secure place on the computer. To enable viewing the secret, the user must check the “Reveal Secret” checkbox.

Changing/Replacing Group(s)

Adding/deleting synced groups or renaming the existing groups should be easy. Please follow these steps below.

1. Launch the LDAP Agent Settings.

2. Stop the LDAP Agent service.

3. If you want to rename the group(s), please go ahead and do that at this step using your on-prem AD. If you don't want to re-name any group, please process to step 4.

4. Select the correct group(s). Hold Ctrl key to select more than one group.

5. Select "Apply" to save the changes. Then turn on LDAP service.

6. It's done! Now you can go to Evo portal to check the status of the groups or accounts.

Done!

Note:

1. Re-naming group will not add/remove any users in the group.

2. Removing group will remove all users in the groups.

Connection Test

The program contains a “Connection Test…” button which performs the following connection tests on the running agent. The settings editor issues a command to the running agent and the agent performs these tests:

verifies the agent can contact the Evo backend API endpoints via HTTPS

verifies the agent can post and receive on the MQTT server which is used for authenticating users

Log Archive

The editor has the capability to collect event logs and other settings relevant to performance of the LDAP Agent which will allow Evo Support and Engineering to troubleshoot the problem. Clicking on the “Build Log Archive” button causes a zip file to be saved to the users desktop and the user will be prompted to copy that zip file to the clipboard—to email or paste to another location. The following data is collected and saved in the zip file in JSON files which are viewable by the operator.

the “Evo Security” Windows Event Viewer log (including CredPro if installed)

all Evo specific registry settings (including CredPro if installed)

a snapshot of the last user sync

credential providers installed on system

credential filters installed on system

An example file name is: Evo_evotestdomainad_230504_133150.zip. If we break it down, we see that it has the format of Evo_{Evo directory name}_{yymmdd}_{hhmmss}.zipThis allows it to have a roughly unique name.

Did this answer your question?

😞

😐

🤩

Evo Secure Login for Windows / Troubleshooting Secure Login Azure AD - Federating Microsoft 365 domain