Review the available properties for custom configuration.

1. Optional: If you are using an MSI editor (e.g., Windows Orca), review the properties below which you can configure for installing the MSI for Workstation MFA.
   Note: You must enter two values for each property that you customize – one for the changed value and the other for the original value with _OLD added to it.

   Name	Description	Optional?	Default Value
   INTEGRATION_KEY	Captured in the new Admin Console – see instructions in previous Step #4 article	No	n/a
   INTEGRATION_SECRET	Captured in the new Admin Console – see instructions in previous Step #4 article	No	n/a
   PREVENT_OFFLINE_LOGIN	Indicates whether the LastPass Authenticator app should report a failed authentication when the device is offline. Values are True/False.	Yes	True
   CP_FILTER_ENABLED	Indicates whether MFA usage is required. When set, all other credential providers are disabled, except for the allowlisted ones. Values are True/False.	Yes	False
   CP_FILTER_WHITELIST	A list of CLSIDs (Class IDs of credential providers) that should be allowed to be loaded on the Windows login screen (along with LastPass). The CLSIDs should be in a format that can be parsed with this function. Use a comma (,) to separate values. Explicit empty list value is not an empty string, but 'empty' as a string value, because of WiX limitations/upgrade support.	Yes	empty
   RDP_ENABLED	Indicates whether RDP autologon is redirected to our credential provider. When set, RDP authentication will be performed with our credential provider automatically. When unset, redirection won't happen and the source provider will be used for authentication (typically the password provider).	Yes	False

Deploy the installer.

2. In Windows Explorer, locate the Command Prompt and open in Admin Mode by selecting Run as administrator.
3. Choose from the following options:

   Installer	Instructions
   Default configurations	Review the baseline installer command (with no additional properties). msiexec.exe /x C:\Users\<username>\Desktop\127.msi /quiet "C:\Users\Local_RDP\Desktop\log.txt" Deploy the baseline installer via command line.
   Custom configurations	Review the available properties (listed above) to determine the settings you want to configure. Configure then enter the baseline installer command (updated with your integration key and integration secret, as well as your desired configurations) – see below for an example. Deploy the MSI installer via command line.

4. Deploy the installer via command line or your preferred deployment method.

   Example: The following is an example of deploying the Workstation MFA MSI installer with debug logging enabled (learn how to enable and view debug logging), Offline Mode disabled, allowlisting enabled with two additional credential providers set, and RDP enabled:

   msiexec /i C:\Users\<username>\Desktop\127.msi /quiet /l*v "C:\Users\<username>\Desktop\log.txt" ADDLOCAL=wmfa INTEGRATION_KEY=************************************************************************** INTEGRATION_SECRET=********************************************************************** PREVENT_OFFLINE_LOGIN=False CP_FILTER_ENABLED=True CP_FILTER_WHITELIST={60b78e88-ead8-445c-9cfd-0b87f74ea6cd},{8AF662BF-65A0-4D0A-A540-A338A999D36F} RDP_ENABLED=True