Onboard a Windows device with AgentP in multi-user mode

In this topic, you will learn how to onboard using Portnox™ AgentP, a Windows 10 computer with multiple users, and a Wi-Fi or wired network managed by Portnox™ Cloud.

Important: Before you turn on multi-user mode or switch from user certificates to computer certificates, prepare your Entra ID or Active Directory groups correctly. If AgentP starts using computer certificates to authenticate computers, and you did not configure your computer accounts to be part of an Entra ID or Active Directory group that is mapped to a Portnox Cloud group, Portnox Cloud will assign all newly created computer accounts to the Default group. If you did not configure the Default group to allow network access, computers will lose network connectivity.

For more information on multi-user mode, see the following topic: AgentP and certificates.

  1. Integrate Portnox Cloud with Microsoft Azure (Entra ID) or local Active Directory.

    Follow the steps in one of these topics: Integrate with Microsoft Entra ID or Integrate with Active Directory.

    Note: This step is necessary because multi-user mode in AgentP is not supported unless your Portnox Cloud instance is integrated with Active Directory or Azure (Entra ID).
  2. Enable AgentP multi-user mode in Portnox Cloud settings:
    1. In the Cloud portal top menu, click on the Settings option.

    2. In the right-hand side pane, find and click on the CLEAR GENERAL SETTINGS heading.

      More options appear under the CLEAR GENERAL SETTINGS heading and description.

    3. Scroll down to the AGENTP ENROLLMENT POLICY section and click on the Edit link below. Then, activate the Enable AgentP Multi-User (Windows OS only) checkbox and click on the Save button.

  3. Ensure that in your Portnox Cloud group the networks are configured to use both user and computer certificates.
    See the following topic: Edit and configure a group.
  4. Download and install Portnox AgentP

    Follow the steps in one of these topics: Onboard a Windows device to a Wi-Fi or wired network with AgentP (interactive installation) or Onboard Windows devices with AgentP in unattended or kiosk mode (unattended installation).

    1. Enroll AgentP Automatically.

    2. Select User mode, and activate the Keep automatically enrolled switch

  5. Run AgentP and switch the operating system user to test if AgentP changes to a different user.

    AgentP needs a few seconds to switch to a different user. You can see the logged in user in the About tab of the AgentP user interface.

    To speed up the process of switching to a new user, you can click on the Sync now button in the About tab of the AgentP interface.

    Important: If AgentP is already installed and enrolled manually, before you switch to unattended mode, you must manually unenroll it by clicking on the Deactivate button in the AgentP user interface. Otherwise, AgentP will remain enrolled with the manually onboarded user and will not automatically switch to the current Active Directory or Azure user.