Embed the Account/Organization Keys in the Installer Link
A
Alex Payne
The Installer Download link contains the account secret key, but it appears to download the generic installer that prompts the user to enter the Account Key and Organization Key anyway. Would it be possible to embed these details within the installer using the unique download link?
Chris Bisnett
This was something we tried to do from the beginning with our installers to make installation as easy as possible. The problem that we ran into was that modifying the installer to include the secret key and the organization key meant that we could no longer distribute a signed installer because the signature wouldn't validate. Because of this we decided to go with the more secure option of having a valid signed installer and requiring the secret key and organization key be provided to the installer. This can be done either through the UI or via command line arguments to the installer. Check out the documentation for details.
We're always open to suggestions if you think there is something else that we can do that still provides the security but makes installation and deployment easier.
F
Florian Ristl
Have you considered adding an "Install Token" option like CrowdStrike has (see https://www.reddit.com/r/crowdstrike/comments/ithoqd/install_tokens/)? With this one could create multiple separate "Install Tokens" one could give out to customers with the option to invalidate them if necessary.
G
Gregory Marchand
So, the issue is with Co-Managed where we are utilizing the client's own environment, we have to give them the Account Code.
One way I have done it in the past; there was another security software I had used, and it was in MSI format. With an MSI editor we were able to add codes and site identifiers to the MSI and it would not cause any signature issues.
Now in real world yes someone could reverse that and get the Account Code. if we could just get an installer with our Account code embedded and would just need us to add the Org Code it would be better.
Canny AI
Merged in a post:
Agent installer with embedded account code and org code
G
Gregory Marchand
Ability to create a company specific installer with embedded account code and company code for Co-Managed situations
J
Jonas Schirmer Hanssen
Have been missing this! Easy to just send the installer and get the customer to install it themselves.
J
Jim Greco
I think it is worth readdressing this. A potential solution could include support for time-limited or execution-limited temporary organization codes. These could be passed as a parameter or bundled in an optional token file distributed with the installer. This approach would preserve installer integrity (keeping it signed) while enabling secure, user-friendly deployments at scale—particularly helpful for remote onboarding workflows.
Both mechanisms would offer flexible, controlled provisioning while maintaining strong security boundaries and minimizing risk of credential leakage.
NW
Please can you do this, as we have to allow customers with in house IT to install themselves.
C
Cameron Granger
A possible suggestion could be to rename the installer to something like "<acct_key>_<org_key>.exe" that would allow the signed installer to pull in information. Or for there to be private GUIDs for "organizations" that would allow the installer to be renamed to the Organizations GUID. I know some software packages do something similar.
Chris Bisnett
This was something we tried to do from the beginning with our installers to make installation as easy as possible. The problem that we ran into was that modifying the installer to include the secret key and the organization key meant that we could no longer distribute a signed installer because the signature wouldn't validate. Because of this we decided to go with the more secure option of having a valid signed installer and requiring the secret key and organization key be provided to the installer. This can be done either through the UI or via command line arguments to the installer. Check out the documentation for details.
We're always open to suggestions if you think there is something else that we can do that still provides the security but makes installation and deployment easier.