Getting Started
- Overview & Company
  - About Identity and Access Management
  - About Evo Security
- Initial Setup & Requirements
  - Evo Prerequisites & Supported Operating Systems
  - Getting Started: MSP Onboarding Guide
  - Evo Authenticator Mobile App 5.1.x (iOS and Android)
  - Evo Supported Authentication Methods
Product Release Notes
- Product Release Notes
  - Product Release Notes
Directory Integrations
- Environments
  - What type of Directory do I need?
  - Directory Integration: Entra ID (formerly Azure Active Directory)
  - Set up Evo on Active Directory (LDAP)
  - Sync with Google Workspace
  - Evo Cloud: Directory-As-A-Service Setup and Installation
  - Unsupported - Microsoft Azure Virtual Desktop
Deployment & Configuration
- Advanced Configurations
  - How to protect Remote Desktop using Evo Security (RDP Support)
- Scripts & Automation
  - Deploy & Uninstall Evo Agent via PowerShell
  - Deploying the Evo Agent using ConnectWise RMM
- Branding & Customization
  - How do I update the Logos to match my company brand? (Web Page and Agent)
Product Information
- MFA
  - Getting Started: Multi-Factor Authentication
  - Setting up Microsoft Authenticator for MFA
  - Email Campaigns for Onboarding Users
- SSO/ SAML
  - What SAML integrations are available?
  - Passwordless Login
  - How do I add a rule for single sign-on (SSO) expiration
  - Identity Provider (IdP) Login
  - Connect Web Apps via SAML with Evo: Version 3
  - Azure AD/On-Prem AD Hybrid Environment - Federating Microsoft 365 Domain
  - Azure AD - Federating Microsoft 365 domain
  - WS-Federation integration for Office 365 login
  - Setting up SAML with Salesforce
  - Setting up SAML with Dropbox
  - Setting up SAML with Liongard
  - Setting up SAML with Auvik
  - Setting up SAML with Domotz
  - Integrating Evo with IT Glue
- Tech Elevation
  - Getting Started: Technician Elevation
  - Technician Elevation: Extended User Access Control session
  - Technician Elevation: Just-in-Time Accounts
  - Local Admin Accounts
  - Web Accounts
- End User Elevation
  - Getting Started: End User Elevation
  - Usage Guide: End User Elevation
  - End User Elevation: Custom Branding
- Help Desk Verification
  - Getting Started: Help Desk Verification
  - Help Desk Verification with Microsoft Authenticator and Evo Secure Login
- Agents
  - Windows Agent Deployment
  - LDAP Agent Settings Editor
  - macOS Agent Deployment
  - How do I update Evo software?
- RADIUS
  - Getting started: RADIUS Server
  - RADIUS - Secure RADIUS Servers with TLS/radsecproxy (CVE-2024-3596)
Evo Portal
- Navigation & Managment
  - Welcome to the Evo Portal!
  - Policies Page
  - Deployment Tokens
  - Access Tokens
  - Keys (Hardware Keys) Page
  - Role-Based Permissions / List of Roles
- User & Directory Management
  - How do I manage my user licenses? (Billing and Administration)
Integrations
- PSA & Password Sync Integrations
  - Evo Password Integration with ITGlue
  - Integrating Evo with Halo PSA
  - Evo Password Integration with Hudu
  - Evo Integration with Autotask
  - Evo Integration with ConnectWise
- Microsoft EAM Integration
  - Microsoft EAM integration
User Onboarding & Guidance
- MFA & Access Behavior
  - How does the "MFA Status" toggle work?
  - MFA Grace Period
  - Temporary Authentication Lockout
- Account Management
  - How do I reset my Evo password?
  - How do I see authentication activity?
  - How do I convert user types?
  - How do I manage my users / users devices?
- End User Documentation
  - How do I register my device?
  - Evo Authenticator watch app
  - Using Evo Secure Login (End User)
  - Using Evo Security (End User) - Azure AD
  - Using Evo Security (End User) - Active Directory
Troubleshooting & FAQs
- Directories Troubleshooting
  - Troubleshoot issues with the Evo LDAP Agent
  - On-prem AD Virtual Machine hosted on Azure (timeout settings)
- Secure Login Troubleshooting
  - Error: Login Denied due to Temporary Lockout
  - Error Message: the account is disabled or not found
  - How to Fix Secure Login Always Requests Offline Code
  - How to use Offline code to login to Windows machine without Internet
  - Evo Secure Login for Windows / Troubleshooting Secure Login
- Elevated Access Troubleshooting
  - Error: The user has not been granted the requested logon type at this computer
  - How to Troubleshoot Elevated Access / Domain Accounts
- Mobile App Troubleshooting
  - Troubleshooting Evo Authenticator Mobile App Issues
- End User Troubleshooting
  - User cannot login after changing email
Support & Resources
- Support & Resources
  - Support & Feature Requests
  - Common Support Issues
More

Evo Prerequisites & Supported Operating Systems

Last updated on February 12, 2026

An Email to create as the Super Admin account.

We recommend using a Shared mailbox or Distribution group for the Super Admin account. You will use this as your “Break Glass” account into Evo. Once we sync over your Directory User info, you will use your normal email address to manage Evo.

NOTE: If using Spam/Email Protection Software, make sure to whitelist Evo's domain <evosecurity.com> to prevent important communications from being blocked.

Mobile Device or Hardware Token to receive push notification

Download the EVO App from the Apple Store or Google Play Store

QR codes can be sent out or generated to enable once your portal is setup.

More information on supported authentication methods can be found here

Windows:

Windows Server 2016 or higher

Windows Desktop 10 or higher

Intel 64-bit Chipset architecture

ARM 64-bit Chipset architecture

Mac:

macOS 26.x - Tahoe

macOS 14.x - Sonoma

macOS 13.x - Ventura

Access to a Windows test machine

Windows 10 or above is required.

Access to Windows Login Prompt (UAC) on the machine.

We will install the Evo Agent to this machine. Once installed you will be able to test MFA, Technician Elevation, and End User Elevation

Ability to copy and paste text from your computer to this test machine

NOTE: For Azure or Domain joined environments, the test machine MUST be joined to the domain.

Access to your Domain Controller (for On-Prem Only)

We will install the Evo LDAP agent onto your primary DC

Server must be 2016 or Higher

.NET Framework 4.7.2 (or higher) has been installed on the server.

All users have been created under the Active Directory.

All users have a unique email address, specific to their user.

All users are a member of a group to be synced.

When installing an Evo LDAP Agent or the Evo Credential Provider, the following considerations should be made. (Evo Agents only require outbound connectivity via the listed ports)

Allowed List URLs for Firewall

URL	Port
ifconfig.me	443 (LDAP and Credential Provider)
api.evosecurity.com	443 (LDAP and Credential Provider)
sync-api.evosecurity.com	443 (LDAP Only)
a3k8pqjo2tpsr9-ats.iot.us-east-1.amazonaws.com	8883 (LDAP Only)
beacon-api.evosecurity.com	443 (LDAP and Credential Provider)

Allowed List IP Addresses for Firewall

3.17.228.65

3.20.248.76

3.129.178.76

Allowed List Domain for Network and Email

URL	Description
*.evosecurity.com	Secured with TLS 1.2/1.3 (HTTPS); if you are on a network with SSL inspection or decryption, you might need to bypass decryption for the evosecurity.com CNAME of your instance.

Allowed List folders and files for Endpoint Protection

Exclusions for Anti Virus ( AV ) & or Endpoint Detection and Response ( EDR )

C:\Program Files\EvoSecurity\EvoAgent\AgentRequestViewer.exe

C:\Program Files\EvoSecurity\EvoAgent\CredProAgentNotifier.exe

C:\Program Files\EvoSecurity\EvoAgent\EvoAgentTray.exe

C:\Program Files\EvoSecurity\EvoAgent\EvoConsentUI.exe

C:\Program Files\EvoSecurity\EvoAgent\EvoSecureLoginAgent.exe

C:\Program Files\EvoSecurity\EvoAgent\EvoSettingsEditor.exe

C:\Program Files\EvoSecurity\EvoAgent\EvoUpdater.exe

C:\Program Files\EvoSecurity\EvoAgent\MSIExecProxy.exe

C:\Program Files\EvoSecurity\EvoAgent\UACExtenderUI.exe

Did this answer your question?

😞

😐

🤩

About Evo Security Getting Started: MSP Onboarding Guide