Installation Guide

This guide provides detailed instructions for installing and configuring the Crayonic Credential Manager.

Table of Contents

1. System Requirements
2. Installation Methods
3. Standard Installation
4. Silent Installation
5. Manual Installation
6. Post-Installation Configuration
7. Upgrading from Previous Versions
8. Uninstallation
9. Troubleshooting Installation Issues

System Requirements

Hardware Requirements

• Processor: 1 GHz or faster
• RAM: 2 GB minimum, 4 GB recommended
• Disk Space: 100 MB for application files
• USB Port: For connecting security keys

Software Requirements

• Operating System: Windows 10 (1903 or later) or Windows 11
• .NET Framework: 4.8 or later
• Browser: Microsoft Edge or Google Chrome for authentication flows
• Windows WebAuthn API: Included in supported Windows versions

Network Requirements

• Internet connection for Entra ID authentication
• Outbound access to the following domains:
• login.microsoftonline.com
• graph.microsoft.com
• *.windows.net

Administrative Requirements

• Local administrator privileges for installation only
• Entra ID account with appropriate permissions for application use with following roles and/or permissions:

Role	Can Create Users	Can Manage Passkeys	User Scope	Recommended Use
Global Administrator	✅ Yes	✅ Yes	All users (including admins)	Not recommended (too broad)
Privileged Authentication Administrator	✅ Yes	✅ Yes	All users (including admins)	✅ Recommended for full functionality
User Administrator	✅ Yes	❌ No	Non-admin users only	User creation only
Authentication Administrator	❌ No	✅ Yes	Non-admin users only	Passkey management only

Permission Matrix by Operation

Operation	Required Permission	Minimum Role	Can Manage Admin Users
Search Users	User.ReadBasic.All	Authentication Administrator	❌
Read User Profile	User.Read	Authentication Administrator	❌
Create Users	User.ReadWrite.All	User Administrator	❌
List User Passkeys	UserAuthenticationMethod.ReadWrite.All	Authentication Administrator	❌
Create Passkeys	UserAuthenticationMethod.ReadWrite.All	Authentication Administrator	❌
Delete Passkeys	UserAuthenticationMethod.ReadWrite.All	Authentication Administrator	❌
Manage Admin User Passkeys	UserAuthenticationMethod.ReadWrite.All	Privileged Authentication Administrator	✅
Create Admin Users	User.ReadWrite.All	Privileged Authentication Administrator	✅

Installation Methods

Standard Installation

1. Download the MSI installer from the official distribution channel
2. Right-click the MSI file and select "Install" or double-click to run
3. If prompted by User Account Control, click "Yes" to allow the installation
4. Follow the on-screen instructions in the installation wizard
5. Click "Finish" to complete the installation

The application will be installed to C:\Program Files\Crayonic Credential Manager by default, and shortcuts will be created in the Start Menu and on the Desktop.

Silent Installation

For automated deployment in enterprise environments, you can use the following command to install silently:

# Basic silent installation
msiexec /i CrayonicCredentialManager-1.0.0.msi /quiet

# Silent installation with logging
msiexec /i CrayonicCredentialManager-1.0.0.msi /quiet /l*v install_log.txt

# Silent installation with custom installation directory
msiexec /i CrayonicCredentialManager-1.0.0.msi /quiet INSTALLFOLDER="D:\Applications\Crayonic"

Manual Installation

If you need to install the application manually:

1. Extract the contents of the ZIP archive to a directory of your choice
2. Run Fido2UI.exe to start the application
3. Optionally, create shortcuts manually:
4. Right-click Fido2UI.exe and select "Create shortcut"
5. Move the shortcut to your desired location (Desktop, Start Menu, etc.)

Post-Installation Configuration

Application Registration in Entra ID (One time setup)

1. Download Portable App Manifest JSON file from MANIFEST
2. Sign in to the Azure Portal
3. Go to Entra ID → App registrations → New registration.
4. Name: Crayonic Credential Manager → Supported account types: keep Single tenant (AzureADMyOrg) or choose Multitenant (AzureADMultipleOrgs).
5. After creation, copy Application (client) ID → this is your {{APP_ID}}.
6. Open Authentication:
7. Click Add a platform → Mobile and desktop applications.
8. Add both redirect URIs:
   • ms-appx-web://Microsoft.AAD.BrokerPlugin/{{APP_ID}}
   • msal{{APP_ID}}://auth
9. Save.
10. Open Manifest:
11. Paste the contents of portable-app-manifest.json,
12. Replace:
    • {{APP_ID}} with the client ID from step 5.
    • {{CUSTOMER_PUBLISHER_DOMAIN}} with your verified domain (or remove that line).
13. Save.
14. Open API permissions:
15. You will see Microsoft Graph permissions from the manifest. Click Grant admin consent.
16. Note the Application (client) ID, Directory (tenant) ID, and client secret for use during First-Time Setup below

First-Time Setup

1. Launch the application from the Start Menu or Desktop shortcut
2. The application will create necessary configuration files on first run
3. No additional configuration is required for basic functionality

Environment Variables (Optional)

For non-interactive authentication, you can set the following environment variables:

# Set environment variables for the current session
$env:ENTRA_TENANT_ID = "your-tenant-id"
$env:ENTRA_CLIENT_ID = "your-client-id"
$env:ENTRA_CLIENT_SECRET = "your-client-secret"

# To set permanently for the system (requires admin)
[System.Environment]::SetEnvironmentVariable("ENTRA_TENANT_ID", "your-tenant-id", "Machine")
[System.Environment]::SetEnvironmentVariable("ENTRA_CLIENT_ID", "your-client-id", "Machine")
[System.Environment]::SetEnvironmentVariable("ENTRA_CLIENT_SECRET", "your-client-secret", "Machine")

Upgrading from Previous Versions

To upgrade from a previous version:

1. Download the latest MSI installer
2. Run the installer
3. The installer will automatically detect the previous installation and upgrade it
4. Your settings and configuration will be preserved

Uninstallation

To uninstall the application:

1. Open "Settings" > "Apps" > "Apps & features"
2. Find "Crayonic Credential Manager" in the list
3. Click on it and select "Uninstall"
4. Follow the on-screen instructions to complete the uninstallation

Alternatively, you can use the following command for silent uninstallation:

msiexec /x CrayonicCredentialManager-1.0.0.msi /quiet

Troubleshooting Installation Issues

Common Installation Issues

Error: "This installation package could not be opened"

Cause: The MSI file may be corrupted or incomplete.

Solution: Re-download the MSI file and try again. Verify the file integrity if a checksum is provided.

Error: "Another version of this product is already installed"

Cause: A previous installation was not properly removed.

Solution: Uninstall the existing version first, then install the new version. If uninstallation fails, use the Microsoft Install/Uninstall Troubleshooter.

Error: ".NET Framework 4.8 is required"

Cause: The required .NET Framework version is not installed.

Solution: Download and install .NET Framework 4.8 from the Microsoft website, then try the installation again.

Installation Logs

If you encounter issues during installation, check the Windows installation logs:

1. Open Event Viewer (eventvwr.msc)
2. Navigate to "Windows Logs" > "Application"
3. Look for events with "MsiInstaller" as the source

For more detailed logging, run the installation with logging enabled:

msiexec /i CrayonicCredentialManager-1.0.0.msi /l*v install_log.txt

This will create a detailed log file that can help identify installation issues.

Getting Help

If you continue to experience installation issues:

1. Check the Troubleshooting Guide for common solutions
2. Check for community discussions and reported issues
3. Contact support at support@crayonic.com with details about your issue and any error messages

---

© 2025 Crayonic. All rights reserved.