Support Center > Search Results > SecureKnowledge Details
Harmony Connect App - Best practices for wide deployment Technical Level


Harmony Connect App secures your employees everywhere and protects them from Internet cyber-threats. The best way to quickly activate the app for all of your end users is to use endpoint management tools that can push apps to the managed devices.

Examples of unified endpoint management tools:
  • Check Point SmartEndpoint for Endpoint Compliance 
  • Microsoft System Center Configuration Manager (SCCM) or its cloud product Microsoft Endpoint Manager (formerly known as Intune)
  • Jamf
  • Altiris
  • HP Intelligent Management Center (IMC)
  • Symantec Endpoint Management
In addition, other common endpoint management software packages support this seamless software distribution workflow.


  1. Navigate to Settings > Identity Provider and connect your identity provider.
  2. Navigate to Assets > Users & Devices, click Download App and select to download the .msi installer for Windows (.dmg installer for Mac is coming soon). This installer is universal and does not contain any company or user-related information.
    1. Note that the Download App option only appears at Users & Devices page if an identity provider was connected. 
  3. Use your endpoint management tool to distribute this application across your selected managed user endpoints. Configure to install the app silently using this command:
    msiexec /i HarmonyConnect.msi /qn
  4. After the app completes its installation, it activates itself based on the end user's logged-on domain and logged-on username.
    • The app retrieves the logged-on domain using this logic:
      • It checks the User Principal Name (UPN) of the machine by running
        whoami /UPN
        and then checks which Infinity Portal Account is mapped to this domain.
      • If the previous call did not retrieve any domain, or if none of the Infinity Portal Accounts have this domain as a verified domain, the app then checks from the environment variable
        and matches it with the verified domain that was added as part of the identity provider connection.

    • The app retrieves the logged-on username when it opens a tab at the end user's default browser and attempts to get the end user name through the browser cookies. 

    • The two actions above guarantee a zero-touch activation experience for most of the end users. In case your managed devices are not configured with the above domain address or you did not configure a seamless single sign-on (SSO), the end users have to enter manually their email address and corporate credentials.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document