NinjaOne Platform: Agent Tokenization

Topic

This article describes how to automatically assign critical information about target endpoints to the NinjaOne agent during deployment.

Environment

NinjaOne Platform

Description

You can use alphanumeric tokens with a specialized "generic" agent installer when deploying the NinjaOne agent to Windows, Linux, and macOS endpoints. The tokens represent each agent's server, organization, location, and role. This approach simplifies script-based installations, speeds up mass deployments, and offers multiple advantages over traditional workflows. For example:

• Installation of the generic agent is much easier to automate with a script. All you need is a way to modify the token in the script (such as a command line parameter) to create a customized installation routine for a server, organization, location, and role. And if you're migrating to NinjaOne from a platform with preexisting scripts, it's even easier.
• The traditional, operating system-specific installers deploy to static folders, but the token-compatible version can create dynamic installation folders based on the organization name.
• We host the token-compatible installer at a URL that never changes. It always has the most up-to-date version of our agent, so you don't need to update your script or any other files when we release new versions of the agent.

Select a topic to continue.

• Video
• What does Automatic Tokenization do when enabled?
• Managing the Installer in NinjaOne
  • Revoking Tokens
• Viewing Installer Details
• Additional Resources

Video

How to Deploy the NinjaOne Agent (NinjaOne, Inc., 07:10:00)

Chapters

0:00 - Dedicated Installer Generation
2:30 - Tokenized Installer (Mass Migrations)
4:16 - Revoking Tokens
5:08 - Leveraging Tokens in a Script
6:32 - AD and Intune Deployment

What does Automatic Tokenization do When Enabled?

When Automatic Tokenization is enabled, the system automatically generates a token for every combination of location and organization. This process will continue as new organizations and locations are added.

If Automatic Tokenization is deactivated, NinjaOne will no longer automatically create tokens for new locations and organizations. However, the system will still automatically generate tokens when a new device is added, based on the selections made during the device addition process. Therefore, while the generation is still "automatic," the user must add a device to trigger the token creation.

This is the key difference: With automatic tokenization active, tokens are created proactively for all potential combinations without additional user action, whereas with automatic tokenization inactive, tokens are only created as needed during device addition.

Managing the Installer in NinjaOne

The generic installer includes options for uninstall prevention, deduplication, and automatic token creation. You can manage these features from within NinjaOne by navigating to Administration → General → Settings → Agent Installer.

The Agent installer pane enables you to configure these settings:

• Uninstall prevention: When active, end users cannot uninstall the NinjaOne agent from endpoints where it is present.
• Agent deduplication: Enable deduplication to detect and automatically merge duplicate device entries found in NinjaOne during deployment.
• Automatic token creation: To automatically create generic agent tokens for all of your NinjaOne Organizations and Locations, ensure that this option is not deactivated.
• Installer Management: Activate this setting to show the Agent Installers feature on dashboard pages.

Revoking Tokens

You can revoke tokens from a single device or many devices at once.

Revoking a Single Token

To revoke a single token:

1. In NinjaOne, access the dashboard for the selected organization or system.
2. Open the Devices tab and select Agent Installers.

3. In the Agent Installers table, move your cursor over the entry for the device you want to revoke, then click the gear icon and select Revoke from the drop-down menu.

Once you've revoked access for one or more devices:

• Agent Installer table entries for revoked devices will be set to a disabled state.
  • The device's Status column will report it as Inactive.
  • The Revoked date and Revoked by columns will populate with the date the revocation took place and the ID of the user who performed the action
• The NinjaOne Activities log will record an entry containing "Activity: Org Updated → Agent Installer Revoked."

Revoking Multiple Tokens

To revoke multiple tokens:

1. In NinjaOne, access the dashboard for the selected organization or system.
2. Open the Devices tab and select Agent Installers.
3. In the Agent Installers table, select the checkboxes for each device you want to revoke.
4. Click Revoke.

Viewing Installer Details and Obtaining the Install Command

To view the details for installers assigned to a particular organization or system, perform the following steps:

1. In NinjaOne, access the dashboard for the selected organization or system.
2. Open the Devices tab and select Agent Installers.
3. Click the value shown in the Token column for the installer you want to review.

The Installer details modal will open, displaying information similar to the example shown in the following Figure.

With the token Installer details modal open, you can select a new operating system or distribution type, which will generate a URL, command, and download file that you can use to install the token. 

Additional Resources

To learn how to deploy the NinjaOne agent to supported endpoints, refer to the following articles:

• Tokenization Troubleshooting: Installation Issues
• Agent Installation: Add a Windows Device
• Agent Installation: Add a Mac Device
• Agent Installation: Add a Linux Device
• Learn about cross-platform software (external link)