View Source

To download offline tokens from the DualShield MFA server, follow the steps below:

Configure the Computer MFA Logon Agent

In the "config.json" file that is to be distributed with the Computer MFA Logon Agent to the users' PCs, add the value below to the "token_download_endpoint" key:

"token_download_endpoint": "https://admin.safeid.io/api/ComputerLogon/GetTokens"

Below is an example:

DualShield MFA Platform > Download offline tokens from Safe Token Service > image-2026-2-2_14-19-9.png

Configure the SafeID Token Service

In your SafeID Token Service account, you need to create a Computer Logon policy:

DualShield MFA Platform > Download offline tokens from Safe Token Service > image-2026-2-2_15-0-46.png

Enable the "Token Download Allowed" option, and bind the policy to all users or to specific users only.

Click the "Update" button to save the policy

Now, navigate to "User Directory"

DualShield MFA Platform > Download offline tokens from Safe Token Service > image-2026-3-24_14-2-24.png

Click the ACTIONS menu of your Entra ID user directory, e.g. "Deepnet Security (Entra ID)" and select "Edit":

DualShield MFA Platform > Download offline tokens from Safe Token Service > image-2026-3-24_13-55-46.png

Copy the Application (client) ID of the enterprise application that you had set up for Computer MFA Logon in your Entra ID tenant, and paste it into the "Computer Logon Application ID" box.

Finally, click the "Save" button to save the change.