Agentless
Agentless Sign-In lets users authenticate and verify device security without installing the XFA agent. It uses browser signals, discovery data, and device-trust connectors where available, so XFA can allow, warn, or block access based on the policy without taking control of the device.
How to Enable Agentless Sign In
To enable agentless sign in for your organization:
-
Navigate to Policies
- Go to your XFA dashboard
- Click on "Policies" in the navigation menu
-
Select Your Policy
- Choose the policy you want to modify
- Click on the policy to open the configuration options
-
Enable Agentless Sign In
- Look for the "Allow Agentless sign in" option in the policy settings
- Check the box to enable this feature
- Click "Save" to apply the changes

Important Considerations
Mutual Exclusivity with Skip Device Verification
Agentless sign in and "Allow users to skip the device verification" cannot be enabled simultaneously.
- If you enable agentless sign in, the skip option will be automatically disabled
- If you enable skip device verification, agentless sign in will be automatically disabled
- This ensures that your security policies remain consistent and effective
How It Works
When agentless sign in is enabled:
- Users will see both "Download & Install XFA" and "Agentless sign in" options on the login page
- Users can choose agentless sign in to proceed without installing the XFA agent
- Device compliance is still checked, but without requiring the agent installation
- Users will see the same compliance results (OK, Warning or Blocked)
For more information about the user experience with agentless sign-in, see our user documentation.