Co-managed JIT login
Onboard admins of your customers so that they can perform JIT logins, access credentials, and approve elevation requests.
Overview
With idemeum you can onboard customer admins with a mobile app, and allow them to manage elevation requests and perform JIT logins into customer workstations.
- You need to onboard co-managed admin into a customer tenant, not into your MSP tenant
- Once onboarded, you need to promote the user to admin, and that user will automatically assume the role of
co-managed
user - We automatically generate the username for co-managed user and prefix it with
co-
. For instance, for usernik@company.com
the username will beco-nik
. You can change this username to whatever you like when creating the user.
❗
The reason we use prefix is to avoid taking over the existing customer account if that exists. When you choose to use custom username, make sure it does not overlap with existing accounts.
Configuration
- Navigate to your customer tenant admin portal where you would like to onboard co-managed user
- Click on
Customer users
and chooseAdd user
- Create the user record by providing first name, last name, and the email address. We will automatically generate the username.

- Now the user installs idemeum mobile app, verifies the email address that was used when creating the user record, navigates to the customer tenant URL and scans the QR-code.
- After the user is successfully onboarded, you click on
...
next to that user record and chooseMake admin

- Once you promote the user to admin, the user record will be assigned the
co-managed
status.

- The user can now access workstations with JIT login and will be able to approve elevation requests.