About employee onboarding

Remember the meme "On the Internet, nobody knows you're a dog"? It was drawn by Peter Steiner and published by The New Yorker on July 5, 1993. It is still as true today as ever.

Today when employees are onboarded into an organization, especially in remote setting, it is hard to verify digital identity and make sure the employee is who she claims to be. Typically IT teams generate password and share that password either using email or a printed piece of paper. When that password is used, there is no guarantee that it was used by intended recipient.

While insecure, this process is also very complicated. It requires users to change credentials upon initial login and go through lengthy manuals to configure and enroll into Multi Factor Authentication. IT teams need to orchestrate this process and constantly be on the look out in case something goes wrong and employees need help.

Proper IT onboarding consists of two steps: verifying identity and onboarding into secure access. idemeum can do both very simply leveraging our passwordless MFA app.

In this post we will focus on passwordless access onboarding, and you can learn more about how idemeum handles identity verification in our other post.

Remote identity verification
Learn how idemeum can perform remote identity verification with government issued ID.
idemeum documentationNikolay Poturnak

How passwordless onboarding works

Here at idemeum we completely reimagined how employees need to be onboarded into an organization. We made the process simple, secure, and HR system driven.

  • Simple - no need to deal with credentials. No need to have separate apps for MFA. No need to go through lengthy MFA enrollment manuals. Employees simply install idemeum mobile app and verify digital identity. They verify email address, phone number, and optionally ID document.
  • Secure - idemeum eliminates passwords end to end and instead uses a combination of biometrics and crypto certificates that reside in hardware-backed storage on a mobile device.
  • HR system driven - when employees add digital identity claims to idemeum mobile app (email, phone number, ID document) and scan company QR code to onboard, idemeum verifies employee record against HRMS system and then onboards employee into organization.

Let's look at how passwordless onboarding works behind the scenes.

  1. Employee installs idemeum application from the app store. Typically upon hiring an employee, welcome email is sent to a personal email address asking employee to download and install idemeum.
  2. Employee goes through 2 min set up process: enable biometrics, verify email address, phone number, or ID document. Information required to verify identity is configurable by company admin. Some companies might choose to only require employee to verify phone number. Some companies might be more strict and require remote ID document verification.
  3. Employee navigates to company application portal and scans idemeum QR code. Login will need to be approved with biometrics.
  4. Upon approval, information from mobile device is used to search for employee record in company HR system (HRMS). Employee record can be searched by email address, phone number, or first name / last name.
  5. If the employee record is found, employee is onboarded, assigned corporate email address, and granted access to all necessary company applications.

How to configure passwordless onboarding

In the admin portal you can choose what verified claims you require employees to have to be able to onboard into organization. You can choose email, phone number. first name / last name, or any combination of them.

For instance you can only require employees to verify email address. As a result only email address will be used to look up user record in HRMS to onboard an employee.