When a new Entra ID account is requested, idemeum cloud leverages Entra ID APIs to create it. One of the values that is passed is the password for the account. Idemeum will randomly generate a 12-character password for the account. These passwords are very secure and are close to impossible to crack today.
Passwords that get generated for Entra ID accounts are stored using zero-knowledge encryption. Once the account is created and the password is passed to Entra ID, password is encrypted with the master key in the browser on the client side and is stored in the encrypted format. The password can only be decrypted when a technician logs into the idemeum portal with a mobile device.
Idemeum will disable the admin Entra ID account after a certain period of time. By default the value is 4 hours. When technician requests the account again, the same account will be used, it will be enabled, and the password will be rotated to a new Entra ID 12-character random password.