Skip to main content

Elevated Access to Entra ID

Entra ID password security

Idemeum cloud will automatically rotate passwords for Entra ID technician accounts.

Password generation

When a new Entra ID account is requested, idemeum cloud leverages Entra ID APIs to create it. One of the values that is passed is the password for the account. Idemeum will randomly generate a 12-character password for the account. These passwords are very secure and are close to impossible to crack today.

Password storage

Passwords that get generated for Entra ID accounts are stored using zero-knowledge encryption. Once the account is created and the password is passed to Entra ID, password is encrypted with the master key in the browser on the client side and is stored in the encrypted format. The password can only be decrypted when a technician logs into the idemeum portal with a mobile device.

🔒
Idemeum team can not decrypt your passwords. Even if our cloud gets compromised, none of your passwords can be decrypted by attackers.

Password rotation

Idemeum will disable the admin Entra ID account after a certain period of time. By default the value is 4 hours. When technician requests the account again, the same account will be used, it will be enabled, and the password will be rotated to a new Entra ID 12-character random password.