Entra ID password security
Idemeum cloud will automatically rotate passwords for Entra ID technician accounts.
Password generation
When a new Entra ID account is requested, idemeum cloud leverages Entra ID APIs to create it. One of the values that is passed is the password for the account. Idemeum will randomly generate a 12-character password for the account. These passwords are very secure and are close to impossible to crack today.
Password storage
Passwords that get generated for Entra ID accounts are stored using zero-knowledge encryption. Once the account is created and the password is passed to Entra ID, password is encrypted with the master key in the browser on the client side and is stored in the encrypted format. The password can only be decrypted when a technician logs into the idemeum portal with a mobile device.
Password rotation
Idemeum will disable the admin Entra ID account after a certain period of time. By default the value is 4 hours. When technician requests the account again, the same account will be used, it will be enabled, and the password will be rotated to a new Entra ID 12-character random password.