Passwordless MFA for Workstations


idemeum Passwordless MFA can be integrated with your Windows and MacOS workstations to protect login with secure unphishable MFA. We developed a desktop application that once installed on your workstation can be paired with idemeum mobile application. As a result, you can login into your workstation by simply scanning a QR-code and approving with biometrics.

Supported use cases

Here are the use cases that idemeum supports today.

OSTypeLogin typeDedicated userShared users
WindowsLocal usersQR-codeYesYes
WindowsDomain-joinedRFID badgeNoYes

Supported scenarios

  • Type - computer type, whether it is joined to Active Directory domain or used only with local accounts.
  • Login type - defines how users access the workstation. Either using mobile app to scan the login QR-code, or leveraging RFID badge to access workstation.
  • Dedicated user - workstation is accessed only by the user who installaed desktop application and paired with mobile device. No other users can login into workstation.
  • Shared users - multiple users can access workstation with mobile device or RFID badge.

Supported login methods

Login methodStatusDescription
Login with QR-codeonlineLogin by scanning QR-code with idemeum app
Login with OTPofflineLogin with one-time code that you retrieve from mobile app

How desktop MFA works

idemeum desktop client leverages virtual smart cardsopen in new window (certificates) to enable passwordless login into workstations. When idemeum desktop app is installed on a computer, we create a custom credential provideropen in new window that will be processing authentication requests and logging the users with passwordless MFA instead of username and password. idemeum supports both domain joined and non-domain joined machines with user experience being completely the same.

Passwordless for desktops