What is idemeum Passwordless MFA?

idemeum Passwordless Multi-Factor Authentication (MFA) is a mobile app that users install on iOS and Android devices. Once installed it becomes a secure biometric key to access all company resources, including SaaS applications, VPN, Wi-Fi, password manager and more.

How is it passwordless?

Classic MFA experience requires employees to use several factors for authentication. For example, first an employee enters username and password, and then she retrieves one-time password (OTP) from a mobile app and enters it as well to complete a login process.

idemeum simplifies user experience and makes employee logins completely passwordless. When accessing a company resource, an employee sees a QR-code. Then she uses idemeum MFA app to scan the QR code and approve login with biometrics. That is it. The login experience becomes highly secure, yet very user friendly.

How is it multi-factor?

idemeum is highly secure as it uses the combination of 2 factors to authenticate users:

  • PKI certificates that are securely stored in hardware-backed storage on a mobile device. This is considered a something you have factor.
  • Biometrics that are requested using built-in mobile biometric sensors (i.e. Face ID scanner). This is considered a something you are factor.

You can learn more about security in our white-paper.

How is it decentralized?

When users install idemeum mobile application they verify personal identity claims, such as email address, phone number or ID document. We do not store any of users' personal information in our cloud. idemeum offers a decentralized design with personal identity claims persisted only in the mobile application.

How to use idemeum MFA for login?

idemeum Passwordless MFA offers biometric based login across devices and application types. Your users can use idemeum to login to SaaS applications on desktop or to native / browser based applications on mobile. We offer truly cross-platform cross-device experience. idemeum offers various login flavors including QR-code login, login with push notification, or login with local biometrics. You can learn more about supported login types here.

How can new hires onboard with idemeum MFA?

idemeum Passwordless MFA is very intuitive, as it offers a self-service experience for onboarding as well as recovery and involves 3 simple steps:

  1. Install idemeum Passwordless MFA
  2. Verify identity using personal information
  3. Onboard into organization to access all company resources

Can I use idemeum with my SSO provider?

If you already have an Identity Provider (IdP), such as Azure AD, Okta, or OneLogin, you can still use idemeum Passwordless MFA. It integrates with your identity Provider in minutes and makes your existing infrastructure passwordless. You can learn more about available integrations in our integrations portal.

What happens if I loose my device?

idemeum offers simple, intuitive and very secure recovery options.

1. Self-service user recovery

This option does not require any admin actions. User can self-recover using recovery QR-code that they store offline or in Cloud storage.

You can learn more here.

2. Admin controlled user recovery

This option is useful when users no longer have access to recovery QR-code. Users can request recovery from new device, and admins can approve the recovery request from admin portal.

You can learn more here.

You can learn more in our Device recovery section.

App overview


Home screen is where you can immediately access your applications with a simple click. Great thing about idemeum is that it aggregates all Single Sign-On (SSO) and password-based applications in a single place. If you click on SSO application, it will launch seamlessly without any passwords. If you launch password based application, it will launch, password will be auto-filled, and you will be logged in.

idemeum Home screen


In profile section you can add your verified digital identity claims. These claims will be used to onboard you into your organization. idemeum supports verifying the following personal claims:

  1. Email address
  2. Phone number
  3. Government issued ID
idemeum Home screen


Clicking on Login will open the camera to scan the QR code.

idemeum Home screen

Once you scan a valid QR code you will be redirected to login approval screen. On that screen you will be able to approve login and perform biometric scan.

idemeum Home screen


Activity is a section where you will see information about various application activity, such as adding a new email address, or logging into an application.

idemeum Home screen


In the settings section you will be able to set up your application security settings and get information about application version and your decentralized identifier (DID).

idemeum Home screen
  1. Share feedback - you will be able to share suggestions and requests with idemeum team
  2. Request help - this section will present options for how to contact idemeum team
  3. Recovery code - in case your device is lost or stolen, you will be able to recover your data only with recovery code. In this section you will have an option to print your recovery QR code or save it to cloud storage. You can learn more about device recovery here.
  4. About - information about your app: version, your unique identified (DID), and where the crypto keys are stored.