MSP guide - Endpoint Privilege Management (EPM)

Create customer

As a first step we will create a customer tenant / organization for which we will be testing elevation control.

• Login to your MSP idemeum admin portal
• Navigate to Customers
• Click Add customer → Add manually

• Provide the customer name (will be used as a subdomain of your MSP tenant) and display name (the friendly display name of a customer tenant)

• Save the tenant configuration

Install idemeum agent

• Access admin portal of the customer tenant
• Navigate to Devices → Installation
• Copy the script (MacOS or Windows) and execute it as admin user on Windows or MacOS workstation

• Once the agents are properly installed, they will start showing up in the Devices section.

Turn on elevation mode

Once the mode is turned on to rules for the workstation, idemeum will start intercepting the elevation requests and offering the user the option to request an approval from IT team.

• Access the admin portal of your customer tenant
• Navigate to Devices
• Search for the device you are testing, click on ... and choose Set elevation mode

• Choose rules mode and click Configure

Test elevation requests

• Login into a workstation as a standard user
• Launch an application that requires admin privileges
• You will be presented with a dialog for IT approval
• Once requested, you will receive a notification to a mobile device
• You can allow or deny this request with mobile or web portal

Create elevation rules

You can create elevation rules of you want to automatically deny or approve certain actions on user endpoints. More about the rules below.

Elevation rules

Create rules to define what privileged actions are allowed on workstations.

idemeum docsNik Pot

Questions?

If you have any questions please join our Discord chat, and we will help.