Skip to main content

Just-in-time admin accounts

Offline access to computers

When computers are offline, technicians can use one-time codes to login or elevate.

Overview

When computer is online, technicians can access customer workstations with a variety of methods, including scanning a QR-code or triggering a push notification. And when the computer is offline, technicians can use one-time code to access the workstation.

This one-time code is unique, it is associated with a shared or named admin account, and it is based on TOTP protocol that changes the code every 30 seconds. The code can be retrieved from a mobile device, and it is available for each workstation.

Offline access multi-factor?

Logging in with one-time code is still considered secure and multi-factor. As a technician you still need to have your mobile device, and you still need to unlock the idemeum application with your biometrics before you can access and retrive the one-time code.

What is more, access to one-time codes is captured in the audit logs.

nik@nikpot.com accessed offline code for Desktop machine W11-L-PASSWORD.

How to login with one time code

  • When the computer is offline, idemeum credential provider will automatically switch to offline mode. Instead of displaying the QR-code for elevated access, it will show the username and offline secret fields.
  • To retrieve your username and offline code for this workstation:
    • Open your idemeum mobile application
    • Search for the workstation name that you need to log into
    • Click on ...
    • And you will be presented with the username to use and your offline code, which changes every 30 seconds