Skip to main content

Quick-Start Guides

🟢 Quick-start - Elevated Access to Entra ID

In this guide we will set up Elevated Access to Entra ID for MSPs. Technicians can request Just-in-time admin accounts for customer Entra ID tenants and access them from idemeum portal.

Sign up for idemeum MSP tenant

If you have not created your idemeum cloud tenant yet, please follow the steps below to create a trial tenant for your organization.

How to create idemeum cloud tenant
Create idemeum cloud tenant for your organization so that you can test various idemeum services.

Enable cloud directory for your MSP tenant

To manage identities of your MSP technicians we will leverage idemeum local directory. To enable local directory:

  • Navigate to https://<your-msp-domain>.idemeum.com/adminportal
  • Access UsersUser source and choose Local
  • Save the configuration

Create accounts for your technicians

Now you can add your technicians to your MSP tenant local directory. Once onboarded they will be able to login to your MSP tenant and also customer tenants with a mobile device.

  • Navigate to your MSP tenant admin portal at https://<your-msp-domain>.idemeum.com/adminportal
  • Access UsersUser management and click Add user
  • Enter the following details to create a technician:
    • First name and Last name
    • Corporate email address
    • Username will be automatically generated. This username will be used to create unique local admin account for each technician on the workstations that they access. You can change this username if you want.
    • Optionally specify personal email address
📪
Your technicians will need to install idemeum mobile application, verify one of the emails you specified in the user record, navigate to your MSP tenant URL, scan the QR-code, and they will be onboarded.

Create a customer tenant that you will manage

idemeum offers Multi-Tenant MSP Portal to manage all your customer tenants from a single dashboard. To create a tenant for your customer:

  • Navigate to your MSP tenant admin portal at https://your-domain.idemeum.com/adminportal
  • Access Customers on the left and click Create customer
  • Enter Name (will be used to create a subdomain for your MSP tenant, for example customer-<your MSP domain>.idemeum.com) and Display name (will be used as a display name / title for your customer tenant)

Once the customer tenant is created, you can navigate to its URL and login with a mobile device. More on how to access customer tenants below.

Overview
idemeum MSP portal centralizes the control and management of multiple organizations from one dashboard. MSP admins can view top-level data for their managed organizations at-a-glance, or can access and directly manage each customer organization.

Delegate technician access to customer tenant

You have two options:

  • You can make every technician an Admin in your MSP tenant and as a result, technicians will have access to all created customers tenants by default.
  • You do not assign an Admin role to a technician, but delegate access to each customer tenant directly.

To assign an Admin role to a technician, please follow these steps.

  • Navigate to your MSP tenant admin portal at https://<your-msp-domain>.idemeum.com/adminportal
  • Access Users
  • Find the user record, click on ... and then choose Make admin

To delegate access to each customer tenant directly, please follow these steps.

Overview
idemeum MSP portal centralizes the control and management of multiple organizations from one dashboard. MSP admins can view top-level data for their managed organizations at-a-glance, or can access and directly manage each customer organization.

Configure customer tenant

Now access the customer tenant you created with a mobile device. You can directly navigate to a customer tenant URL at customer-<your msp domain>.idemeum.com or navigate to your MSP postal, Customers section and click on the link from there. You will need to login with your mobile device.

Enable cloud directory for customer tenant

  • Navigate to your customer tenant admin dashboard and enable cloud directory
  • Access UsersUser source and choose Local
  • Save the configuration

Connect Entra ID tenant

We will now connect customer Entra ID tenant with this customer idemeum tenant. Connection is cloud-to-cloud and is done over oAuth protocol. You will need an admin account for customer Entra ID tenant to authenticate and then authorize idemeum Cloud to access Entra ID APIs. Detailed steps to connect Entra ID cloud tenant are below.

Connect Entra ID tenant
In this post we will see how you can connect Entra ID tenant to your idemeum customer tenant.

Create entitlement rule for Entra ID application

After the Entra ID is connected, make sure you create entitlement rule so that technicians can access the Entra ID application. Instructions are below.

Connect Entra ID tenant
In this post we will see how you can connect Entra ID tenant to your idemeum customer tenant.

Install idemeum browser extension

Idemeum browser extension offers the convenience of automatically filling credentials when accessing Entra ID customer tenants. Technicians can download the extension from the store and install for their browsers.

Download idemeum software
Windows client Download Windows desktop client iOS mobile app Passwordless MFA for iOS Android mobile app Passwordless MFA for Android Safari extension Safari browser extension Chrome extension Chrome and Edge browser extension

Test technician Entra ID access flow

Now you can test the Entra ID access flow. We documented how the technician access flow looks like step by step. Please check the document below.

Entra ID technician login flow
High-level overview of what technicians need to do to request and access Entra ID account for a customer.

Questions?

If you have any questions please join our Discord chat, and we will help.