Skip to main content


Quick-start - Endpoint privilege management

Enforce least privilege on endpoints, protect against ransomware and malware, and manage elevation requests without compromising user productivity.

Prepare your MSP tenant

First and foremost sign up for idemeum cloud tenant and make sure you orient yourself with basic set up, such as adding technicians, creating customer tenants for your MSP, setting up branding and more. We have created a basic MSP tenant set up guide.

Quick-start - MSP tenant set up guide
In this guide we will configure your MSP tenant with basic settings - technicians onboarding, user management, branding, customer tenant creation, and more.

Configure your customer tenant

Enable local directory for customer tenant

  • Navigate to Users → User source
  • Choose Local from the dropdown and Save the configuration

Install idemeum desktop application

Choose a workstation where you would like to manage user elevations. We will need to install idemeum desktop agent there. Follow the steps below to install idemeum desktop agent with command line.

Command-line installation
This guide demonstrates how you can install idemeum desktop client with a command line command.

Turn on elevation mode to rules

Follow the steps below to turn on the elevation mode to rules for the desktop where you installed idemeum agent.

Elevation control mode
Idemeum desktop agent supports various elevation control modes - offline, audit, and rules.

Once the mode is turned on to rules for the workstation, idemeum will start intercepting the elevation requests and offering the user the option to request an approval from IT team.

Test elevation requests

  • Login into a workstation as a standard user
  • Launch an application the requires admin privileges
  • You will be presented with a dialog for IT approval
  • Once requested, you will receive a notification to a mobile device
  • You can allow or deny this request with mobile or web portal

More information about the requests.

Elevation requests
Elevation requests come from users when they need to carry out privileged actions. Users can generate requests when there are no rules defined for the action that they are trying to perform.

Create elevation rules

You can create elevation rules of you want to automatically deny or approve certain actions on user endpoints. More about the rules below.

Elevation rules
Elevation rules define what privileged actions are allowed or denied on endpoints. You can create file rules, publisher rules, or certificate rules.

If you have any questions, drop us a note in our Discord chat.