Skip to main content

Cloud Directory

Quick-start for MSP - Cloud Directory for Windows Authentication

Set up idemeum Cloud Directory so that your users can login into Windows with idemeum cloud account. Local accounts will be created automatically, and passwords will be synchronized with idemeum.

1. Sign up for idemeum MSP tenant

If you have not created your idemeum cloud tenant yet, please follow the steps below to create a trial tenant for your organization.

How to create idemeum cloud tenant
Create idemeum cloud tenant for your organization so that you can test various idemeum services.

2. Enable Cloud Directory for your MSP tenant

To manage identities of your MSP technicians we will leverage idemeum local directory. To enable local directory:

  • Navigate to https://<your-msp-domain>
  • Access UsersUser source and choose Local
  • Save the configuration

3. Create accounts for your technicians

Now you can add your technicians to your tenant local directory. Once onboarded they will be able to login to your MSP tenant and also customer tenants with a mobile device.

  • Navigate to your MSP tenant admin portal at https://<your-msp-domain>
  • Access UsersUser management and click Add user
  • Enter the email address that the user will verify in the mobile application to be onboarded into your tenant, and save the user record
Your technicians will need to install idemeum mobile application, verify one of the emails you specified in the user record, navigate to your MSP tenant URL, scan the QR-code, and they will be onboarded.
  • Now your technicians can access your idemeum portal at, scan the QR-code with their mobile device and get onboarded

4. Create a customer tenant that you will manage

idemeum offers Multi-Tenant MSP Portal to manage all your customer tenants from a single dashboard. To create a tenant for your customer:

  • Navigate to your MSP tenant admin portal at
  • Access Customers on the left and click Create customer
  • Enter Name (will be used to create a subdomain for your MSP tenant, for example cusrtomer-<your MSP domain> and Display name (will be used as a display name / title for your customer tenant)

5. Delegate technician access to customer tenant

You have two options:

  1. You can make every technician an Admin in your MSP tenant and as a result, technicians will have access to all created customers tenants by default.
  2. You do not assign an Admin role to a technician, but delegate access to each customer tenant directly.

To assign an Admin role to a technician, please follow these steps.

  • Navigate to your MSP tenant admin portal at https://<your-msp-domain>
  • Access Users
  • Find the user record, click on ... and then choose Make admin

To delegate access to each customer tenant directly, please follow these steps.

idemeum MSP portal centralizes the control and management of multiple organizations from one dashboard. MSP admins can view top-level data for their managed organizations at-a-glance, or can access and directly manage each customer organization.

6. Configure customer tenant

Now we will configure customer tenant for username / password authentication leveraging idemeum Cloud Directory.

  • Access your customer tenant with a mobile device. You can directly naviagate to a customer tenant URL at customer-<your msp domain> or navigate to your MSP postal, Customers section and click on the link from there. You will need to login with your mobile device.

Enable cloud directory for customer tenant

  • Navigate to your customer tenant admin dashboard and enabel cloud directory
  • Access UsersUser source and choose Local
  • Save the configuration

Enable master key for the customer tenant

Master key is the secret key for each customer tenant that encrypts all sensitive information, such as passwords. Therefore idemeum team can not see any of your or your customer information in our cloud.

  • Navigate to Settings and then Desktop login
  • Enable Master key with a toggle

Enable user authentication with username password

Your customer users can access workstations and applications with username password or mobile Passwordless MFA. In this case we will enable username password authentication.

  • Navigate to Settings and then Desktop login
  • Click Enable desktop login for users
  • Then choose Username / password from the drop down list
  • Click Save

Create your customer users

Now you can create users for your customers and assign passwords for them. For example, here I create a new user record for Billy:

  • Provide First name and Last name
  • Specify the username for Billy. This username will be used to create a new local account on the workstation, or takeover the existing account if the account with the same username exists. For account take over the password will be updated to the password you specify in the cloud directory.
  • Enter company email address / UPN
  • Enter the password for the user
  • Optionally enter the personal email address
Later you enable Passwordless MFA for your customer users with a click of a button. Users will need to install a mobile application, verify company or peronal email address in the mobile application, and they will be able to start scanning a QR-code for login. 

Set up desktop client branding

You can configure the look and feel for the desktop client by configuring background, logo, and text for your users. You can follow the guide below.

When you install idemeum desktop application it takes over the login screen. In order for the application to reflect your branding images and logo, idemeum allows you to customize the login screen.

7. Install idemeum desktop application

Now you can install idemeum desktop application to a customer workstation. There are various installation methods. For instance, you can install idemeum desktop client manually.

8. Test user login

Users can now login to their workstations with idemeum credentials and username that you specified in the cloud directory. idemeum desktop client will automatically create a local user account or will take over an existing one.

9. Passwordless elevated access for technicians

There is a separate quick-start guide for Passwordless Elevated Access. Your technicians can access any customer workstation with a mobile device. No credentials needed.

All you need to do is to assign an account to each workstation in the cloud portal.

  • Navigate to your customer tenant at customer-<msp domain>
  • Click on Accounts at the top, then choose ... and choose Configure shared account
  • Now assign a local admin account that will be used for technicians to access customer workstation or elevate in the remote session. If the account does not exist, idemeum desktop client will automatically create it.
  • Now for any customer workstation your technicians can click Elevated access and login to a workstation by scanning a QR-code with a mobile device.


If you have any questions, join our Discord chat.