Quick-start for MSP - Cloud Directory for Windows Authentication
Set up idemeum Cloud Directory so that your users can login into Windows with idemeum cloud account. Local accounts will be created automatically, and passwords will be synchronized with idemeum.

1. Sign up for idemeum MSP tenant
If you have not created your idemeum cloud tenant yet, please follow the steps below to create a trial tenant for your organization.

2. Enable Cloud Directory for your MSP tenant
To manage identities of your MSP technicians we will leverage idemeum local directory. To enable local directory:
- Navigate to
https://<your-msp-domain>.idemeum.com/adminportal
- Access
Users
→User source
and chooseLocal
Save
the configuration

3. Create accounts for your technicians
Now you can add your technicians to your tenant local directory. Once onboarded they will be able to login to your MSP tenant and also customer tenants with a mobile device.
- Navigate to your MSP tenant admin portal at
https://<your-msp-domain>.idemeum.com/adminportal
- Access
Users
→User management
and clickAdd user
- Enter the email address that the user will verify in the mobile application to be onboarded into your tenant, and save the user record

- Now your technicians can access your idemeum portal at
https://your-domain.idemeum.com
, scan the QR-code with their mobile device and get onboarded
4. Create a customer tenant that you will manage
idemeum offers Multi-Tenant MSP Portal to manage all your customer tenants from a single dashboard. To create a tenant for your customer:
- Navigate to your MSP tenant admin portal at
https://your-domain.idemeum.com/adminportal
- Access
Customers
on the left and clickCreate customer
- Enter
Name
(will be used to create a subdomain for your MSP tenant, for examplecusrtomer-<your MSP domain>.idemeum.com
) andDisplay name
(will be used as a display name / title for your customer tenant)

5. Delegate technician access to customer tenant
You have two options:
- You can make every technician an
Admin
in your MSP tenant and as a result, technicians will have access to all created customers tenants by default. - You do not assign an
Admin
role to a technician, but delegate access to each customer tenant directly.
To assign an Admin
role to a technician, please follow these steps.
- Navigate to your MSP tenant admin portal at
https://<your-msp-domain>.idemeum.com/adminportal
- Access
Users
- Find the user record, click on
...
and then chooseMake admin

To delegate access to each customer tenant directly, please follow these steps.
6. Configure customer tenant
Now we will configure customer tenant for username / password authentication leveraging idemeum Cloud Directory.
- Access your customer tenant with a mobile device. You can directly naviagate to a customer tenant URL at
customer-<your msp domain>.idemeum.com
or navigate to your MSP postal,Customers
section and click on the link from there. You will need to login with your mobile device.
Enable cloud directory for customer tenant
- Navigate to your customer tenant admin dashboard and enabel cloud directory
- Access
Users
→User source
and chooseLocal
Save
the configuration

Enable master key for the customer tenant
Master key is the secret key for each customer tenant that encrypts all sensitive information, such as passwords. Therefore idemeum team can not see any of your or your customer information in our cloud.
- Navigate to
Settings
and thenDesktop login
- Enable
Master key
with a toggle

Enable user authentication with username password
Your customer users can access workstations and applications with username password or mobile Passwordless MFA. In this case we will enable username password authentication.
- Navigate to
Settings
and thenDesktop login
- Click
Enable desktop login for users
- Then choose
Username / password
from the drop down list - Click
Save

Create your customer users
Now you can create users for your customers and assign passwords for them. For example, here I create a new user record for Billy:
- Provide
First name
andLast name
- Specify the
username
for Billy. This username will be used to create a new local account on the workstation, or takeover the existing account if the account with the same username exists. For account take over the password will be updated to the password you specify in the cloud directory. - Enter company email address / UPN
- Enter the password for the user
- Optionally enter the personal email address

Set up desktop client branding
You can configure the look and feel for the desktop client by configuring background, logo, and text for your users. You can follow the guide below.

7. Install idemeum desktop application
Now you can install idemeum desktop application to a customer workstation. There are various installation methods. For instance, you can install idemeum desktop client manually.
8. Test user login
Users can now login to their workstations with idemeum credentials and username
that you specified in the cloud directory. idemeum desktop client will automatically create a local user account or will take over an existing one.

9. Passwordless elevated access for technicians
There is a separate quick-start guide for Passwordless Elevated Access. Your technicians can access any customer workstation with a mobile device. No credentials needed.
All you need to do is to assign an account to each workstation in the cloud portal.
- Navigate to your customer tenant at
customer-<msp domain>.idemeum.com
- Click on
Accounts
at the top, then choose...
and chooseConfigure shared account

- Now assign a local admin account that will be used for technicians to access customer workstation or elevate in the remote session. If the account does not exist, idemeum desktop client will automatically create it.

- Now for any customer workstation your technicians can click
Elevated access
and login to a workstation by scanning a QR-code with a mobile device.
Questions?
If you have any questions, join our Discord chat.