Quick-start - Elevated computer access

Sign up for idemeum MSP tenant

If you have not created your idemeum cloud tenant yet, please follow the steps below to create a trial tenant for your organization.

How to create idemeum trial tenant

Idemeum offers free 14-day trial to test various use cases and features

idemeum documentationNik Pot

Enable cloud directory for your MSP tenant

To manage identities of your MSP technicians we will leverage idemeum local directory. To enable local directory:

• Navigate to https://<your-msp-domain>.idemeum.com/adminportal
• Access Users → User source and choose Local
• Save the configuration

Onboard other MSP technicians

Navigate to your MSP tenant URL and login with a mobile device. You can now create accounts for other technicians, so that they can also be onboarded with mobile devices.

• Navigate to your MSP tenant admin portal at https://<your-msp-domain>.idemeum.com/adminportal
• Access Users → User management and click Add user
• Enter the following details to create a technician:
  • First name and Last name
  • Corporate email address
  • Username will be automatically generated. This username will be used to create unique admin account for each technician on the workstations that they access. You can change this username if you want.
  • Optionally specify personal email address

Create a customer tenant that you will manage

Idemeum offers Multi-Tenant MSP Portal to manage all your customer tenants from a single dashboard. To create a tenant for your customer:

• Navigate to your MSP tenant admin portal at https://your-domain.idemeum.com/adminportal
• Access Customers on the left and click Create customer
• Enter Name (will be used to create a subdomain for your MSP tenant, for example customer-<your MSP domain>.idemeum.com) and Display name (will be used as a display name / title for your customer tenant)

Once the customer tenant is created, click on the name of the customer tenant, and you will be automatically logged in there. More about the MSP portal below.

Overview

idemeum MSP portal centralizes the control and management of multiple organizations from one dashboard. MSP admins can view top-level data for their managed organizations at-a-glance, or can access and directly manage each customer organization.

idemeum documentationNik Pot

Delegate technician access to customer tenant

You have two options:

• You can make every technician an Admin in your MSP tenant and as a result, technicians will have access to all created customer tenants by default.
• You do not assign an Admin role to a technician, but delegate access to each customer tenant directly.

To assign an Admin role to a technician, please follow these steps.

• Navigate to your MSP tenant admin portal at https://<your-msp-domain>.idemeum.com/adminportal
• Access Users
• Find the user record, click on ... and then choose Make admin

To delegate access to each customer tenant directly, please follow these steps.

Overview

idemeum MSP portal centralizes the control and management of multiple organizations from one dashboard. MSP admins can view top-level data for their managed organizations at-a-glance, or can access and directly manage each customer organization.

idemeum documentationNik Pot

Configure customer tenant

Now access the customer tenant you created in the previous step. You can directly navigate to a customer tenant URL at customer-<your msp domain>.idemeum.com or navigate to your MSP postal, Customers section and click on the link from there.

Enable local directory for customer tenant

• Navigate to Users → User source
• Choose Local from the dropdown and Save the configuration

Set up desktop client branding

You can configure the look and feel for the desktop client by configuring background, logo, and text for your users. You can follow the guide below.

Branding

When you install idemeum desktop application it takes over the login screen. In order for the application to reflect your branding images and logo, idemeum allows you to customize the login screen.

idemeum documentationNik Pot

Configure technician login mode

By default technicians will access all customer computers with individual, named, just-in-time accounts. If you want to change default settings, you can check the document below.

Named vs. shared accounts

Idemeum supports technician login into customer workstations with either individual named accounts or shared accounts.

idemeum documentationNik Pot

Install idemeum desktop application

Now you can install idemeum desktop application to a customer workstation. There are various installation methods, but the easiest option is to leverage PowerShell installation.

• Navigate to your customer tenant admin dashboard
• Access Settings -> Desktop installation
• Navigate to PowerShell section and copy the PowerShell command

• On the target workstation open PowerShell as AdministratorYou can now use this command to execute on the target workstation and perform the silent installation

Test technician login

Once the desktop client is installed, it creates a credential provider that will allow technicians to access the workstation with a mobile device. You can simply scan a QR-code as a technician and access customer workstation without passwords. More details on different ways to access customer workstations below.

Technician login methods

Technicians can access customer workstations by scanning a QR-code, triggering a push notification, or using an offline one-time code.

idemeum documentationNik Pot

Offline elevated access

When the computer is offline, or you mobile device is offline, you can access the workstation with a secure offline code.

Offline access to computers

When computers are offline, technicians can use one-time codes to login or elevate.

idemeum documentationNik Pot

Questions?

If you have any questions please join our Discord chat, and we will help.