Skip to main content

Quick-Start Guides

🔵 Quick-start - Passwordless MFA for local Windows workstations

In this guide we will set up idemeum Passwordless MFA for local Windows workstations. Your customers can access workstations with a mobile device instead of passwords. Idemeum can also automatically create local user accounts or take over existing ones.

Sign up for idemeum MSP tenant

If you have not created your idemeum cloud tenant yet, please follow the steps below to create a trial tenant for your organization.

How to create idemeum cloud tenant
Create idemeum cloud tenant for your organization so that you can test various idemeum services.

Enable cloud directory for your MSP tenant

To manage identities of your MSP technicians we will leverage idemeum local directory. To enable local directory:

  • Navigate to https://<your-msp-domain>.idemeum.com/adminportal
  • Access UsersUser source and choose Local
  • Save the configuration

Create accounts for your technicians

Now you can add your technicians to your tenant local directory. Once onboarded they will be able to login to your MSP tenant and also customer tenants with a mobile device.

  • Navigate to your MSP tenant admin portal at https://<your-msp-domain>.idemeum.com/adminportal
  • Access UsersUser management and click Add user
  • Enter the email address that the user will verify in the mobile application to be onboarded into your tenant, and save the user record
📪
Your technicians will need to install idemeum mobile application, verify one of the emails you specified in the user record, navigate to your MSP tenant URL, scan the QR-code, and they will be onboarded.

Create a customer tenant that you will manage

idemeum offers Multi-Tenant MSP Portal to manage all your customer tenants from a single dashboard. To create a tenant for your customer:

  • Navigate to your MSP tenant admin portal at https://your-domain.idemeum.com/adminportal
  • Access Customers on the left and click Create customer
  • Enter Name (will be used to create a subdomain for your MSP tenant, for example customer-<your MSP domain>.idemeum.com) and Display name (will be used as a display name / title for your customer tenant)

Once the customer tenant is created, you can navigate to its URL and login with a mobile device. More on how to access customer tenants below.

Overview
idemeum MSP portal centralizes the control and management of multiple organizations from one dashboard. MSP admins can view top-level data for their managed organizations at-a-glance, or can access and directly manage each customer organization.

Delegate technician access to customer tenant

You have two options:

  1. You can make every technician an Admin in your MSP tenant and as a result, technicians will have access to all created customers tenants by default.
  2. You do not assign an Admin role to a technician, but delegate access to each customer tenant directly.

To assign an Admin role to a technician, please follow these steps.

  • Navigate to your MSP tenant admin portal at https://<your-msp-domain>.idemeum.com/adminportal
  • Access Users
  • Find the user record, click on ... and then choose Make admin

To delegate access to each customer tenant directly, please follow these steps.

Overview
idemeum MSP portal centralizes the control and management of multiple organizations from one dashboard. MSP admins can view top-level data for their managed organizations at-a-glance, or can access and directly manage each customer organization.

Configure customer tenant

Now we will configure customer tenant for authentication leveraging Passwordless MFA.

  • Access your customer tenant with a mobile device. You can directly navigate to a customer tenant URL at customer-<your msp domain>.idemeum.com or navigate to your MSP postal, Customers section and click on the link from there. You will need to login with your mobile device.

Enable cloud directory for customer tenant

  • Navigate to your customer tenant admin dashboard and enable cloud directory
  • Access UsersUser source and choose Local
  • Save the configuration

Enable user authentication with Passwordless MFA

  • Navigate to Settings and then Desktop login
  • Click Enable desktop login for users
  • Then choose Passwordless MFA from the drop down list
  • Click Save

Create your customer users

Now you will create users for your customers so that they can onboard with a mobile device. For example, here I create a new user record for Mike:

  • Provide First name and Last name
  • Enter Company email address / UPN
  • Username field will be automatically populated. You can change it if necessary. Idemeum desktop client will use this username to create a new local account on the workstation, or it will take over the existing one.
  • Idemeum password will be automatically generated. You can change it if necessary. The password will be used for the newly created local account, or in case account take over password will be updated.
  • Optionally enter the Personal email address
📱
To onboard your users simply install idemeum mobile application and verify personal or corporate email address in the mobile device. Then they can scan the QR-code (portal or workstation) and get onboarded. 

Set up desktop client branding

You can configure the look and feel for the desktop client by configuring background, logo, and text for your users. You can follow the guide below.

Branding
When you install idemeum desktop application it takes over the login screen. In order for the application to reflect your branding images and logo, idemeum allows you to customize the login screen.

Install idemeum desktop application

Now you can install idemeum desktop application to a customer workstation. There are various installation methods, but the easiest option is to leverage PowerShell installation.

  • Navigate to your customer tenant admin dashboard
  • Access Settings -> Desktop installation
  • Navigate to PowerShell section and copy the PowerShell command
  • You can now use this command to execute on the target workstation and perform the silent installation

Test user login

Users can now login to their workstations with idemeum Passwordless MFA. idemeum desktop client will automatically create a local user account or will take over an existing one.


Passwordless elevated access for technicians

Your MSP technicians can access customer workstations with a mobile device also. There are no passwords needed, and there is really nothing for you to set up. As long as a technician is onboarded into MSP tenant, she can access any customer workstation with a mobile device.

More about passwordless elevated access below.

Overview
Eliminate admin credentials, MFA codes and mobile pushes - access any customer workstation with biometrics.

Questions?

If you have any questions, join our Discord chat and we can help you.