Skip to main content


Quick-start - Passwordless MFA for local Windows workstations

In this guide we will set up idemeum Passwordless MFA for local Windows workstations. Your customers can access workstations with a mobile device instead of passwords. Idemeum can also automatically create local user accounts or take over existing ones.

Prepare your MSP tenant

First and foremost sign up for idemeum cloud tenant and make sure you orient yourself with basic set up, such as adding technicians, creating customer tenants for your MSP, setting up branding and more. We have created a basic MSP tenant set up guide.

Quick-start - MSP tenant set up guide
In this guide we will configure your MSP tenant with basic settings - technicians onboarding, user management, branding, customer tenant creation, and more.

Configure customer tenant

Now we will configure customer tenant for authentication leveraging Passwordless MFA.

  • Access your customer tenant with a mobile device. You can directly navigate to a customer tenant URL at customer-<your msp domain> or navigate to your MSP postal, Customers section and click on the link from there. You will need to login with your mobile device.

Enable cloud directory for customer tenant

  • Navigate to your customer tenant admin dashboard and enable cloud directory
  • Access UsersUser source and choose Local
  • Save the configuration

Enable user authentication with Passwordless MFA

  • Navigate to Settings and then Desktop login
  • Click Enable desktop login for users
  • Then choose Passwordless MFA from the drop down list
  • Click Save

Create your customer users

Now you will create users for your customers so that they can onboard with a mobile device. For example, here I create a new user record for Mike:

  • Provide First name and Last name
  • Enter Company email address / UPN
  • Username field will be automatically populated. You can change it if necessary. Idemeum desktop client will use this username to create a new local account on the workstation, or it will take over the existing one.
  • Idemeum password will be automatically generated. You can change it if necessary. The password will be used for the newly created local account, or in case account take over password will be updated.
  • Optionally enter the Personal email address
To onboard your users simply install idemeum mobile application and verify personal or corporate email address in the mobile device. Then they can scan the QR-code (portal or workstation) and get onboarded. 

Set up desktop client branding

You can configure the look and feel for the desktop client by configuring background, logo, and text for your users. You can follow the guide below.

When you install idemeum desktop application it takes over the login screen. In order for the application to reflect your branding images and logo, idemeum allows you to customize the login screen.

Install idemeum desktop application

Now you can install idemeum desktop application to a customer workstation. Follow the steps below to install idemeum desktop client with command line.

Command-line installation
This guide demonstrates how you can install idemeum desktop client with a command line command.

Test user login

Users can now login to their workstations with idemeum Passwordless MFA. idemeum desktop client will automatically create a local user account or will take over an existing one.


If you have any questions, join our Discord chat and we can help you.