Remote Desktop (RDP) with JIT accounts

Technicians can RDP from one domain-joined customer workstation to another using domain JIT accounts.

Overview

When idemeum desktop agent is installed on domain-joined workstations, technicians can RDP from one machine to the other without the need to use any passwords - simply scan the QR-code and approve with biometrics. Just-in-time accounts will be used behind the scenes, accounts will be enabled / disabled on-demand, and passwords will be rotated after each login.

Prerequisites

Supported on domain-joined workstations only
Desktop agent installed on source and target machine
Domain accounts login enabled for the customer tenant
Domain controller is reachable from the RDP source workstation

💡

If you want to use this internally as an MSP (for your own workstations and servers), please create a customer tenant for yourself (i.e. internal-msp.idemeum.com) and install desktop agent on all your workstations. Then you will be able to RDP from any domain-joined workstation with JIT accounts.

How to RDP with JIT account

Login to source domain-joined workstation
- You can login with JIT account using idemeum credential provider, or you can login with any other account / authentication method
Open Windows Remote Desktop Client and connect to the target domain-joined machine
You will then be prompted to authenticate
Click More options and then select idemeum credential provider to scan the QR-code

You can enlarge the QR-code so that it is easier to scan by clicking on Click here to expand QR code

Scan the QR-code with idemeum mobile application and approve with biometrics

You will be logged in to the target workstation

Quick-start guides

Core features

Desktop agent

JIT Computer Access

JIT Entra ID Access

Cloud LAPS

Endpoint Privilege Management

Multi-tenant MSP portal

RFID Single Sign-On

Security

Support

Knowledgebase

Legal