Skip to main content


Quick-start - RFID SSO for domain Windows workstations

In this guide we will set up RFID Single Sign-On for domain-joined Windows workstations. Users can tap the badge, automatically enroll with domain credentials, and then access any workstation without a password.

Sign up for an MSP tenant

First and foremost sign up for idemeum cloud tenant and make sure you orient yourself with the basic set up, such as adding technicians, creating customer tenants for your MSP, setting up branding and more.

We have created a basic guide to introduce you to an MSP tenant.

Quick-start - MSP tenant set up guide
In this guide we will configure your MSP tenant with basic settings - technicians onboarding, user management, branding, customer tenant creation, and more.

From the guide above make sure you at least did the following:

Enable RFID login for customer tenant

We will now enable RFID tap and go login for the customer tenant you created.

  • Access customer tenant admin dashboard
  • Navigate to SettingsDesktop agent and then enable Enable desktop authentication for users
  • For User authentication mode choose RFID tap and go

Connect RFID readers

idemeum supports integration with rf IDEAS readers today. We leverage universal SDK to connect to these readers and obtain card data. Connect the readers to workstations where you will be testing RFID SSO.

You do not need to configure anything for the readers, as users will be automatically onboarded into idemeum local directory.

Install idemeum desktop client

There are various ways to install idemeum desktop agent. For this guide we will use a simple command-line installation with PowerShell.

Command-line installation
This guide demonstrates how you can install idemeum desktop client with a command line script.

Login with RFID badge

Once the client is installed and machine restarts, you will be able to test tap and go.

Onboarding new employees with badges will happen automatically (default setting for your new tenant) - when user taps the new badge, idemeum will prompt user for domain credentials, and once credentials are entered and verified, idemeum will create a user record in the cloud along with RFID badge id.

You can now start testing RFID SSO with the users that you created in the local directory. You can test various flows, including tap in, tap out, tap over, lock/unlock, as well as switch user scenarios. You can learn more about idemeum RFID SSO supported features.


If you have any questions, drop us a note at or send us a message in the Discord chat.