Skip to main content

RFID Single Sign-On

Quick-start - RFID SSO 🚀

In 30 minutes we will set up paswordless login into domain-joined Windows workstation with an RFID badge.

1. Sign up for idemeum tenant

In this step we will create your own idemeum tenant in the form

  • Download idemeum mobile application from App Store or Play Store
  • Set up idemeum application and verify your business email address. We will use your business domain name to create a cloud portal for you in the form
  • Navigate to, choose Plus license, and click Try idemeum. No open your idemeum mobile application, click Login at the bottom menu, and scan idemeum QR-code with your idemeum application.
  • You can now access your tenant at with your mobile device

2. Set up local user directory

The easiest way to manage your passwordless users is with idemeum local directory. To enable local directory:

  • Navigate to
  • Access UsersUser source and choose Local
  • Save the configuration

Onboarding new employees with badges will happen automatically (default setting for your new tenant) - when user taps the new badge, idemeum will prompt user for domain credentials, and once credentials are entered and verified, idemeum will create a user record in the cloud along with RFID badge id. You can learn more about onboarding.

3. Set up Active Directory Certificate Services (ADCS)

In this guide we are setting up RFID SSO for domain-joined Windows computers.

When users tap the badge to login into domain-joined Workstation, idemeum desktop application generates a virtual smart card to log the user into workstation. For this to work we need to leverage Active Directory Certificate Services (ADCS) and set Certificate Template so that idemeum virtual smart cards can be trusted.

This step will take 10-15 minutes, and we provided step-by-step instructions in our integrations portal.

4. Connect RFID readers

idemeum supports integration with rf IDEAS readers today. We leverage universal SDK to connect to these readers and obtain card data.

You do not need to configure anything for the readers, as users will be automatically onboarded into idemeum local directory.

5. Install idemeum desktop client

idemeum desktop client is what handles passwordless login with RFID badges. Desktop client can be deployed silently to a fleet of Windows workstations, or can be installed manually with UI.

Follow the steps here to perform manual installation.

6. Login with RFID badge

You can now start testing RFID SSO with the users that you created in the local directory. You can test various flows, including tap in, tap out, tap over, lock/unlock, as well as switch user scenarios. You can learn more about idemeum RFID SSO supported features.