Skip to main content

RFID Single Sign-On

RFID user onboarding

Before users can access any resources with an RFID badge, they need to be onboarded. Onboarding in the process of verifying badge id with local or external directory and mapping a badge id to a corporate email address.

Overview

For RFID Single Sign-On there are three types of user onboarding:

  1. Manual - create a user in idemeum cloud directory and assign a badge id to the user.
  2. Password-based - user taps the badge, gets prompted to enter domain-credentials, and upon successful verification user is onboarded.
  3. External source - look up badge id to onboard users in external user directory, such as Google Workspace or Microsoft Entra ID.

Manual onboarding

For manual onboarding create a user in idemeum local directory and associate a badge id with that user record. When employee taps the badge to access the workstation, badge number is verified and employee is onboarded.

Make sure the email address you associate with the user record in idemeum cloud directory matches the UPN / corporate email address for your employee.
  • Navigate to your idemeum admin portal and access Users → User management
  • Create a user record specifying corporate email address and badge id in the decimal format

Now when the user taps the badge, idemeum desktop client will perform a look up in the cloud, and if the badge id matches, user will be allowed to login into workstation and applications.

Password-based onboarding

With this onboarding type you do not need to create any user records, as RFID onboarding is done with user domain credentials. Employee taps the badge, idemeum authenticates the employee with the domain password, and upon success user is onboarded and badge ID is associated with the user record.

💡
This onboarding type works for domain-joined Windows workstations, or can also work for local workstation when local workstation has domain line of sight, meaning domain is reachable from local workstation.
  • Navigate to your idemeum admin portal
  • Access Settings → Desktop login
  • Enabled Password-based onboarding

External source onboarding

For this type of onboarding idemeum can connect to external user source, such as Google Workspace or Microsoft Entra ID to verify badge ID and onboard user. When employee taps the badge, idemeum connects to external user source, looks up the employee record by the badge id, verifies badge id, extracts corporate email address / UPN and creates a user record in idemeum.

  • Navigate to your idemeum admin portal
  • Access UsersUser source
  • Choose external user source (Google or Azure AD)
  • In the advanced settings, Proximity card onboarding attribute specify the attribute that idemeum will use for badge id look up
  • Save the configuration