Skip to main content

Security

Security overview

Security is at the heart of what we do—helping our customers securely manage access to any organization asset.

Overview

Every design decision in idemeum begins with foundational security of your data. Idemeum security goes beyond end-to-end (E2EE) encryption. We've taken additional steps to limit your data exposure to security threats.

  1. Logins with MFA - every login is multi-factor, using the combination of biometrics and certificates.
  2. FIDO2 compliant MFA - Idemeum mobile app implements MFA based on modern FIDO2 standards.
  3. Distributed storage - sensitive data, such as break-glass credentials, can be accessed offline on mobile and can be pushed to external systems.
  4. Device recovery - when encryption keys are lost, recovery can be performed using the emergency key, or with approval by other technicians.
  5. Device compliance checks - validate the compliance of devices using Android and iOS built-in security and signing certificates before granting access to idemeum portal.
  6. Multiple encryption layers - transmitted data is encrypted multiple times, authenticated by both transport layer security (TLS) and the user-managed transit symmetric and asymmetric cryptography keys.
  7. Hardware backed storage - mobile crypto keys are stored leveraging Strongbox or iOS security enclave on Android and iOS.
  8. API key encryption - even when enabling API integrations to perform automated actions on vault data, all encryption is performed with security API key that is not persisted in the cloud.

Data security - E2EE

Idemeum is designed with end-to-end encryption (E2EE) principles. What that means is that when the desktop agent is installed, the encryption key is passed and kept on the desktop. All sensitive information is encrypted with that key, before it goes to the idemeum cloud. Idemeum team is not able to see information such as passwords and sensitive credentials. Even if idemeum cloud is compromised, the sensitive information will not be exposed.

Master key
Desktop agent encrypts sensitive information locally before sending to idemeum cloud.
idemeum docsNik Pot

Compliance

Compliance Status
SOC2 Type 1 May 2022
SOC2 Type 2 March 2025

Whitepaper

For detailed information of how idemeum us designed, all encryption flows, as well as architecture review of various components please use the link below.

Security whitepaper
How idemeum zero-knowledge security works.
idemeum docsNik Pot

Questions

For any security-related questions, feel free to contact us.

Idemeum support
Contact idemeum support by sending us an email, opening a ticket manually, or joining our discord channel.
idemeum docsNik Pot