How idemeum is architected
Logins with MFA
Logins with MFA
Every login is multi-factor, using the combination of biometrics and certificates.
FIDO2 compliant
FIDO2 compliant
Idemeum mobile app implements MFA based on modern FIDO2 standards.
Distributed storage
Distributed storage
Sensitive data, such as break-glass credentials, can be accessed offline on mobile and can be pushed to external systems.
Device recovery
Device recovery
When encryption keys are lost, recovery can be performed using the emergency key, or with approval by other technicians.
Device compliance checks
Device compliance checks
Validate the compliance of devices using Android and iOS built-in security and signing certificates before granting access to idemeum portal.
Multiple encryption layers
Multiple encryption layers
Transmitted data is encrypted multiple times, authenticated by both transport layer security (TLS) and the user-managed transit symmetric and asymmetric cryptography keys.
Hardware backed storage
Hardware backed storage
Mobile crypto keys are stored leveraging Strongbox or iOS security enclave on Android and iOS.
API key encryption
API key encryption
Even when enabling API integrations to perform automated actions on vault data, all encryption is performed with security API key that is not persisted in the cloud.
Data security
Data security
Idemeum is designed with end-to-end encryption (E2EE) principles. What that means is that when the desktop agent is installed, the encryption key is passed and kept on the desktop. All sensitive information is encrypted with that key, before it goes to the idemeum cloud. Idemeum team is not able to see information such as passwords and sensitive credentials. Even if idemeum cloud is compromised, the sensitive information will not be exposed.
Compliance
Idemeum is SOC2 Type 2 certified.