| Operating systems |
Windows, macOS |
| Multi-tenant portal |
Manage multiple organizations / customers from a single MSP portal, where you can cretae customers, install agents, and apply elevation rules. |
| Elevation events |
Desktop agent captures all privileged action events, including application installs, settings modification, and protected menus. All events and metadata are captured and displayed in the cloud admin portal. |
| Elevation control modes |
Desktop agent can operate in various modes - offline (no events captured and no rules applied), audit (all events captured but rules are not enforced), and rules (all events captured and rules are applied). |
| Elevation requests |
When the elevation event is captured, and there is no rule to be applied, user is given an option to request privilege action approval from the IT team. All requests are captured in the cloud along with associated metadata. |
| Mobile and web approvals |
When the request from the user is received, technicians can review the metadata and approve or deny the request from the web portal or from idemeum mobile application. |
| Rule engine |
Technicians can create allow or deny rules for user elevation events. Idemeum allows to create file, publisher, or certificate attributes rules. |
| Auto rule creation |
Idemeum portal provides convenient UI to create rules automatically from captured elevation events. |
| Audit events |
Admin portal captures all events related to how you manage your User Elevation Control deployment. |
| Auto approval for MSP users |
When MSP techs are logged in with JIT accounts or LAPS accounts, idemeum will automatically approve any privileged action bypassing the enforced rules. |