Skip to main content

Privileged Access Management

Supported features

Passwordless Elevated Access is a very flexible product that supports various workstations and use cases. Configuring your platform is very easy from the cloud dashboard.

Feature support matrix

idemeum supports all types of Windows workstations, including domain-joined, Azure AD joined, and local workstations.

Domain Local Azure AD joined
Login with domain admin account - -
Elevate with domain admin account - -
Rotate domain admin password - - -
Login with local admin account
Elevate with local admin account
Rotate local admin password
Oflline login with OTP

Features overview

Unphishable, FIDO2-based, passwordless MFA

When technicians access customer workstations or elevate in the user session, they do not need to use any passwords or MFA codes. Login becomes as simple as scan the QR-code with a mobile device and approve with biometrics. You can learn more about the security of our mobile app here.

Login at customer site or elevate in the RMM session

idemeum does not disrupt any existing password-based user login flows. And technicians can access customer workstations while physically present at the site, or elevate in the remote RMM session while helping users with privileged actions.

Domain-joined, Azure-joined, and local workstations

idemeum desktop client can be installed on any type of Windows workstation.

Local or domain admin accounts

When the desktop client is installed, you can assign a local or domain admin account to each workstation. You can do this individually or in bulk using admin cloud dashboard. With local admin account you need username and password, whereas when assigning a domain account, you only need to provide the logon name.

Automatic admin credentials rotation

idemeum will automatically rotate admin credentials. The default rotation period is one hour.

Audit logs

In the idemeum admin portal you can see who is accessing your workstations, who is viewing admin passwords, who is changing any cloud settings, and more.

Granular access control

In idemeum cloud dashboard you can control who has access to your customer workstations, as well as who is exposed to admin credentials. You can automatically grant access to any new technician, or control entitlements manually.

Offline login with one-time password

When customer computer is offline, your technicians can still access it with One-Time Password (OTP) that is retrieved from a mobile app or cloud portal, and is uniquely assigned to each workstation.

Silent installation

You can manually install idemeum desktop client, or deploy it is at scale with silent installation leveraging various tools such as MDM, PowerShell, etc.