Supported features
Passwordless Elevated Access is a very flexible product that supports various workstations and use cases. Configuring your platform is very easy from the cloud dashboard.
Feature support matrix
idemeum supports all types of Windows workstations, including domain-joined, Azure AD joined, and local workstations.
| Domain | Local | Azure AD joined | |
|---|---|---|---|
| Login with domain admin account | ✅ | - | - |
| Elevate with domain admin account | ✅ | - | - |
| Rotate domain admin password | - | - | - |
| Login with local admin account | ✅ | ✅ | ✅ |
| Elevate with local admin account | ✅ | ✅ | ✅ |
| Rotate local admin password | ✅ | ✅ | ✅ |
| Oflline login with OTP | ✅ | ✅ | ✅ |
Features overview
Unphishable, FIDO2-based, passwordless MFA
When technicians access customer workstations or elevate in the user session, they do not need to use any passwords or MFA codes. Login becomes as simple as scan the QR-code with a mobile device and approve with biometrics. You can learn more about the security of our mobile app here.
Login at customer site or elevate in the RMM session
idemeum does not disrupt any existing password-based user login flows. And technicians can access customer workstations while physically present at the site, or elevate in the remote RMM session while helping users with privileged actions.
Domain-joined, Azure-joined, and local workstations
idemeum desktop client can be installed on any type of Windows workstation.
Local or domain admin accounts
When the desktop client is installed, you can assign a local or domain admin account to each workstation. You can do this individually or in bulk using admin cloud dashboard. With local admin account you need username and password, whereas when assigning a domain account, you only need to provide the logon name.
Automatic admin credentials rotation
idemeum will automatically rotate admin credentials. The default rotation period is one hour.
Audit logs
In the idemeum admin portal you can see who is accessing your workstations, who is viewing admin passwords, who is changing any cloud settings, and more.
Granular access control
In idemeum cloud dashboard you can control who has access to your customer workstations, as well as who is exposed to admin credentials. You can automatically grant access to any new technician, or control entitlements manually.
Offline login with one-time password
When customer computer is offline, your technicians can still access it with One-Time Password (OTP) that is retrieved from a mobile app or cloud portal, and is uniquely assigned to each workstation.
Silent installation
You can manually install idemeum desktop client, or deploy it is at scale with silent installation leveraging various tools such as MDM, PowerShell, etc.