Windows Desktop MFA - domain joined machines

Pre-requisites

Windows Desktop MFA - AD CS configuration

Active Directory Certificate Services (AD CS) leveraged to perform Certificate Logon, i.e., Smart Card Logon post completing MFA via Idemeum app for Windows Desktop Login. The configuration required at the Domain Controller (DC) is divided into three steps to use a Passwordless MFA logon. 1. Conf…

idemeum integrationsidemeum team

Install idemeum desktop app

• Navigate to https://[your domain].idemeum.com/userportal
• Click Accounts → Add desktop app

• Click Download idemeum for Windows to download the latest desktop installer

• Run the downloaded installer on your Windows machine
• If there are any requests to install dependencies, please do so
• Click Next

• Choose the installation location and then click Next

• Click Install

• Installation is now complete. Click Finish to start pairing your idemeum mobile application with this Windows machine.

Pair idemeum mobile application

• Enter your company idemeum URL (for example coke.idemeum.com) and then click Next

• Choose Authenticator and then click Next: Two modes are supported for users to log in to the Desktop.

   Scan with idemeum App: Users use idemeum mobile app to scan the QR code to log in to the Desktop

  Go with Proximity Card: Users use a proximity card to log in to the Desktop. You need a card reader attached to the Desktop.

• Open your idemeum mobile application, click Login at the bottom menu, scan the QR code displayed on the screen.

• Approve pairing with biometrics. Once pairing is approved, click Finish

• One pairing is complete, the new application with your computer name will be added to your application catalog on desktop as well as mobile.

How to share your desktop

For domain joined computers you can share your laptop / desktop with other employees.

• Navigate to your idemeum application catalog
• Click Accounts
• Search for the computer name that you want to share
• Click on ... and choose Share application

• Choose the email address of a person you would like to share your computer with. Once sharing is done, the other person will be able to login to your computer with Passwordless MFA.

Online login with QR-code

When your computer is connected to Internet you can simply login to your machine by scanning an idemeum QR-code with idemeum mobile app.

• Access your computer. You will be presented with a QR-code.

• Open idemeum mobile app, click Login and scan idemeum QR-code. Approve login with biometrics.
• Now you're logged into your computer.

Offline login with one-time code

When your computer is offline and not connect to Internet, we provide a convenient way to login with secure one-time code.

• Access your computer, and since you are offline you will be presented with username and one-time code screen\

• Open idemeum mobile application and in the list of applications find the computer that you want to log into
• Click on ... and you will be presented with one-time code that you can use to login into Windows desktop
• Enter your username and one-time code into windows login screen to access your computer

Online login with Proximity card

When your computer is connected to the Internet, you can log in to your machine by tapping in proximity card onto the reader.

• Access your computer. You will be asked to tap the proximity card on the reader.
• Tap in the card on the reader
• Now you're logged into your computer.