Windows Desktop MFA - domain joined machines
Pre-requisites
1. Desktop MFA is supported on Windows machines where TPM is enabled. Please click here to enable TPM on your PC. By default, Windows 11 will have TPM enabled, whereas not all Windows 10 PC will have TPM enabled by default, and if the PC has TPM present and disabled, it can be enabled via BIOS setup. Refer to the same link as before to learn more about how to verify whether TPM is present in the system.
2. Before installing idemeum desktop client on domain-joined machines, please ensure you perform a one-time configuration to set up Active Directory Certificate Services.
Please follow the guide below to configure certificate services.
2. Before installing idemeum desktop client on domain-joined machines, please ensure you perform a one-time configuration to set up Active Directory Certificate Services.
Please follow the guide below to configure certificate services.
Windows Desktop MFA - AD CS configuration
Active Directory Certificate Services (AD CS) leveraged to perform Certificate Logon, i.e., Smart Card Logon post completing MFA via Idemeum app for Windows Desktop Login. The configuration required at the Domain Controller (DC) is divided into three steps to use a Passwordless MFA logon. 1. Conf…
Install idemeum desktop app
- Navigate to
https://[your domain].idemeum.com/userportal - Click
Accounts→Add desktop app
- Click
Download idemeum for Windowsto download the latest desktop installer
- Run the downloaded installer on your Windows machine
- If there are any requests to install dependencies, please do so
- Click
Next
- Choose the installation location and then click
Next
- Click
Install
- Installation is now complete. Click
Finishto start pairing your idemeum mobile application with this Windows machine.
Pair idemeum mobile application
- Enter your company idemeum URL (for example
coke.idemeum.com) and then clickNext
- Choose Authenticator and then click
Next: Two modes are supported for users to log in to the Desktop.
Scan with idemeum App: Users use idemeum mobile app to scan the QR code to log in to the Desktop
Go with Proximity Card: Users use a proximity card to log in to the Desktop. You need a card reader attached to the Desktop.
- Open your idemeum mobile application, click
Loginat the bottom menu, scan the QR code displayed on the screen.
- Approve pairing with biometrics. Once pairing is approved, click
Finish
- One pairing is complete, the new application with your computer name will be added to your application catalog on desktop as well as mobile.
How to share your desktop
For domain joined computers you can share your laptop / desktop with other employees.
- Navigate to your idemeum application catalog
- Click
Accounts - Search for the computer name that you want to share
- Click on
...and chooseShare application
- Choose the email address of a person you would like to share your computer with. Once sharing is done, the other person will be able to login to your computer with Passwordless MFA.
Online login with QR-code
When your computer is connected to Internet you can simply login to your machine by scanning an idemeum QR-code with idemeum mobile app.
- Access your computer. You will be presented with a QR-code.
- Open idemeum mobile app, click
Loginand scan idemeum QR-code. Approve login with biometrics. - Now you're logged into your computer.
Offline login with one-time code
When your computer is offline and not connect to Internet, we provide a convenient way to login with secure one-time code.
- Access your computer, and since you are offline you will be presented with username and one-time code screen\
- Open idemeum mobile application and in the list of applications find the computer that you want to log into
- Click on
...and you will be presented with one-time code that you can use to login into Windows desktop - Enter your
usernameandone-time codeinto windows login screen to access your computer
Online login with Proximity card
When your computer is connected to the Internet, you can log in to your machine by tapping in proximity card onto the reader.
- Access your computer. You will be asked to tap the proximity card on the reader.
- Tap in the card on the reader
- Now you're logged into your computer.