idemeum is a Passwordless Application Management Platform.
Our goal is to give small and medium businesses a single place to set up and manage employee access to SaaS applications. Instead of deploying a separate tool for Single Sign-On, another product for password management, and yet another platform for passwordless access, we offer one compound product to solve all application management use cases.
We are passionate about eliminating passwords. We do not follow the approach most vendors pursue today – password masking. For most technologies on the market today passwords still exist behind the scenes and are typically masked by some overlay tools.
We rely on decentralized identity and integration with HRMS to eliminate passwords completely, and replace them with mobile biometrics to provide secure yet seamless user experience.
Below you can see the high level platform overview. Let’s now take a look at the platform main components that allow us to transform onboarding, account creation, and application access.
1. Passwordless MFA
Everything starts with digital identity.
The way things work today is that admins have to create credentials for new hires and then distribute these credentials to employees somehow. Typically it is done over email, which is very insecure, or companies use password managers, which introduces friction and need to use yet another tool. Things get more complicated when admins later ask to enroll into MFA for secure multi-factor access.
At idemeum we take a completely different approach. We built a decentralized identity on a mobile device. New hires create digital identity on a mobile device by verifying email address, phone number, and driver’s license. The identity resides on the phone only (no PII in our backend), and it is protected by phone biometrics.
Employees use mobile identity to self-onboard into an organization. Mobile device effectively becomes multi-factor biometric key to access all company resources. Accessing company applications becomes as simple as approving a Face ID scan, and passwords simply do not exist anywhere in the chain.
By having identity decentralized allows us to:
- Completely eliminate passwords
- Remove the need for admin to be involved in the initial set up. It becomes zero-touch employee driven onboarding.
2. HR driven user management
For onboarding / offboarding we rely on the source of truth for employee data for any organization – HR system. The main idea is to verify digital identity presented by mobile device against employee records in the HR system.
When employees self onboard by scanning the QR code and sharing digital identity with organization (email address, phone number, and verified name) we search HR system to identify whether a person is indeed a new hire. If the record is found then employee is onboarded and account provisioning will be kicked off.
By following this approach we do not have to become yet another directory for organization and deal with sync and keeping the data up to date issues.
3. Passwordless Single Sign-On
idemeum offers Single Sign-On (SSO) for SaaS applications – employees can enjoy one-click passwordless access to any SaaS application. No passwords ever exist in the journey! Logging into applications can be performed with mobile phone or local biometric sensors on desktop devices. What is more, idemeum SSO works seamlessly across any device type – mobile or desktop.
To make things simple, idemeum offers deeply pre-configured integrations with detailed step by step instructions, so that even non-technical person can set up SSO.
4. Next-generation Password Manager
If organization is not ready to fully embrace Single Sign-On and update SaaS applications to more expensive plans, employees can leverage idemeum password manager. idemeum offers password auto fill, auto capture, and ability to share account credentials amongst employees.
We became tired of forgetting and constantly typing master password… Therefore we built a password manager that does not need one. Everything is powered by biometrics. idemeum offers desktop, mobile, and browser extension password management capabilities. No matter where you access from – you always login with biometrics.
What makes idemeum unique is that SSO and Password manager coexist on the same platform. There is nothing to integrate – employees simply login to idemeum and they will see password and SSO applications all in one place.
5. Lifecycle management
Once the new hire is onboarded we kick off the provisioning process across SaaS applications. We look up additional information in HR system, such as department or employee role so that we can entitle (grant access) new hires only to specific applications that they need. We can create application accounts either using SCIM protocol, or we have custom connectors for certain applications.
Moreover, idemeum supports group provisioning as well. For instance, when creating an account, idemeum can put the user into certain Slack channel or Atlassian group.
If you have any questions feel free to ping us at email@example.com.