Idemeum is a SaaS platform that offers a single place to manage access to applications and infrastructure. We let businesses eliminate passwords for everything employees access: devices, applications, servers, and networks. Our cloud platform eliminates VPNs and allows access to applications and infrastructure from anywhere with a single click.
In industry terms, we combine Privileged Access Management (PAM), Identity and Access Management (IAM), and passwordless technologies.
In simpler terms: you install our mobile application, navigate to your SaaS idemeum tenant, scan a QR-code, and login with biometrics. Once you are in, you can access anything with a single click - SAML Single Sign-On apps, hosted on-premises apps, password apps, SSH servers, and more. There’s a quick overview here: https://www.youtube.com/watch?v=-3StOlDjMrQ
We spent more than a decade in identity access management and threat detection at VMware, Facebook, and Cisco, building platforms to manage user access. That experience left us excited about two things: (1) kill passwords; (2) make things simple.
We started our company with the mission to eliminate passwords in the workplace. That’s important—80% of breaches involve passwords—but our vision gradually evolved into an all-in-one platform to manage employee access.
First we built Passwordless MFA, a mobile app that replaces passwords with biometrics and certificates. You can login into any company resource - SSO portal, Windows or Mac desktop, Wi-Fi, VPN - with a simple Face ID scan. But behind the scenes we use a lot of technology to make our MFA unphishable and secure (FIDO2, hardware-backed crypto, device attestation, and more).
Second, we added a full-featured Single Sign-On Identity Provider. It is a web and mobile portal to centralize access to all apps and infrastructure. Unlike other Identity Providers that focus only on SAML SaaS applications, we added all resources to the same portal, so you can access apps, servers, databases and more from the same place. Today we support hundreds of SAML integrations, offer account provisioning, RBAC, auditing, group management and more.
Next, we added a password vault. Companies asked us to add a password management capability to safely store credentials, share amongst employees, and autofill on websites. But unlike other password managers, we do not use a master password. Instead you login into your vault (on desktop or mobile) with mobile biometrics such as Face ID. The vault is end to end encrypted, and your passwords can not be seen in our cloud.
Last but not least, we realized that SSO for cloud applications is solving only part of the problem, as engineers need to access hosted apps and compute infrastructure. As a result we added a cloud proxy to our platform to offer remote access to on-premises applications and SSH servers. Not only do we provide connectivity, but also handle authentication, authorization and auditing for infrastructure access. For example, we replace SSH passwords and keys with short-lived certificates. We will release RDP access shortly, and will then start adding database access to our platform.
Security is critical for us - we have been prioritizing security from day one. We are open with how our system is architected, and published all designs on our docs portal (https://docs.idemeum.com/mobile-app-security.html). We also conducted our first penetration test with Cure53 to validate our designs, crypto, and security principles. We are also SOC2 compliant.
We offer a free plan and would love your feedback if you give us a try: https://idemeum.com/try.
We would be very grateful to hear your feedback, ideas, and experiences from the identity and access management domain. Thank you!
by Andrey
Azimov