Frequently Asked Questions

Find answers and help with IDEE's products and services.

Basics

Can I use AuthN to login to a desktop app?

Read More

Yes, AuthN allows the user to authenticate both to a website or an app.

Are multiple accounts supported via Web-AuthN?

Read More

Yes.

Can I use AuthN with multiple accounts on the same device?

Read More

With Web-AuthN, multiple accounts can be setup on a single device.

Are multiple user devices supported?

Read More

Yes.

What happens to the user's IDEE account when the user's account from our IAM system is deleted because of termination ?

Read More

Once the user is deleted on your IAM system, the user can no longer access any of your systems. Our clients can automatically delete that account on IDEE by leveraging SCIM.

Where can a user see a list of all her authenticators (devices)?

Read More

The AuthN app has a list of all the authenticators. In addition, the self-service portal also has a list of all the authenticators.

What if a user loses their phone?

Read More

No Problem. We offer secure recovery mechanisms to restore access on a new device and let the user immediately delete lost devices.

Does the user have to use biometrics to use your solution?

Read More

We support any unlock option supported by the device. For example, we support fingerprint, facial recognition, pattern, and PIN for Windows PCs, Android, and iOS. For Mac we support TouchID.

Can a user login when her phone is offline?

Read More

No problem.  We offer offline login if the user wants to use her phone and WebAuthN if she wants to login phone-free.

‚Äć

how long does it take to integrate with M365?

Read More

It only takes about 15 minutes.

Does IDEE offer a free-trial?

Read More

Yes. Adminstrators can setup users to use our AuthN product for free for 30 days. You can sign-up here: authn.getidee.de.

Does IDEE perform external IT security audits?

Read More

YES. IDEE conducts external IT security testing/reviews in addition to our routine internal security testing and audits. Cobalt, a security company based in Berlin and San Francisco, conducted a security testing/audit of our services in April 2019. BishopFox, a security company based in San Francisco, conducted a security testing/audit of our services in January 2017. We are also ISO 27001 certified.

Does IDEE's technology prevent phishing?

Read More

Yes. We put an end to all phishing and password-based attacks.

Does IDEE's technology prevent insider threats?

Read More

Yes. We prevent malicious and negligent privilege insider attacks.

We don't want to permit the app to have access to the phone camera. Can we still use your solution?

Read More

Yes. Instead of using QR-Code Login, which requires the use of a camera, you can make use of Push Login or WebAuthN Login.

When I try to register my iPadOS device with Web-AuthN, I am stuck after I unlock my device. What should I do?

Read More

Switch to another app and go back to Safari and you will get an error, "Something went wrong. Please try again." Now click on login and unlock your phone to authenticate to the website. This is a known bug on iPadOS and it has been reported to Apple.

When I try to register my iOS device with Web-AuthN, I am stuck after I unlock my device. What should I do?

Read More

Click outside of the pop-up and you will get an error, "Something went wrong. Please try again." Now click on login and unlock your phone to authenticate to the website. This is a known bug on iOS and it has been reported to Apple.

I do not see Web-AuthN option on my Mac. What should I do?

Read More

In order to use Web-AuthN on Safari on a Mac, the user must enable TouchID. Please enable TouchID on your Mac and try again.

I get a pop-up asking me to insert my security key into the USB port. What should I do?

Read More

Click on the cancel button and this will take you to the next window where you need to unlock your PC to authenticate to your website.

Does IDEE offer an on-premise solution?

Read More

IDEE provides a SaaS solution. On-premise deployments are technically possible, and are included in our Enterprise plans.

Do you support browser-only use cases?

Read More

Yes. We support browser-only use cases on the PC, Mac, and mobile.

What happens when my phone is offline?

Read More

No problem.  We offer offline login.

How do I unlock my phone?

Read More

Your choice.  Biometric, PIN, pattern.  Anything that Windows, Mac, iPadOS, iOS, and Android support.

What PII do you collect about me?

Read More

We only ask for your email in certain use cases. We never store your email in plain-text. It is always hashed when stored. We do not collect any other PII.

Do users have to manually register for your service?

Read More

No. Users can be auto-enrolled in the background.

Are you storing any private customer data?

Read More

No. IDEE follows privacy by design principles. We do not store any private customer data (PII).

What if a user loses their device?

Read More

No Problem. We offer secure recovery mechanisms to restore access on a new device and let you immediately delete lost devices.

How quickly can I integrate IDEE in my environment?

Read More

Really quickly. We support common standards such as SAML, OIDC, RADIUS, and many more to make integration quick and easy.

We don’t have an app. Can we still use your technology?

Read More

Yes. We can provide you with our white-label app. We also support WebAuthN for web-only use cases.

Zero Touch Portal

How do I add a new user to a federated Azure AD only domain?

Read More

Once an Azure AD is federated, users need to be added using Microsoft Graph Explorer. Here are the steps for the Microsoft Graph Explorer:

1. Sign into the Microsoft Graph Explorer here (https://developer.microsoft.com/en-us/graph/graph-explorer) using your Azure admin account.

2. After you have signed in click on the 3 dots next to your profile and 'SELECT PERMISSIONS.

3. Please add the following permissions: User.ReadWrite.All and Directory.ReadWrite.All.

4. Go to Sample Queries. Find and select  'CREATE USER' which will create an example in JSON.

5. Please copy the following code and update it to the user's particulars to create the user:

{‚Äč‚Äč ¬†

"accountEnabled": true,  

"displayName": "FirstName LastName",  

"mailNickname": "username",  

"onPremisesImmutableId": "username@example.com",  

"userPrincipalName": "username@example.com",  

"mail": "username@example.com",  

"givenName": "FirstName",  "surname": "LastName",  

"passwordProfile" : {‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč ¬† ¬†"forceChangePasswordNextSignIn": true, ¬† ¬†

"password": "<password>"  }

‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč}‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč‚Äč

I am on an Azure AD only Microsoft domain. How do I login to my PC if my domain is federated?

Read More

For domains that are Azure AD only and federated, it is currently not possible to login directly to the domain from a PC. The user needs to log-in to a local account on the PC first and then go under Settings\System\About and click on Join Azure AD. Thereafter the user can follow the Web-AuthN or AuthN registration flow to add the PC to the domain.

How do I revert from a federated Microsoft Azure AD domain to a managed domain?

Read More

Please use the following command: Set-MsolDomainAuthentication -DomainName $domain -Authentication managed

Why is there a list of accounts showing when I try to login with WebAuthN?

Read More

Probably there are multiple keys for your account stored in the security chip that makes WebAuthN possible. Please clear your security chip and thereafter follow the registration steps for WebAuthN.

Why is my registration link in the email invalid?

Read More

Please check if you have an anti virus software enabled that automatically clicks on links in emails. If yes, please disable it and try again.

I still see the old login screen with password even though I setup the integration. How do I fix this?

Read More

It may take up to 5 minutes for changes to an integration to go live. If after 5 minutes, the integration, is still not active please make sure your integration details are correct.

Why am I not allowed to invite an admin?

Read More

Currently, only an existing ZTP owner receives an invitation. Make sure the admin you want to invite is registered on ZTP already.

How do I recover my AuthN Zero Touch Portal Account?

Read More