Administrator Support

Find answers and help with IDEE's products and services.

Integration Portal

What is the admin allowed to do when I invite her to my integrations?

An invited admin is allowed to invite new users to their own integration(s).

How do I make sure that my shared integrations are not shared with non-priveleged users?

Only the owner of an integration can add/invite another admin.

Does the admin I want to invite to my integrations need to be from the same company?

No, you can invite admins with any email address.

Why am I unable to invite an admin?

Currently , only an existing admin can receive an invitation.

Please make sure that the admin you want to invite is already registered on our Integration Portal.

Can I use the fast integration via your Integration Portal in combination with a branded app?

Yes, you can get a branded setup for your integrations, inlcuding app, login pages, emails, and self-service portal.

why is my intregation not showing on my login screen?

It may take up to 5 minutes for changes to apply. If the integration after 5 minutes is still not taking effect please make sure your integration details are correct.

Why do I need a backup?

A backup allows the admin to add a new device to their account using the backup code. Thereafter, the admin has full access to their account.

I lost my backup code? What do I need to do?

Without a backup code a new device can only be added by proving possession of the mailbox and then resetting your account. Resetting your account means all existing devices are deleted and admin access on the account is revoked. To regain admin access on the account, please submit a support ticket here: https://www.getidee.com/support

How do I login to the Integration Portal.

Go to https://authn.getidee.de and scan the QR-Code with the App. You can either use AuthN by IDEE app or your branded AuthN App from IDEE.

Which authenticator app do I need to download for the Integration Portal login?

You can use the AuthN app or your branded app.

Do I need to register with the same email address in the authenticator app like on Integration Portal?

Yes. In order to use the Integration Portal with your authenticator, you need to use the same email address you used when registering for the Integration Portal with your authenticator. Your email address is your account identifier.

I have an account on the Integration Portal but I cannot access it.

If you recently reset your account, access to your Integration Portal was removed. Please create a ticket here to regain access: https://www.getidee.com/support.

Who should register at the Integration Portal?

The system administrator that is responsible for a specific integration(s) should create an account on the Integration Portal. In order to share an integration with another adminstrator, each adminstrator needs to create an account on the Integration Portal prior to sharing.

Before I switch over to AuthN, I want to test how AuthN works with Microsoft products. How do I test AuthN with Microsoft 365 or Azure AD?

To test AuthN with Mircosoft products, we recommend setting up a separate domain and using the Integration Portal.

Once I have setup my application in the integration portal how can I rollout AuthN to all the users?

Once the integration is setup, the user is automatically re-directed to the AuthN login page or the branded login page. On the login page the user is then asked to follow the setps to enable Secure Magic-Link, Web-AuthN or the AuthN app depending on the configuration. Thereafter, the user can instantly login to the application.

When I delete a user on my IAM system (e.g. Microsoft AD), does the user still exist on AuthN?

Once the user is deleted on your IAM system, the user can no longer access any of your systems. Our clients can automatically delete that account on IDEE by leveraging SCIM.

How do I login to the root account of my cloud IAM provider (e.g. Microsoft Azure AD) after I have federated my domain using the Integration Portal?

The root account of your domain cannot be federated. For example, the Microsoft Azure AD root account, onmicrosoft.com, is always accessible by using your username, password, and token.

Who can use the invitation link sent from the Integration Portal?

The invitation link can only be used once by the user who has received the link. The link is tied to the email address that was used when it was created. The user cannot change it.

Level 1 Support

How can I change the language in the app?

The app language is based on the device language when the device was added and it is automatically set. It cannot be changed.

Why is there a list of accounts showing when I try to login with Web-AuthN?

Probably there are multiple keys for your account stored in the TPM. Here is a guide how to delete them on a Windows PC:

1. Run CMD as administrator → type ‘Command Prompt’ in search bar on Windows, right click and select ‘Run as administrator'

2. In the CMD screen type: certutil -csp NGC -key

This will list all the keys. You’ll see the key in this format: `<sid>/<guid>/FIDO_AUTHENTICATOR//<rpIdHash>_<user id>`

3. Copy the key manually (without the ‘RSA’ at the end), and type in the next command providing the copied key:

certutil -csp NGC -delkey <key>

Press enter.

You should see ‘CertUtil: -delkey command completed successfully’

4. Repeat 3. step for every key.

Here is a guide how to delete them on a Mac:

1. Go to Safari > History

2. Click on Clear History. Please note this will clear all your History in addition to deleting your Web-AuthN keys.

Why do I not see Web-AuthN as an option in Chrome Incognito mode?

Web-AuthN is currently not supported on Chrome Incognito mode on Windows 10 20H2. It is however supported on MacOS 11.6 and later.

Reporting

How can I report bugs or make feature requests?

'Please create a ticket here to report a bug or make a feature request: https://www.getidee.com/support/product-request

Where can I report an incident?

'Please create a ticket here to report a security incident: https://www.getidee.com/support/report-security-incident

Device Requirements

What are the device requirements to use AuthN?

'The AuthN app works on any smartphone or tablet with the following OS versions:-

Android version 6.0 or higher

- Apple iPhone with IOS 11 or higher

Web-AuthN works on any computer with a TPM chip (internal or external) and the following browsers:-

Microsoft Edge

- Chrome

- Safari

- Internet Explorer 7 or higher

Multiple Account Support

How do I use AuthN with multiple accounts on the same device?

Currently, we support one account per authenticator app. If you choose the branded option, you can use our AuthN app and your branded app. This way you can use two different accounts.

A work around for Android:Certain phones with Android 10 and later support Dual-apps. With this feature you can use AuthN in dual-app mode to access two separate mailboxes.

A general work around:M365 offers delegated access. You can find the M365 documentation here: https://support.microsoft.com/en-gb/office/access-another-person-s-mailbox-a909ad30-e413-40b5-a487-0ea70b763081#__toc372210362"

With Web-AuthN, multiple accounts can be setup on a single device.

Shared Integrations

How can I authorize other adminstrators to manage my integration(s)?

Each adminstrator can share their integration(s) with other adminstrators via the Integration Portal. Sharing is only possible if the other adminstrator has an account on the Integration Portal.

Account Management

Why am I not allowed to delete my account from Self-service Portal (SSP)?

If your account has active integrations on the Integration Portal you are not allowed to delete your account. You first need to go to the Integration Portal and delete all active integrations or create a ticket to transfer all integrations to another admin. You also need to revoke access to integrations you have shared with other admins. Thereafter, you can delete your account via the Self-service Portal (SSP).

How can I recover my account in the AuthN app when I don't have access to my mailbox?

Please ask an admin who is managing your email integration with AuthN to send you a one-time use magic-link for account recovery. This will allow you to enable your AuthN app as an authenticator. Thereafter you can access your mailbox by using AuthN.

How can I recover my account when I have access to my mailbox but I don't have my backup code?

If you do not have your backup code you need to reset your account. To obtain access to your integrations on the Integration Portal, please create a ticket here: https://www.getidee.com/support.

What do I do when I have lost my phone, do not have access to my mailbox and do not have my backup code?

Please ask an admin who is managing your email integration with AuthN to send you a one-time use magic-link for account recovery. Thereafter, you can reset your account and enable AuthN. Once AuthN is enabled you can authenticate to your mailbox. To obtain access to your integrations on the Integration Portal, please create a ticket here: https://www.getidee.com/support.

What happens when I reset my account?

All authenticator devices are deleted and access to the Integration Portal is removed. You need to contact IDEE to regain access to the Integration Portal. To obtain access to your integrations on the Integration Portal, please create a ticket here: https://www.getidee.com/support.

Why is my registration link in the email invalid?

Please check if you have an anti virus software enabled that automatically clicks on links in emails. If yes, please disable it for internet and try again.

After AuthN is enabled, how do I manage app passwords for service accounts on Microsoft Azure AD?

App passwords created for service accounts prior to switching the domain from managed to federated will continue to work. If new app passwords need to be created, the admin needs to login to the service account and create new app passwords. When the admin tries to login to a service account, they will need to authenticate with AuthN.

After AuthN is enabled, how do I login to my service account on Microsoft Azure AD?

Please ask an admin to send you a one-time use magic-link to login to your service account using Web-AuthN.

Do I need to disable/delete an enterprise account on IDEE?

Yes. However, once you delete/disable an enterprise account, the user will no longer have access to your data.

User Management

How can I change my account language?

The account language is based on the device language when the account was created and it is automatically set. It cannot be changed.

Where can I delete/deactivate my device?

You can delete your device from your Self-Service Portal or from within your authenticator app.

How are multiple accounts supported via Web-AuthN?

On the Web-AuthN login page select Enable Another Account option to setup additional accounts on the same device.

The link in the mail is invalid? What do I need to do?

Our links are one-time use only. Please make sure that your anti-virus or other cyber security protection software are not opening the link before it reaches your mailbox. If so, please add emails from getidee.de and getidee.com to your trusted sender list.

What happens when a user tries to register at IDEE and there is no device lock set?

AuthN does not work without a device lock. Please enable device lock on your tablet, smartphone or computer. For iOS, iPadOS, and Android you need to enable screen lock, for your PC please enable Windows Hello, and for your Mac please enable TouchID.

What happens when a user deletes her device lock after enabling her device as an authenticator?

If you disable device lock on your tablet, smartphone, or computer, AuthN will no longer function. You will have re-enable your device as an authenticator.

What happens when I reset my account?

All authenticator devices are deleted from your account. You can thereafter add devices to your account.

How can I recover my account when I don't have access to my mailbox?

Please ask an admin to send you a one-time use magic-link for account recovery. This link will allow you to setup a new authenticator device and thereafter you can access your mailbox.

When an account is deleted on my IAM platform (e.g. Microsoft's Active Directory) is that account automatically deleted at IDEE?

No, when an enterprise account is deleted that account needs to be deleted manually on IDEE services (Integration Portal, AuthN User). However, when an account is deleted on your IAM platform, the user no longer can access your data.

Why does Web-AuthN not show up on Safari iPadOS?

Go to Settings -> Safari -> Request Desktop Website -> All websites.

You still have an open question?

Let us know about your problem and we'll be there to help.

Submission received!

We're sorry to hear that you are having issues.
We will get back to you as soon as we can.
Oops! Something went wrong while submitting the form.