If you use Active Directory and want to manage employees using its interface, as well as regularly change domain passwords in automatic mode, then you need to:
Create a group in AD with the name Security Key Owners and place all employees to whom you will give Hideez keys.
Create a group in AD with the name Security Key Auto Password Change and put all the employees for whom you want to configure regular automatic domain account password change.
Click the button Sync with AD.
Confirm the action by clicking Sync Now.
During import, employees have their domain accounts imported (no password).
Until activation occurs and the key is connected, the employee will use his existing password to enter the domain account.
When the user connects the key to the computer for the first time, the following will happen:
The user turns on the key and taps it on the dongle (or pair the key through Windows settings).
The user confirms bonding - press during green flashing. This is necessary if this key was not connected to this computer. Otherwise, this step will be skipped, and the key will not flash green and require pressing.
The user goes through the activation procedure - enters the activation code previously reported to him.
The license for the key is loaded.
The new password is sent to AD from the server via LDAP and then succeeds from the server.
The server's task is being executed to load accounts and access them - a new password from the domain account is recorded on the key.
The user successfully logs into the domain account with a new password.
Note! After changing the password in this way, neither the User nor the Administrator will know it!
The list of employees in the Security Key Auto Password Change and HES will be synchronized every hour.
When you remove a user from the Security Key Auto Password Change group, the scheduled password change logic stops working for them, the password remains valid according to the settings in AD.
Administrator can also change password manually or generate new password. You have to select the user and click Edit Password.
Click Enter Pwd button. Enter new password, then confirm and click the Save button.
Click Generate Pwd button. Then click the Generate button.
Note! After changing the password this way, neither the User nor the Administrator will know it!
Make sure you provide the to your Active Directory.
and provide the activation code. On the HES server-side, a new password for the domain account will be generated and tasks will be created to send the new password to AD and the employee's hardware key.
Video with Step 3 demonstration .
Specify the frequency of changing the password for your domain account in the . Regularly scheduled password changes will proceed in the same way as the initial password change.
When you add a new user to the Security Key Auto Password Change group during import, they domain account will be imported, and a new password will be generated for him, see and .
Hideez admin cases – Import and sync users from AD with domain password changing