Setting HES server parameters
Hideez Enterprise Server – Setting HES Server parameters
To work correctly, you need to specify some basic settings.
Go to Settings -> Parameters.
Licensing
Click the button Import License
Import the file license that you download from the Hideez Portal. Or you can ask us, and we will generate a license for you.
You can import licenses from server key or using a file. Please, ask us if you need to get your license file.
Mail
Administrators can configure credentials to send emails with service notifications to the users. Such notification is used for inviting new employees, resetting employees' passwords, changing mail for employees, sending activation codes for Hideez Key, etc.
To check the current credentials that you use to send emails, you have to expand the Mail section:
Click Configure to set or change the credentials for sending emails:
To set Email Credentials, fill the following fields:
Host – this is the email server address you want to connect to. For example, for Gmail, the SMTP host might be “smtp.gmail.com” and the IMAP host might be “imap.gmail.com”. The actual host may vary depending on the email service provider and the specific protocol you are using.
Port – this is the numeric code that determines the specific network port for establishing a connection to the email server using a specific email protocol.
Enable SSL – this is an option that indicates whether to use SSL (Secure Socket Layer) to establish a secure connection with the email server. SSL encrypts the data transmitted between your computer and the server to protect sensitive information during transmission.
Email – is the email address that you use for sending and receiving messages.
Password – this is the password associated with your email address. It is used for authentication and confirming your identity when connecting to the server.
Active Directory (On-premises)
Active Directory on-premises
These parameters must be specified if you will use HES scenarios for working with AD. Import and sync users from Active Directory Import and sync users from Active Directory with domain password changing
Click the button Settings→Parameters→Add Domain Settings
Fill in and save the following parameters (domain on-premises):
Domain Name: enter your Active Directory domain. This is necessary to import users from previously created groups in AD.
User Logon Name: AD administrator's login with permissions to get users and groups from the AD and change user passwords.
Skip credentials (sync will be disabled)
Password: AD administrator's password with permissions to get users and groups from the AD and change users' passwords.
Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.
Azure AD (Entra)
To connect the Azure AD with the HES, please, first, set the Azure AD application:
Open Settings→Parameters→Add Domain Settings→ select radio button Azure Active Directory
Login to the Azure portal
Go to the Azure Active Directory → App registrations
Click New Registration
Go to app overview copy the Application (client) ID, and Directory (tenant) ID, and paste those values into Domain Settings on Hideez Server
Fill in and save the following parameters on HES (Azure AD):
Application ID: enter your Azure AD application id.
Client secret: enter your Azure AD client secret.
Tenant ID: enter your Azure AD tenant id.
Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.
After saving the data, login parameters are not displayed in the setting
On Azure portal, go to the Certificates & secrets → New client secret and then add and copy Client Secret
Copy the secret from column Value and paste it to the field Client Secret on Hideez Server
On Azure portal, go to the API permissions -> Add a permission -> Microsoft Graph
Click Application permissions, then scroll down and select the Directory → Directory.Read.All permission.
Click Grant admin consent
Fill in and save the following parameters on HES (Azure AD):
Application ID: enter your Azure AD application id.
Client secret: enter your Azure AD client secret.
Tenant ID: enter your Azure AD tenant id.
Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.
After saving the data, login parameters are not displayed in the settings.
If you use Linux and need the AD integration, join your Linux server to the AD
Be aware! As soon as you remove the AD administrator login and password from the settings, all AD sync scenarios will stop working.
With this instruction, you can add on server several domains at the same time. Each domain is managed separately.
Other Domain settings
Domain Settings – These credentials will be used to connect to Active Directory via LDAPS
Users default single sign-on settings - This setting will be used for all users synchronized from Active Directory. Later you can change this Single Sign-On setting for each user individually in user settings.
Workstation passwordless logon settings - Update Workstation Passwordless Logon Settings.
Splunk
Also you can set here Splunk settings.
FIDO2
If the "Allow Platform Authenticators" feature is enabled, you can choose the type of security key you are enrolling for the user (by default it is cross-platform):
So the list of the user's FIDO keys will look like this:
SAML
More about SAML configuration you can read here.
OIDC
The Openid connect clients (OIDC) parameters can be set at the OIDC section.
Appearance
In this section, you can customize logos and email for the server.
