Setting HES server parameters
Hideez Enterprise Server – Setting HES Server parameters
To work correctly, you need to specify some basic settings.
Go to Settings -> Parameters.
Click the button Set License Settings.


After saving, the API Key is not displayed in the settings in open form. To view it, click the Show button.

Also here you can import your licenses from HLS by clicking on Import licenses button.

You can import licenses via API key or using a file. Please, ask us if you need to get your licenses file.

These parameters must be specified if you will use HES scenarios for working with AD.
Import and sync users from Active Directory
Import and sync users from Active Directory with domain password changing
Click the button Add Domain Settings.

Fill in and save the following parameters (domain on premises):
- Domain Name: enter your Active Directory domain. This is necessary to import users from previously created groups in AD.
- User Logon Name: AD administrator's login with permissions to get users and groups from the AD and change user's passwords.
- Password: AD administrator's password with permissions to get users and groups from the AD and change user's passwords.
- Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.

To connect the Azure AD with the HES, please, first, set the Azure AD application:
- Go to the Azure Active Directory > App registrations

- Add new app
- Go to app overview and copy Application (client) ID, Directory (tenant) ID

- In app go to the Certificates & secrets > New client secret and then add and copy Client Secret


- In app go to the API permissions > Add a permission > Microsoft Graph. Click Application permissions, then select the Directory > Directory.Read.All permission




- Click Grant admin consent


Fill in and save the following parameters on HES (Azure AD):
- Application ID: enter your Azure AD application id.
- Client secret: enter your Azure AD client secret.
- Tenant ID: enter your Azure AD tenant id.
- Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.

After saving the data, login parameters are not displayed in the settings.
Be aware! As soon as you remove the AD administrator login and password from the settings, all AD sync scenarios will stop working.
With this instruction, you can add on server several domains at the same time. Each domain is managed separately.
Also you can set here Splunk settings.


If the "Allow Platform Authenticators" feature is enabled, you can choose the type of security key you are enrolling for the user (by default it is cross-platform):

So the list of the user's FIDO keys will look like this:

The Openid connect clients (OIDC) parameters can be set at the OIDC section.

In this section, you can customize logos and email for the server.

Last modified 3d ago