Setting HES server parameters

Hideez Enterprise Server – Setting HES Server parameters
To work correctly, you need to specify some basic settings.
Go to Settings -> Parameters.

Licensing

Click the button Set License Settings.
Fill in and save the API Key, you have to get it at the stage of setting up the server. Ask us if you have ordered a pilot and don't know your API key.
After saving, the API Key is not displayed in the settings in open form. To view it, click the Show button.
Also, here you can import your licenses from HLS by clicking on Import licenses button.
You can import licenses via API key or using a file. Please, ask us if you need to get your licenses file.

Mail

Administrators can configure credentials to send emails with service notifications to the users. Such notification is used for inviting new employees, resetting employees' passwords, changing mail for employees, sending activation codes for Hideez Key, etc.
To check the current credentials that you use to send emails, you have to expand the Mail section:
Click Configure to set or change the credentials for sending emails:
To set Email Credentials, fill the following fields:
  • Host – this is the email server address you want to connect to. For example, for Gmail, the SMTP host might be “smtp.gmail.com” and the IMAP host might be “imap.gmail.com”. The actual host may vary depending on the email service provider and the specific protocol you are using.
  • Port – this is the numeric code that determines the specific network port for establishing a connection to the email server using a specific email protocol.
  • Enable SSL – this is an option that indicates whether to use SSL (Secure Socket Layer) to establish a secure connection with the email server. SSL encrypts the data transmitted between your computer and the server to protect sensitive information during transmission.
  • Email – is the email address that you use for sending and receiving messages.
  • Password – this is the password associated with your email address. It is used for authentication and confirming your identity when connecting to the server.

Active Directory

Active Directory on-premises
These parameters must be specified if you will use HES scenarios for working with AD. Import and sync users from Active Directory Import and sync users from Active Directory with domain password changing
Click the button Add Domain Settings.

Fill in and save the following parameters (domain on-premises):

  • Domain Name: enter your Active Directory domain. This is necessary to import users from previously created groups in AD.
  • User Logon Name: AD administrator's login with permissions to get users and groups from the AD and change user passwords.
    • Skip credentials (sync will be disabled)
  • Password: AD administrator's password with permissions to get users and groups from the AD and change users' passwords.
  • Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.

Azure AD

To connect the Azure AD with the HES, please, first, set the Azure AD application:
  • Login to the Azure portal
  • Go to the Azure Active Directory > App registrations
  • Add new app
  • Go to app overview and copy Application (client) ID, Directory (tenant) ID
  • In app go to the Certificates & secrets > New client secret and then add and copy Client Secret
  • In app go to the API permissions > Add a permission > Microsoft Graph. Click Application permissions, then select the Directory > Directory.Read.All permission
  • Click Grant admin consent

Fill in and save the following parameters on HES (Azure AD):

  • Application ID: enter your Azure AD application id.
  • Client secret: enter your Azure AD client secret.
  • Tenant ID: enter your Azure AD tenant id.
  • Auto Password Change (days): number of days after which it is necessary to change the password from the domain account to users from the Security Key Auto Password Change group.
After saving the data, login parameters are not displayed in the settings.
If you use Linux and need the AD integration, join your Linux server to the AD
Be aware! As soon as you remove the AD administrator login and password from the settings, all AD sync scenarios will stop working.
With this instruction, you can add on server several domains at the same time. Each domain is managed separately.

Other Domain settings

  • Workstation passwordless logon settings - Update Workstation Passwordless Logon Settings.

Splunk

Also you can set here Splunk settings.

FIDO2

If the "Allow Platform Authenticators" feature is enabled, you can choose the type of security key you are enrolling for the user (by default it is cross-platform):
So the list of the user's FIDO keys will look like this:

SAML

More about SAML configuration you can read here.

OIDC

The Openid connect clients (OIDC) parameters can be set at the OIDC section.

Appearance

In this section, you can customize logos and email for the server.