Import and Sync Users from Active Directory (On-Premises)
Last updated
Was this helpful?
Last updated
Was this helpful?
Hideez Enterprise Server integrates with Active Directory (On-Premises) to support centralized user import, synchronization, and optional password rotation.
Hideez Enterprise Server also supports multi-domain environments. Users can be synchronized from multiple Active Directory (On-Premises) domains and are matched by their email addresses. If two or more users from different domains share the same email, they will be merged into a single profile in Hideez Enterprise Server.
Hideez Enterprise Server supports two scenarios for integrating and managing users from Active Directory (On-Premises):
Users are synchronized based on membership in the Hideez Users Sync group.
Domain passwords are not changed or updated.
Assigning Hideez Keys is not required.
You can optionally configure passwordless PC authentication via the Hideez Authenticator mobile application.
Before syncing users from Active Directory, ensure the following conditions are met:
You are logged in as a user with administrator rights in Hideez Enterprise Server.
Target users are added to the designated Active Directory group:
Hideez Users Sync – required for any synchronization.
Enable Single Sign-On must be enabled during Active Directory setup if you plan to use the Hideez Authenticator mobile app for passwordless workstation login.
In Hideez Enterprise Server, navigate to Employees → Sync with Active Directory and click Sync Now.
Imported users will appear in the employee list, marked as synchronized from Active Directory.
Use Case: Passwordless Login with Hideez Authenticator
When a user is imported into Hideez Enterprise Server from Active Directory, they receive an invitation email.
Upon accessing the server, the user selects an SSO method and chooses the Hideez Authenticator mobile app.
After installing the app, they scan a QR code, which registers the application on the server.
This scenario enables you to import users from Active Directory and enforce automatic domain password changes using Hideez Keys.
Each imported user is assigned a new, strong, randomly generated password.
The password is updated both in Active Directory and securely stored on the user’s Hideez Key.
This workflow requires Hideez Keys.
Future password rotations are handled automatically based on a configured schedule.
Before syncing users from Active Directory, ensure the following conditions are met:
You are logged in as a user with administrator rights in Hideez Enterprise Server.
Users are added to:
Hideez Users Sync group (for user import)
Security Key Auto Password Change group (for automatic password management)
In Hideez Enterprise Server, navigate to Employees → Sync with Active Directory and click Sync Now.
Imported users will appear in the employee list, marked as synchronized from Active Directory and associated with a domain account.
Assign a Hideez Key to each user and provide the user with an activation code.
The user has to activate the Hideez Key on the workstation.
Use Case: First Login with a Hideez Key
After the key is assigned and the user receives their activation code:
The user pairs or taps the Hideez Key to the workstation.
The user enters the activation code when prompted.
Hideez Enterprise Server generates a new domain password.
The password is securely written to the key and updated in Active Directory.
The user must activate the Hideez Key on their workstation using the activation code.
Important: Without successful activation of the Hideez Key, users will continue using their old domain password.
In addition to the automatic password update workflow, Hideez also supports optional manual and user-initiated password management features:
This scenario describes how an administrator can manually set or generate a new password for a domain user using the Hideez Enterprise Server interface.
This scenario describes how a domain user can change their own Active Directory password via the Hideez Client using a Hideez Key.
The user has two options:
Change the password only on the Hideez Key (the domain password remains unchanged).
Change the password in both Active Directory and the Hideez Key simultaneously.
Note: If you encounter the error "Unavailable Critical Extension" during synchronization or password update, please follow our troubleshooting guide to enable .
The user must have a Hideez Key with one of the following statuses: , , or .