Import and Sync Users from Entra ID
Hideez Integrations – Import and sync users from AD
Last updated
Was this helpful?
Hideez Integrations – Import and sync users from AD
Last updated
Was this helpful?
Hideez Enterprise Server integrates with Entra ID to support centralized user import, synchronization, and optional password rotation.
Hideez Enterprise Server also supports multi-domain environments. Users can be synchronized from multiple Entra ID domains and are matched by their email addresses. If two or more users from different domains share the same email, they will be merged into a single profile in Hideez Enterprise Server.
Integration Scenarios Hideez Enterprise Server supports two scenarios for integrating and managing users from Entra ID:
Users are synchronized based on membership in the Hideez Users Sync group.
Domain passwords are not changed or updated.
Assigning Hideez Keys is not required.
You can optionally configure passwordless PC authentication via the Hideez Authenticator mobile application.
Before syncing users from Entra ID, ensure the following conditions are met:
You are logged in as a user with administrator rights in Hideez Enterprise Server.
Target users are added to the designated Entra ID group:
Hideez Users Sync – required for any synchronization.
Users have valid email addresses that will receive invitation emails from the server.
In Hideez Enterprise Server, navigate to Employees → Sync with Entra ID and click Sync Now.
Imported users will appear in the employee list, marked as synchronized from Entra ID and associated with a domain account.
When a user is imported into Hideez Enterprise Server from Entra ID, they receive an invitation email.
The user receives an invitation email for the Hideez Server and chooses their authentication method.
Upon accessing the server, the user selects an SSO method and chooses the Hideez Authenticator mobile app.
The user logs in to the workstation using the method previously used (e.g., password).
The user scans a QR code in the Hideez Client and creates a passwordless account for PC unlock.
The user can unlock their PC by scanning a QR code displayed on the workstation screen.
The user can continue logging in to their workstation using the Hideez Authenticator app by scanning the QR code displayed on the PC screen.
This scenario enables you to import users from Entra ID and enforce automatic domain password changes using Hideez Keys.
Each imported user is assigned a new, strong, randomly generated password.
The password is updated both in Entra ID and securely stored on the user’s Hideez Key.
This workflow requires Hideez Keys.
Future password rotations are handled automatically based on a configured schedule.
Before syncing users from Entra ID, ensure the following conditions are met:
You are logged in as a user with administrator rights in Hideez Enterprise Server.
Integration with Entra ID is properly configured in Hideez Enterprise Server.
Users are added to:
Hideez Users Sync group (for user import)
Security Key Auto Password Change group (for automatic password management)
The user must have a Hideez Key with one of the following statuses: "Ready", "Active", or "Reserved".
The workstation is joined to the Entra ID domain.
The Hideez Client is installed on the user’s workstation.
The workstation is approved in the Hideez Enterprise Server (see the Workstations section).
In Hideez Enterprise Server, navigate to Employees → Sync with Entra ID and click Sync Now.
Imported users will appear in the employee list, marked as synchronized from Entra ID and associated with a domain account.
After the key is assigned and the user receives their activation code:
Hideez Enterprise Server imports the user from Entra ID and changes the existing domain password in Entra ID to a new, strong password generated.
A new account record is created for the Hideez Key, and the password is securely assigned.
The user pairs or taps the Hideez Key to the workstation and activates it.
The user enters the activation code when prompted.
The updated password is securely written to the key and synchronized with Entra ID.
A new account with an updated password is securely written to the key and updated in Entra ID.
The user can continue logging in to their workstation using the Hideez Key in proximity mode (automatic unlocking when approaching the device).
In addition to the automatic password update workflow, Hideez also supports optional manual and user-initiated password management features:
This scenario describes how an administrator can manually set or generate a new password for a domain user using the Hideez Enterprise Server interface.
This scenario describes how a domain user can change their own Entra ID password via the Hideez Client using a Hideez Key.
The user has two options:
Change the password only on the Hideez Key (the domain password remains unchanged).
Change the password in both Entra ID and the Hideez Key simultaneously.
.
You can also enable FIDO2 passwordless authentication with Microsoft Azure AD for use with Windows 10. Please refer to for configuration guidance.