Hideez Authentication Service (EN)
  • Hideez Authentication Service for Enterprises
    • Release notes
    • Key features of the Hideez Authentication Service in 5 minutes
  • Quick Start Guides
    • Hideez Authenticator Mobile app guide
    • Hideez Key guide
    • Passkey guide
    • FIDO Security Key guide
      • Activation FIDO key and setting PIN code
    • Quick Start Guide for subscriptions
      • Hideez Security Key
      • Hideez Authenticator App
      • Passkeys
    • Guide for Hideez Enterprise Server on Cloud
      • Passkeys
      • Mobile app
      • Hideez Key
  • Use cases
    • Hideez Authenticator Mobile App
      • Passwordless PC login
      • Password-based PC login
      • SSO login to Webservises (FIDO2) via mobile app
        • Using Hideez Authenticator as your passwordless authentication method for SSO
      • Using Hideez Authenticator as your two-factor authentication method for SSO
      • OTP generation by Hideez Authenticator App for 2FA
      • RDP login by Hideez Authenticator App
      • Remote PC lock
    • Hideez Key
      • Proximity Lock
      • Proximity Unlock
        • Unlock PC by Hideez Dongle Touch (Tap-and-Go)
      • Proximity settings (guide for admin)
      • Automatic RDP Launch and Logon
      • Password manager and OTP generator
      • OTP manager for two-factor authentication
    • FIDO Security Key
      • SSO login to Web Servises via Hardware Key (FIDO2)
      • Passwordless PC Login to Entra ID (Azure AD).
      • Using Hideez Key as U2F security key for your two-factor authentication
      • Other vendors' hardware keys
    • Passkey
      • SSO login to Web Services (FIDO2) via Passkey and Hideez Server as Identity Provider
    • Emergency blocking of all computers
    • Employee's account disabling
  • Hideez Enterprise Server
    • Hideez Enterprise Server
    • Glossary
    • Hideez Server Architecture
    • Deployment
      • Database installation
        • MySQL on Windows
        • MySQL on Linux
        • Microsoft SQL Server on Windows
        • Microsoft SQL Server on Linux
      • HES deployment
        • Windows
        • Linux
        • Docker
        • Deployment without Internet access
        • Troubleshooting
      • HES update
        • Windows
        • Linux
        • Docker
      • Publishing on-premises HES for remote users
    • Administration
      • How to change the password for an administrator account?
      • How to recover a forgotten admin password?
      • Adding an admin account
      • Deleting an admin account
      • How to enable two-factor authentication at the Hideez Enterprise Server?
      • Authorization on the HES server via a FIDO key
      • Platform authentication on the HES server
      • Connecting Linux server to Active Directory
      • Setting Hideez Server parameters
      • Configuring DNS server
      • Setting up a Proxy for Mobile App Access to HES
      • How to create and set Hideez Key Access Profiles
      • How to manage companies and departments?
      • How to manage Positions?
      • Enable load balancing
      • Data Protection
    • Dashboard
      • Information about the server
      • Information about employees
      • Information about devices
      • Workstations Information
    • Employees
      • How to add an Employee?
      • Employees management
      • Employee management with Active Directory
    • Workstations
      • How to add and approve Workstations?
      • Workstations management
      • Workstation Profiles
      • Use Proximity Unlock Workstations
    • Hardware Vaults
      • How to add Hideez Key into the Server
      • Assign a key to the user
      • Remove the key from the Employee
      • Set a profile for a Hardware Vault
      • How to see an RFID code on the Employee key?
    • Accounts
      • Creating personal employee accounts
      • Creating shared employee accounts
      • Personal account management
      • Shared account management
      • Accounts backup and restore
      • How to work with the account template?
    • Keys Management
      • Keys Statuses
      • Transition to Reserved status
      • Keys Activation mechanism
      • Cancel issuance of Hideez Key (Reserved -> Ready)
      • Transition to Suspended status
      • Transition to Locked status
      • Transition to Deactivated status
      • Transition to Compromised status
      • Removing the Locked status
      • Wipe procedure
      • Delete key from Hideez Server
    • Audit
      • Workstation events
      • Workstation Sessions
      • Summaries
    • Single Sign On settings
      • How to get employee licenses
      • Enabling Single Sign-On (SSO) for Employees
      • User settings
    • Configuring SAML Protocol
    • Configuration OIDC (OpenID Connect)
  • Hideez Server Integration
    • Microsoft Entra ID
      • Import and Sync Users from Entra ID
        • Administrator-Initiated Manual Password Changes
        • User-Initiated Password Changes
    • Active Directory (On-Premises)
      • Import and Sync Users from Active Directory (On-Premises)
        • Administrator-Initiated Manual Password Changes
        • User-Initiated Password Changes
        • Active Directory (On-Premises) Access and Rights Delegation
    • SAML integration
      • ASA AnyConnect VPN
      • Citrix services
      • Fortinet services
      • GitHub Enterprise
      • GitLab on premises
      • Google Workspace
      • Microsoft Exchange for Authentication via SAML
        • ADFS Installation
      • Okta
      • Oracle Business Intelligence Enterprise Edition (OBIEE)
        • Step 1: Configure the Identity Provider — Hideez Enterprise Server (HES)
        • Step 2: Configure the Service Provider — Oracle Access Manager (OAM)
        • Step 3: Register Oracle Access Manager (OAM) in Hideez Enterprise Server (HES)
        • Step 4: Configure Directory Services and Web Infrastructure
        • Step 5: Configure Oracle Business Intelligence Enterprise Edition (OBIEE) for Single Sign-On (SSO)
    • Open ID Connect integration
      • Hideez Server as an External Authentication Method for Microsoft Entra ID via OIDC
      • OKTA (OIdC)
    • WS-Federation integration
      • Configure Exchange Outlook Web Application and Exchange Admin Center
  • Hideez Client App
    • Hideez Client deployment
      • Installation of the Hideez Client Application
      • Deploying Hideez Client MSI via GPO (Group Policy Object)
      • Configuration app
      • Uninstall Hideez Client app
      • Uninstalling via GPO
      • Upgrade Hideez Client
      • Downgrade Hideez Client
    • Application interface
      • General Settings
      • Logon settings
      • Aditional settings
      • Configuring hotkeys
    • Account management
      • Account creation
      • Editing an Existing Account
      • Deleting your account
    • Shortcuts
    • Remote Vault connection
    • Mobile Authenticator
  • Hideez Authenticator App
    • Quick overview
    • Admin guide
      • Setup for PC login scenario
        • Passwordless PC Login Setup
          • Configuring an Active Directory Certification Authority
          • Hideez Enterprise Server setup for passwordless login
          • Setting Up Passwordless Workstation Login with Entra ID
        • Password-based PC login Setup
      • Setup for SSO login scenario
    • User guide
      • Mobile App Primary Setup
      • App enrollment on Hideez Server
        • Enroll the application on Hideez Server for SSO
          • SSO enrollment (admin account)
          • SSO enrollment (user account)
        • PC Authorization Enrollment
          • Enrollment for Passwordless PC Authorization
            • Passwordless account re-enrollment
          • Enrollment for Password-based PC Authorization
            • Account roaming
      • Login with Hideez Authenticator
        • SSO login
        • PC login
          • Offline passwordless login
          • Login to the remote PC via RDP
      • PC lock
      • OTP generation
      • Software key disabling
        • PC logon disabling
        • SSO logon disabling
      • Service operations
  • Hideez Key (Enterprise Edition)
    • Hideez Key (Enterprise Edition)
    • Technical Specifications
      • Technical specifications Hideez Key 3
      • Technical specifications Hideez Key 4
    • Principles of operation
    • Device Layout
    • Battery maintenance
    • Hideez Key modes
    • How to update the Hideez Key (Enterprise) firmware
    • How to enter credentials with the Hideez Key
    • How to unlock PC
    • Key for Physical doors
  • Product Updates
    • Product updates
    • Hideez Enterprise Server updates
    • Hideez Key firmware updates
    • Hideez Client updates
    • Hideez Authenticator updates
  • API
    • Hideez Enterprise Server web API
  • FAQ
    • How-to's
      • How to add an Employee?
      • How to add personal user account on HES?
      • How to assign Hideez Key to a user?
      • How to activate Hideez Key?
      • How to unlock Hideez Key on HES?
      • How to unlock PC with Hideez Key?
      • How to setup proximity PC unlock?
      • How to use Hideez Key on remote PC?
      • How to enroll the Hideez Authentication app on HES for SSO?
      • How to login on HES with Hideez Authenticator?
      • How to enroll the Hideez Authentication app for PC login?
      • How to login to PC with Hideez Authenticator?
      • Enable QR Code Display for Hideez Authenticator on the Lock Screen of a Windows Remote Workstation
    • Hideez Client App
      • What do I do if I see the message "Connection failed. Trying to re-bond device"?
      • What do I do if the connection with the HES server cannot be established?
      • What should I do if the Password Manager menu item is not displayed?
    • Hideez Enterprise Server
      • How to view logs at Hideez Enterprise Server?
    • Setting Up Gmail with HES
    • Hideez Authenticator
      • QR code is not displayed at the credential provider on my PC
      • I have registered successfully but cannot login
      • What do I do if I changed domain and cannot login now
      • Does the Hideez App collect or transmit data from the phone to third parties or services?
    • Hideez Key
      • What physical conditions are dangerous for the Hideez Key?
      • Is the Hideez Key allowed on planes?
      • How to enable FIDO2 passwordless authentication with Microsoft Azure AD for use with Windows 10-11
  • Documentation portal
Powered by GitBook
On this page
  • Step 0. Sign in to your Admin account using your email and password.
  • Step 1. Enable multi-factor authentication for your Administrator account
  • Step 2. User Enrollment
  • Step 3. Configuring SAML and OIDC
  • Step 4: Enable Passwordless Single Sign-On on the server using Passkeys or the Hideez Authenticator App.
  • Step 5. Desktop login for Windows PCs.

Was this helpful?

  1. Quick Start Guides

Guide for Hideez Enterprise Server on Cloud

PreviousPasskeysNextPasskeys

Last updated 1 month ago

Was this helpful?

Step 0. Sign in to your Admin account using your email and password.

Make sure to use the credentials of your Administrator account:

Step 1. Enable multi-factor authentication for your Administrator account

We advocate for the adoption of additional security measures and are actively transitioning away from the reliance on login credentials for authentication. To enhance the security of your Administrator account, consider implementing the following authentication methods:

Go to Profile and set up an additional authentication method for the Admin's account:

Step 2. User Enrollment

Send email invitations to employees, allowing them to self-enroll. You will need to enable Single Sign-On (SSO) for each employee and decide whether you want them to sign in without having to enter usernames and passwords at all, or simply add passwordless MFA to the traditional password-based authentication.

Please ensure that you use a valid email address for new employees. They must accept the invitation within 24 hours, as the link will expire otherwise.

At this stage, the Administrator should choose one of the two SSO options :

  1. Passwordless Authentication: This method eliminates the need for a traditional username and password. Employees will utilize one of the following options for authentication:

    • FIDO Security Key (e.g. Hideez Key, YubiKey)

    • Passkey or platform authenticator (e.g. native biometric authentication on Android devices, Touch ID / Face ID on iOS devices, Windows Hello)

    • Hideez Authenticator App

  2. Two-Factor Authentication: In this case, the user will have to enter their username and password as usual, and then use one of the passwordless methods to complete the two-factor verification:

    • FIDO Security Key

    • Hideez Authenticator App

    • OTP Authenticator App (e.g. Microsoft Authenticator)

You can import up to users from your Active Directory, saving time and effort. Additionally, you can choose to change the domain password.

Ensure that you provide the correct data while syncing your Active Directory.

Step 3. Configuring SAML and OIDC

Hideez Server allows you to enable passwordless Single Sign-On (SSO) based on the SAML and OpenID Connect (OIDC) protocols. These protocols are utilized to verify a user’s identity when an employee tries to access web or mobile applications. 


To configure Hideez Server as an Identity Provider for passwordless SSO, go to Settings → Parameters → SAML / OIDC, and proceed with SAML or OIDC configuration:

Step 4: Enable Passwordless Single Sign-On on the server using Passkeys or the Hideez Authenticator App.

After employees have received the invitation letter, they are prompted to finish self-enrollment by choosing one of the available passwordless authentication methods:

They may include:

  • Biometric authentication using Android devices;

  • Touch ID / Face ID using iOS devices;

  • Windows Hello;

Cross-platform authenticators can be used across different operating systems (Windows, macOS, Android, iOS, etc.). Examples include FIDO security keys (Passkey) and biometric methods like fingerprint or facial recognition, which are supported on a wide range of devices.

Platform authenticators are unique to a specific platform. For example, Windows Hello facial recognition for Windows-based devices and Touch ID for Apple devices.

To create a Passkey on a smartphone or tablet, your employees will be prompted to scan the QR code on their PC:

Hideez Authenticator enables passwordless Single Sign-On (SSO) through the use of one-time QR codes. This is particularly valuable for users with smartphones lacking biometric capabilities. The app serves as a substitute for biometric login methods while ensuring a secure passwordless experience.

To activate Hideez Authenticator as an SSO method, an employee will have to follow the onscreen steps in the application:

After creating the user profile, employees can enhance security by adding more authentication methods. They can enroll additional devices (smartphones/tablets/laptops) as FIDO2 authenticators or register the Hideez Authenticator app.

Step 5. Desktop login for Windows PCs.

You can utilize the Hideez Authenticator mobile app to unlock your PCs running on Windows 10/11. To do this, ensure the following three conditions are met:

1. Hideez Client Installation

  • Open and proceed with all steps, then click Install:

  • Configure your Hideez Client in Wizard:

crucialThis step is very important to configure the Hideez Client on your Workstation

2. Authorize your workstation on your Hideez Server.

  • Go to the section Workstation on your server, select Workstation, and click Approve:

  • Restart your PC or click Reconnect on Hideez Authenticator:

The indicator of connection of your server will have a green color:

3. Enroll Hideez Authenticator by scanning the QR code on your workstation.

There are two methods for unlocking your PC using the Authenticator. Depending on the method, you'll need to use your Hideez Authenticator mobile app with the Hideez Client desktop program.

That method requires config:

The workstation should have:

  • Domain user account

  • TPM 2.0 module

  1. Open Hideez Client→Mobile Authenticator→ Passwordless Authorization-> Setup

  2. Open Hideez Authenticator and select the QR scanner.

  3. Scan the QR code on the computer by smartphone.

  4. Confirm action on Hideez Authenticator and wait until the account is created. The account will appear in the section Accounts→ Workstation.

  1. Open Hideez Client→Mobile Authenticator→ Password-bassed Authorization→ Setup

  2. Open Hideez Authenticator and select the QR scanner.

  3. Scan the QR code on the computer using a smartphone.

  4. Confirm action on Hideez Authenticator

  5. Choose Account type and put User name, Domain, Password, and click Safe.The account will appear in the section Accounts→ Workstation.

The process of enrolling Hideez Authenticator for unlocking the Workstation is the same for both the Android and IOS platforms.

Unlock Workstation by Hideez Authenticator

  1. Open Hideez Authenticator.

  2. Scan the QR code on the log screen.

  3. Select an account on the Hideez Authenticator app.

Please, make sure that you enable to display QR code on the log on screen of your Workstation.

In the Hideez Client, open Settings -> Logon section -> Always shows authorization QR on logon screen:

External security keys (like or YubiKey).

You can find our mobile app on and the .

In addition to passwordless SSO, Hideez Authenticator allows users to enable passwordless desktop login to Windows PCs. This feature is described in

Download or .msi (, ) installation file

Passwordless PC Authorization allows you to unlock the Workstation when it is offline using codes. Learn more about this feature at .

If you have any questions on the deployment or configuring HES, please contact our Customer Care team at . We’ll be happy to help!

OTP Authenticator (Login+Password+One Time Password)
FIDO2 Authenticators (platform/cross-platform authentication by physical security keys, Passkey)
Hideez Authenticator (Android/IOS mobile app)
1. Manual Enrollment
2. Importing employees from Active Directory
Configuring your server as an Identity Provider
Configuring OpenID Connect
Method 1.
FIDO2 Authenticator: Cross-platform or platform authenticators (Passkeys).
Hideez Key
Method 2. Hideez Authenticator app
Google Play
App Store
.exe
x86
x64
Enrollment for Passwordless PC Authorization
Certification Authority (Microsoft Virtual Smart Card technology)
Server setup for passwordless login
this link
Enrollment for Password-based PC Authorization
support@hideez.com
Step 5.
Install the Hideez Client on your workstation.
Authorize your workstation on your Hideez Server.
Enroll in Hideez Authenticator by scanning the QR code on your workstation.
Passwordless PC Authorization
Password-based PC Authorization
Add a device
Scan QR code
Configure Hideez Client