Create a group in AD with the name Hideez Key Owners and place all employees to whom you will give Hideez keys.
Create a group in AD with the name Hideez Auto Password Change and put all the employees for whom you want to configure regular automatic domain account password change.
Click the button Sync with AD.
Confirm the action by clicking Sync Now.
During import, employees have their domain accounts imported (no password).
Assign a key to the user and provide the activation code. On the HES server-side, a new password for the domain account will be generated and tasks will be created to send the new password to AD and the employee's hardware key.
Until activation occurs and the key is connected, the employee will use his existing password to enter the domain account.
When the user connects the key to the computer for the first time, the following will happen:
The user turns on the key and taps it on the dongle.
The user confirms bonding - press during green flashing. This is necessary if this key was not connected to this computer. Otherwise, this step will be skipped, and the key will not flash green and require pressing.
The user goes through the activation procedure - enters the activation code previously reported to him.
The license for the key is loaded.
The new password is sent to AD from the server via LDAP and then succeeds from the server.
The server's task is being executed to load accounts and access to them - a new password from the domain account is recorded on the key.
The user comes up with and twice enters a PIN code to the key.
The user successfully logs into the domain account with a new password.