If you use Active Directory and want to manage employees using its interface, as well as regularly change domain passwords in automatic mode, then you need to:
Make sure you provide the correct settings to your Active Directory.
Create a group in AD with the name Hideez Key Owners and place all employees to whom you will give Hideez keys.
Create a group in AD with the name Hideez Auto Password Change and put all the employees for whom you want to configure regular automatic domain account password change.
Click the button Sync with AD.
Confirm the action by clicking Sync Now.
During import, employees have their domain accounts imported (no password).
Assign a key to the user and provide the activation code. On the HES server-side, a new password for the domain account will be generated and tasks will be created to send the new password to AD and the employee's hardware key.
Until activation occurs and the key is connected, the employee will use his existing password to enter the domain account.
When the user connects the key to the computer for the first time, the following will happen:
The user turns on the key and taps it on the dongle.
The user confirms bonding - press during green flashing. This is necessary if this key was not connected to this computer. Otherwise, this step will be skipped, and the key will not flash green and require pressing.
The user goes through the activation procedure - enters the activation code previously reported to him.
The license for the key is loaded.
The new password is sent to AD from the server via LDAP and then succeeds from the server.
The server's task is being executed to load accounts and access to them - a new password from the domain account is recorded on the key.
The user comes up with and twice enters a PIN code to the key.
The user successfully logs into the domain account with a new password.
Video with Step 3 demonstration First login in AD account with the Hideez key.
Specify the frequency of changing the password for your domain account in the HES settings. Regularly scheduled password changes will proceed in the same way as the initial password change.
The list of employees in the Hideez Auto Password Change and HES groups will be synchronized every hour.
When you remove a user from the Hideez Auto Password Change group, the scheduled password change logic stops working for them, the password remains valid according to the settings in AD.