Hideez Authentication Service (EN)
  • Hideez Authentication Service for Enterprises
    • Release notes
    • Key features of the Hideez Authentication Service in 5 minutes
  • Quick Start Guides
    • Hideez Authenticator Mobile app guide
    • Hideez Key guide
    • Passkey guide
    • FIDO Security Key guide
      • Activation FIDO key and setting PIN code
    • Quick Start Guide for subscriptions
      • Hideez Security Key
      • Hideez Authenticator App
      • Passkeys
    • Guide for Hideez Enterprise Server on Cloud
      • Passkeys
      • Mobile app
      • Hideez Key
  • Use cases
    • Hideez Authenticator Mobile App
      • Passwordless PC login
      • Password-based PC login
      • SSO login to Webservises (FIDO2) via mobile app
        • Using Hideez Authenticator as your passwordless authentication method for SSO
      • Using Hideez Authenticator as your two-factor authentication method for SSO
      • OTP generation by Hideez Authenticator App for 2FA
      • RDP login by Hideez Authenticator App
      • Remote PC lock
    • Hideez Key
      • Proximity Lock
      • Proximity Unlock
        • Unlock PC by Hideez Dongle Touch (Tap-and-Go)
      • Changing an Active Directory Domain User Password
      • Proximity settings (guide for admin)
      • Automatic RDP Launch and Logon
      • Password manager and OTP generator
      • OTP manager for two-factor authentication
    • FIDO Security Key
      • SSO login to Web Servises via Hardware Key (FIDO2)
      • Passwordless PC Login to Entra ID (Azure AD).
      • Using Hideez Key as U2F security key for your two-factor authentication
      • Other vendors' hardware keys
    • Passkey
      • SSO login to Web Services (FIDO2) via Passkey and Hideez Server as Identity Provider
    • Emergency blocking of all computers
    • Employee's account disabling
  • Hideez Enterprise Server
    • Hideez Enterprise Server
    • Glossary
    • Hideez Server Architecture
    • Deployment
      • Database installation
        • MySQL on Windows
        • MySQL on Linux
        • Microsoft SQL Server on Windows
        • Microsoft SQL Server on Linux
      • HES deployment
        • Windows
        • Linux
        • Docker
        • Deployment without Internet access
        • Troubleshooting
      • HES update
        • Windows
        • Linux
        • Docker
      • Publishing on-premises HES for remote users
    • Administration
      • How to change the password for an administrator account?
      • How to recover a forgotten admin password?
      • Adding an admin account
      • Deleting an admin account
      • How to enable two-factor authentication at the Hideez Enterprise Server?
      • Authorization on the HES server via a FIDO key
      • Platform authentication on the HES server
      • Connecting Linux server to Active Directory
      • Setting Hideez Server parameters
      • Configuring DNS server
      • Setting up a Proxy for Mobile App Access to HES
      • How to create and set Hideez Key Access Profiles
      • How to manage companies and departments?
      • How to manage Positions?
      • Enable load balancing
      • Data Protection
    • Dashboard
      • Information about the server
      • Information about employees
      • Information about devices
      • Workstations Information
    • Employees
      • How to add an Employee?
      • Employees management
      • Employee management with Active Directory
    • Workstations
      • How to add and approve Workstations?
      • Workstations management
      • Workstation Profiles
      • Use Proximity Unlock Workstations
    • Hardware Vaults
      • How to add Hideez Key into the Server
      • Assign a key to the user
      • Remove the key from the Employee
      • Set a profile for a Hardware Vault
      • How to see an RFID code on the Employee key?
    • Accounts
      • Creating personal employee accounts
      • Creating shared employee accounts
      • Personal account management
      • Shared account management
      • Accounts backup and restore
      • How to work with the account template?
    • Keys Management
      • Keys Statuses
      • Transition to Reserved status
      • Keys Activation mechanism
      • Cancel issuance of Hideez Key (Reserved -> Ready)
      • Transition to Suspended status
      • Transition to Locked status
      • Transition to Deactivated status
      • Transition to Compromised status
      • Removing the Locked status
      • Wipe procedure
      • Delete key from Hideez Server
    • Audit
      • Workstation events
      • Workstation Sessions
      • Summaries
    • Single Sign On settings
      • How to get employee licenses
      • Enabling Single Sign-On (SSO) for Employees
      • User settings
    • Configuring SAML Protocol
    • Configuration OIDC (OpenID Connect)
  • Hideez Server Integration
    • Active Directory Integration
      • Connect Hideez Server to On premises Active Directory
        • Configuring Access to Active Directory On-Premises and Delegating Rights
      • Connect Hideez Server to Microsoft Entra ID
      • Import and Sync Users from Active Directory
      • Import and sync users from Active Directory with domain password changing
      • How to enable FIDO2 passwordless authentication with Microsoft Azure AD for use with Windows 10-11
    • SAML integration
      • Page
      • ASA AnyConnect VPN
      • Citrix services
      • Fortinet services
      • GitHub Enterprise
      • GitLab on premises
      • Google Workspace
      • Microsoft Exchange for Authentication via SAML
        • ADFS Installation
      • Okta
      • Oracle Business Intelligence Enterprise Edition (OBIEE)
        • Step 1: Configure the Identity Provider — Hideez Enterprise Server (HES)
        • Step 2: Configure the Service Provider — Oracle Access Manager (OAM)
        • Step 3: Register Oracle Access Manager (OAM) in Hideez Enterprise Server (HES)
        • Step 4: Configure Directory Services and Web Infrastructure
        • Step 5: Configure Oracle Business Intelligence Enterprise Edition (OBIEE) for Single Sign-On (SSO)
    • Open ID Connect integration
      • Hideez Server as an External Authentication Method for Microsoft Entra ID via OIDC
      • OKTA (OIdC)
    • WS-Federation integration
      • Configure Exchange Outlook Web Application and Exchange Admin Center
  • Hideez Client App
    • Hideez Client deployment
      • Installation of the Hideez Client Application
      • Deploying Hideez Client MSI via GPO (Group Policy Object)
      • Configuration app
      • Uninstall Hideez Client app
      • Uninstalling via GPO
      • Upgrade Hideez Client
      • Downgrade Hideez Client
    • Application interface
      • General Settings
      • Logon settings
      • Aditional settings
      • Configuring hotkeys
    • Account management
      • Account creation
      • Editing an Existing Account
      • Deleting your account
    • Shortcuts
    • Remote Vault connection
    • Mobile Authenticator
  • Hideez Authenticator App
    • Quick overview
    • Admin guide
      • Setup for PC login scenario
        • Passwordless PC Login Setup
          • Configuring an Active Directory Certification Authority
          • Hideez Enterprise Server setup for passwordless login
          • Setting Up Passwordless Workstation Login with Entra ID
        • Password-based PC login Setup
      • Setup for SSO login scenario
    • User guide
      • Mobile App Primary Setup
      • App enrollment on Hideez Server
        • Enroll the application on Hideez Server for SSO
          • SSO enrollment (admin account)
          • SSO enrollment (user account)
        • PC Authorization Enrollment
          • Enrollment for Passwordless PC Authorization
            • Passwordless account re-enrollment
          • Enrollment for Password-based PC Authorization
            • Account roaming
      • Login with Hideez Authenticator
        • SSO login
        • PC login
          • Offline passwordless login
          • Login to the remote PC via RDP
      • PC lock
      • OTP generation
      • Software key disabling
        • PC logon disabling
        • SSO logon disabling
      • Service operations
  • Hideez Key (Enterprise Edition)
    • Hideez Key (Enterprise Edition)
    • Technical Specifications
      • Technical specifications Hideez Key 3
      • Technical specifications Hideez Key 4
    • Principles of operation
    • Device Layout
    • Battery maintenance
    • Hideez Key modes
    • How to update the Hideez Key (Enterprise) firmware
    • How to enter credentials with the Hideez Key
    • How to unlock PC
    • Key for Physical doors
  • Product Updates
    • Product updates
    • Hideez Enterprise Server updates
    • Hideez Key firmware updates
    • Hideez Client updates
    • Hideez Authenticator updates
  • API
    • Hideez Enterprise Server web API
  • FAQ
    • How-to's
      • How to add an Employee?
      • How to add personal user account on HES?
      • How to assign Hideez Key to a user?
      • How to activate Hideez Key?
      • How to unlock Hideez Key on HES?
      • How to unlock PC with Hideez Key?
      • How to setup proximity PC unlock?
      • How to use Hideez Key on remote PC?
      • How to enroll the Hideez Authentication app on HES for SSO?
      • How to login on HES with Hideez Authenticator?
      • How to enroll the Hideez Authentication app for PC login?
      • How to login to PC with Hideez Authenticator?
      • Enable QR Code Display for Hideez Authenticator on the Lock Screen of a Windows Remote Workstation
    • Hideez Client App
      • What do I do if I see the message "Connection failed. Trying to re-bond device"?
      • What do I do if the connection with the HES server cannot be established?
      • What should I do if the Password Manager menu item is not displayed?
    • Hideez Enterprise Server
      • How to view logs at Hideez Enterprise Server?
    • Setting Up Gmail with HES
    • Hideez Authenticator
      • QR code is not displayed at the credential provider on my PC
      • I have registered successfully but cannot login
      • What do I do if I changed domain and cannot login now
      • Does the Hideez App collect or transmit data from the phone to third parties or services?
    • Hideez Key
      • What physical conditions are dangerous for the Hideez Key?
      • Is the Hideez Key allowed on planes?
  • Documentation portal
Powered by GitBook
On this page
  • Function Overview
  • Prerequisites
  • Step 1. Creating a Domain Account
  • Step 2. Initial Computer Unlock
  • Step 3. Setting the Current Password
  • Step 4. User-Initiated Password Change via Hideez Client

Was this helpful?

  1. Use cases
  2. Hideez Key

Changing an Active Directory Domain User Password

PreviousUnlock PC by Hideez Dongle Touch (Tap-and-Go)NextProximity settings (guide for admin)

Last updated 19 days ago

Was this helpful?

Function Overview

This function allows the user to change the password of their domain account via the Hideez Client. The user has two options:

  1. Change the password only on the Hideez Key (without updating it in Active Directory). In this case, the user continues to use their current password as long as it remains valid in Active Directory.

  2. Change the password in both Active Directory and on the Hideez Key simultaneously. In this case, the new password will be used immediately for authentication in both the system and the key.

After the password is changed, the user can sign in without manually entering the password — it is automatically read from the Hideez Key.

The password change complies with domain security policies, including:

  • password complexity requirements;

  • limits on password change frequency;

  • defined intervals between changes.

To use this feature, the administrator must first create the user’s account on the Hideez Server. Then, the user enters their current password to verify their identity.

Prerequisites

Before starting, ensure that:

  • The user is created on the .

Step 1. Creating a Domain Account

  1. Sign in to the Hideez Server using an administrator account.

  2. Navigate to the user list, select the appropriate user, and open their profile.

  3. Click Create personal account.

  4. In the account creation form, fill in the required fields:

    • Name* – a descriptive name for the account;

    • Login Type – select AD Domain Account;

    • Login*:

      • Domain – the name of the Active Directory domain connected to the Hideez Server;

      • User Logon Name – the user’s domain login.

  5. Select the checkbox Skip Password — the user will add the password later via the Hideez Client.

  6. Click Create to save the account.

Example domain account:

  • Name* – John Smith Domain Account

  • Login Type – AD Domain Account

  • Login*:

    • Domain – Lab

    • User Logon Name – js

Step 2. Initial Computer Unlock

The user signs in to a workstation joined to the Active Directory domain and connects the Hideez Key to the Hideez Client.

Step 3. Setting the Current Password

After the key is connected, the user account is automatically loaded onto the key from the server. This account is marked with a gear icon and does not contain a password — it cannot be used to unlock the computer until a password is added.

To add a domain password to the account on the key, the user must manually enter their current password via the Hideez Client interface.

To do this, follow these steps:

  1. Connect the key to the workstation.

  2. Wait for the account to appear on the key.

  3. Select the corresponding account on the key.

  4. Set the current domain password via the Hideez Client interface.

  5. Save the changes.

After completing these steps, you will be able to unlock the workstation using this account on the key.

Note: The password will be saved on the key and automatically read during future sign-ins.

Step 4. User-Initiated Password Change via Hideez Client

The user can independently change the password of their domain account — it will be updated on both the Hideez Key and in Active Directory.

Procedure:

  1. Connect the Hideez Key to the Hideez Client and launch the application.

  2. Select the account marked with the gear icon.

  3. Click Edit.

  1. To change your domain account password, select the “Change logon password” checkbox.

  1. Enter the new password.

  2. Click Save.

When saving the new domain user password, the following occurs:

  • The current (old) password is read from the key.

  • The old and new passwords are used to initiate the password change in Active Directory using the Windows API.

  • If the change is successful, the new password is saved on the key, replacing the previous one.

Additional Notes

  • The new password must not match any of the previous passwords used for this account.

  • Your domain’s password policy must permit a password change at the time of the operation. For example, if a minimum interval between password changes is enforced (e.g., no more than once every 24 hours), and the previous password was changed recently, the system will block the new change until the interval expires.

  • In a hybrid infrastructure, the password will be updated in both the local Active Directory and Azure AD (if synchronization is configured).

Refer to Microsoft’s documentation on Active Directory password policies for more information.
manually
Hideez Server or imported from Active Directory
The user must have a Hideez Key with status “Ready”, “Active” or “Reserved”.
The Hideez Client is installed on a workstation joined to the Active Directory domain.
The workstation is approved on the Hideez Server.
Integration between the Hideez Server and Active Directory is properly configured.