Connect Hideez Server to Microsoft Entra ID
Hideez Enterprise Server – Setting HES Server parameters
Overview
Integrating Hideez Server with Microsoft Entra ID allows organizations to automate user management, enable secure Single Sign-On (SSO), and perform remote password rotation. This integration improves security and reduces administrative overhead.
Key benefits:
User Import: Automatically sync users from Microsoft Entra ID into Hideez Server based on group membership.
SSO Enablement: Users can log in to Windows workstations via Hideez Keys or mobile apps using Entra ID credentials — without entering passwords.
Password Management: Selected users' passwords can be rotated automatically in Entra ID on a scheduled basis.
Prerequisites
Before starting integration, ensure the following:
Admin access to both Microsoft Entra ID and Hideez Server.
An active Microsoft Entra ID tenant.
Permission to register applications in Entra ID.
Hideez Server is accessible over HTTPS.
Step 1: Prepare Microsoft Entra ID Groups
To control user synchronization and password management, create the following groups in Microsoft Entra ID:
Hideez Users Sync Add to this group all users who should be imported into Hideez Server.
Hideez Key Auto Password Change (optional) Add to this group users whose passwords should be automatically rotated via Hideez Server. These users must also be members of Hideez Users Sync.
Step 2: Register an Application in Microsoft Entra ID
Navigate to Azure Active Directory → App registrations.
Click New registration and fill out the form:
Name: Hideez Server Integration
Supported account types: Single tenant
Redirect URI (optional): Leave empty or set later
Click Register.
On the app’s Overview page, copy:
Application (Client) ID
Directory (Tenant) ID
Step 3: Generate a Client Secret
In the app registration, go to Certificates & secrets.
Click New client secret → set a description and expiration.
Click Add.
Copy the generated value from the Value column — this is your Client Secret.
Step 4: Assign API Permissions
Go to API permissions → Add a permission → Microsoft Graph.
Choose Application permissions.
Add the following permissions:
For user import:
User.Read.All
Group.Read.All
Domain.Read.All
(or useDirectory.Read.All
as a more general alternative)
For password management:
User.ReadWrite.All
User-PasswordProfile.ReadWrite.All
Click Grant admin consent to apply all permissions.
Step 5: Configure Hideez Server
Log in to the Hideez Server admin panel.
Go to Settings → Parameters and click Add Domain Settings.
Select the Azure Active Directory option.
Fill in the form with the values from previous steps:
Domain – your Microsoft Entra domain (e.g.,
yourcompany.onmicrosoft.com
)Application ID – Client ID from app registration
Client Secret – value from step 3
Tenant ID – Directory ID
Auto Password Change (days) – e.g., 28 (optional)
Behavior when removing a user from a sync group:
Keep – The user remains on the Hideez Server after being removed from the synchronization group. SSO login and PC unlock remain available.
Deactivate – The user is deactivated but not deleted. SSO login is disabled, while PC unlock remains available. Reactivation must be done manually by an administrator.
Delete – The user is permanently removed from the Hideez Server. Both SSO login and PC unlock become unavailable.
Click Save.
Step 6: Import Users into Hideez Server
Navigate to Users → Import from AD.
Hideez Server will retrieve and list users from the Hideez Users Sync group in Entra ID.
Select and import the desired users into the server.
Last updated
Was this helpful?