Hideez Identity Cloud - integration with Microsoft Entra ID
Last updated
Microsoft Entra ID (formerly Azure Active Directory) is a cloud-based identity and access management (IAM) service by Microsoft. It helps manage user identities, secure access to applications, and protect resources. Hideez Identity Cloud integrates with Microsoft Entra ID to import employee lists and enable Single Sign-On (SSO).
The integration allows automatic import of users from Microsoft Entra ID (Azure AD) to Hideez Identity Cloud (HIC), enabling SSO for configured web services. Here's a simplified overview:
Create a Group in Azure AD: Add employees you want to import to Hideez Identity Cloud.
Enter Credentials in Hideez Identity Cloud: Specify the group name and import employees.
Employees Imported: Users will receive invitations to join Hideez Identity Cloud and access services via SSO.
Go to Integration → Microsoft Entra ID in your Hideez Identity Cloud dashboard.
Click Create a connection.
Login to Azure portal.
Navigate to Azure Active Directory → App registrations.
Click New Registration.
Copy the Application (client) ID and Directory (tenant) ID from the app overview.
Paste these into Domain Settings on Hideez Identity Cloud:
Tenant ID: Your Azure AD tenant ID.
Application ID: Your Azure AD application ID.
Sync Group Name: The name of the Azure AD group to import employees.
Tenant ID: enter your Azure AD tenant ID.
Application ID: enter your Azure AD application ID.
Sync Group Name: enter the name of the group from which you would like to import employees.
In Azure portal, go to Certificates & secrets → New client secret.
Copy the Client Secret from the Value column and paste it into the Client Secret field on Hideez Identity Cloud.
In Azure portal, go to API permissions → Add a permission → Microsoft Graph.
Select Application permissions, scroll to Directory → Directory.ReadWrite.All, and assign it
Click Application permissions, then scroll down and select the Directory → Directory.ReadWrite.All permission.
Keep – The user will remain on the Hideez server after being removed from the synchronization group in Active Directory. They will still be able to use SSO login for web services and unlock their PC.
Deactivate – The user will be deactivated on the Hideez server but not deleted after being removed from the synchronization group in Active Directory. In this state, they will not be able to use SSO login for web services but will still be able to unlock their PC. To reactivate the user, the administrator must manually activate them in the system.
Delete – The user will be completely removed from the Hideez server after being removed from the synchronization group in Active Directory. They will lose access to SSO login for web services and the ability to unlock their PC. To add the user back, the administrator must:
Add them to the synchronization group in Active Directory and perform synchronization.
Manually add the user.
Wait for automatic synchronization (once per hour, the Hideez server automatically synchronizes with Active Directory, imports users from the synchronization group, and updates their data).
7. Complete the Setup
Click Create in Hideez Identity Cloud to finalize the integration.
Employees are synced from Azure AD to Hideez Identity Cloud every hour or after clicking the Sync Now button.
You can view, update, or delete the Microsoft Entra ID integration anytime through the Hideez Identity Cloud dashboard.
