Hideez Identity Cloud
  • Getting Started Guide
    • Key features of Hideez Identity Cloud
    • Quick Start Guide
    • User Management
      • Passkey
      • Hideez Authenticator App
      • FIDO Security Key
      • Platform Authentication via Windows Hello
      • Password+OTP
  • PC unlock
    • Passwordless Authorization
    • Password-based Authorization
  • INTEGRATIONS
    • SAML 2.0
      • GitHub Enterprise
      • Google Workspace
      • Okta
    • OIDC (OpenID Connect)
      • Services that support OIDC and their configuration as Client
    • WS-Federation
      • Login to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud
    • Active Directory On-Premises
      • ADFS integration
        • Login to Microsoft Exchange OWA Using AD FS and Hideez Identity Cloud as a Third-Party IdP
    • Microsoft Entra ID
      • Synchronization and import employees from Microsoft Entra ID to Hideez Identity Cloud
      • Configuration of Hideez Cloud as an External Authentication Method for Microsoft Entra ID via OIDC
    • Chrome OS
  • USE CASES
    • Passkey Login
    • Hideez Authenticator App login
    • FIDO Security Key login
    • Platform login via Windows Hello
    • Password+TOTP login
  • SUPPORT
    • Get Support
    • FAQ
      • What to do if a user loses their key/device and cannot access the site?
      • Can a custom domain name be created for the tenant instead of the default one?
      • Why am I already logged in Hideez, and no authorization occurs when I access my web application?
      • How long does an open authorization session last?
      • How to log out of the web application?
      • Can I administer multiple tenants simultaneously?
      • Can there be multiple administrators for the Hideez Identity Cloud?
    • Glossary
  • Hideez Documentation Portal
Powered by GitBook
On this page
  • Configure OIDC for Entra ID
  • Step 1: Register the App in Microsoft Entra
  • Step 2: Configure Integration in Hideez Cloud
  • Step 3: Add External Method in Entra ID
  • Step 4: Configure Conditional Access Policy in Entra ID (Optional)
  1. INTEGRATIONS
  2. Microsoft Entra ID

Configuration of Hideez Cloud as an External Authentication Method for Microsoft Entra ID via OIDC

Hideez Identity Cloud - Configuration OIDC for Entra ID as an External Authentication Method

Last updated 3 months ago

Configure OIDC for Entra ID

This guide provides step-by-step instructions to configure Hideez Identity Cloud as an External Authentication Method (EAM) for Microsoft Entra ID using OIDC (OpenID Connect). This setup facilitates seamless external authentication and ensures secure user login through an additional MFA (Multifactor Authentication) step.

Important Notes

  • Hideez Server as an External Authentication Method (EAM) does not enable direct login to Microsoft Entra ID. It serves solely as an additional MFA verification method.

  • To enable this feature, an Entra ID P1 license is required.

Additional Resources

For further setup guidance, refer to the following articles:

  • Validating tokens issued by Microsoft Entra ID

Step 1: Register the App in Microsoft Entra

  1. Log in to the Microsoft Entra Admin Center.

  2. Navigate to Identity → Applications → App Registrations.

  3. Click + New registration.

  1. Define a name for the app.

  2. Set Supported account type to:

    • Accounts in any organizational directory (Any Entra ID directory - Multitenant).

  3. Under the Redirect URI section:

  • Select Web platform.

  • Enter: https://idp-<Tenant Name>.us.hideez.io/connect/authorize.

  • Example: https://idp-69d5d91ab8.us.hideez.io/connect/authorize.

You can find the Tenant Name in the Hideez Identity Cloud in the Settings section:

  1. Click Register.

After registering, keep the Application ID from the Essentials section. You'll need it later to configure your EAM in Hideez Cloud.

Step 2: Configure Integration in Hideez Cloud

  1. Go to Hideez Cloud.

  2. Go to Integrations → OIDC.

  3. Click Create App Integration and set the following parameters:

    • App Type: Entra ID External Authentication Method (EAM).

  1. Fill in the following:

    • Tenant ID

    • Application ID

  2. Click Create.

Keep the tab Settings with values Client ID, Discovery Endpoint, and Entra Application ID ready for the next step.

Step 3: Add External Method in Entra ID

  1. Go back to Microsoft Entra Admin Center.

  2. Navigate to Protection → Authentication Methods → Policies.

  3. Click + Add external method (Preview).

  4. Set the following parameters:

    • Name: The name users will see during Entra ID login when choosing their authentication method.

    • Client ID: Paste from the app integration in Hideez Cloud.

    • Discovery Endpoint: Paste from the app integration in Hideez Cloud.

    • App ID: Paste from the app integration in Hideez Cloud.

  5. Click Request permission to grant admin consent for the app to read user information.

  6. Click Enable.

  1. Review the Included and Excluded Targets (all users are included by default).

  2. Click Save.

Step 4: Configure Conditional Access Policy in Entra ID (Optional)

During migration, administrators are advised to create parallel Conditional Access Policies to test new configurations with a subset of users. This ensures minimal disruption and allows admins to verify the functionality of the custom controls.

  1. Login to Microsoft Entra admin center.

  2. Navigate to Protection → Conditional Access → Policies.

  3. Click + New Policy (or edit an existing policy).

  1. Configure the policy:

    • Specify Users: Define the users who will be affected by this policy.

    • Target Applications: Specify the applications covered by this policy.

    • Access Requirements:

      • Choose Require multifactor authentication so that the EAM (Hideez Cloud) is used as the MFA step.

  1. Click on Save.

More information from more information from Microsoft can be found here Using Custom Control and EAM in parallel.