Hideez Identity Cloud
  • Getting Started Guide
    • Key features of Hideez Identity Cloud
    • Quick Start Guide
      • The Hideez Desktop Client
      • Hideez Authenticator App
    • Tennant manegement
      • User Management
        • Passkey
        • Hideez Authenticator App
        • FIDO Security Key
        • Platform Authentication via Windows Hello
        • Password+OTP
      • Workstation management
  • PC Authorization
    • Passwordless Authorization
      • Active Directory
        • Setting Up the Active Directory Certification Authority
        • Setting Up Workstation Passwordless Logon Settings on Hideez Identity Cloud
      • Microsoft Entra ID
    • Password-based Authorization
  • INTEGRATIONS
    • SAML 2.0
      • GitHub Enterprise
      • Google Workspace
      • Okta
    • OIDC (OpenID Connect)
      • Services that support OIDC and their configuration as Client
    • WS-Federation
      • Login to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud
    • Active Directory On-Premises
      • Connect Active Directory to Hideez Identity Cloud
      • ADFS integration
        • Login to Microsoft Exchange OWA Using AD FS and Hideez Identity Cloud as a Third-Party IdP
    • Microsoft Entra ID
      • Synchronization and import employees from Microsoft Entra ID to Hideez Identity Cloud
      • Configuration of Hideez Cloud as an External Authentication Method for Microsoft Entra ID via OIDC
    • Chrome OS
  • USE CASES
    • Passkey Login
    • Hideez Authenticator App login
    • FIDO Security Key login
    • Platform login via Windows Hello
    • Password+TOTP login
  • SUPPORT
    • Get Support
    • FAQ
      • What to do if a user loses their key/device and cannot access the site?
      • Can a custom domain name be created for the tenant instead of the default one?
      • Why am I already logged in Hideez, and no authorization occurs when I access my web application?
      • How long does an open authorization session last?
      • How to log out of the web application?
      • Can I administer multiple tenants simultaneously?
      • Can there be multiple administrators for the Hideez Identity Cloud?
    • Glossary
  • Hideez Documentation Portal
Powered by GitBook
On this page
  • What is Microsoft Entra ID?
  • How does the integration between Hideez Identity Cloud and Microsoft Entra ID work
  • Steps to Integrate Hideez Identity Cloud with Microsoft Entra ID
  • Syncing Employees
  1. INTEGRATIONS
  2. Microsoft Entra ID

Synchronization and import employees from Microsoft Entra ID to Hideez Identity Cloud

Hideez Identity Cloud - integration with Microsoft Entra ID

PreviousMicrosoft Entra IDNextConfiguration of Hideez Cloud as an External Authentication Method for Microsoft Entra ID via OIDC

Last updated 3 months ago

What is Microsoft Entra ID?

Microsoft Entra ID (formerly Azure Active Directory) is a cloud-based identity and access management (IAM) service by Microsoft. It helps manage user identities, secure access to applications, and protect resources. Hideez Identity Cloud integrates with Microsoft Entra ID to import employee lists and enable Single Sign-On (SSO).

How does the integration between Hideez Identity Cloud and Microsoft Entra ID work

The integration allows automatic import of users from Microsoft Entra ID (Azure AD) to Hideez Identity Cloud (HIC), enabling SSO for configured web services. Here's a simplified overview:

  1. Create a Group in Azure AD: Add employees you want to import to Hideez Identity Cloud.

  1. Enter Credentials in Hideez Identity Cloud: Specify the group name and import employees.

  2. Employees Imported: Users will receive invitations to join Hideez Identity Cloud and access services via SSO.

Steps to Integrate Hideez Identity Cloud with Microsoft Entra ID

1. Navigate to Integration

  • Go to Integration → Microsoft Entra ID in your Hideez Identity Cloud dashboard.

  • Click Create a connection.

2. Register the App in Azure Portal

  • Login to Azure portal.

  • Navigate to Azure Active Directory → App registrations.

  • Click New Registration.

3. Configure Application IDs

  • Copy the Application (client) ID and Directory (tenant) ID from the app overview.

  • Paste these into Domain Settings on Hideez Identity Cloud:

    • Tenant ID: Your Azure AD tenant ID.

    • Application ID: Your Azure AD application ID.

    • Sync Group Name: The name of the Azure AD group to import employees.

  • Tenant ID: enter your Azure AD tenant ID.

  • Application ID: enter your Azure AD application ID.

  • Sync Group Name: enter the name of the group from which you would like to import employees.

4. Generate Client Secret

  • In Azure portal, go to Certificates & secrets → New client secret.

  • Copy the Client Secret from the Value column and paste it into the Client Secret field on Hideez Identity Cloud.

5. Assign API Permissions

  • In Azure portal, go to API permissions → Add a permission → Microsoft Graph.

  • Select Application permissions, scroll to Directory → Directory.ReadWrite.All, and assign it

Click Application permissions, then scroll down and select the Directory → Directory.ReadWrite.All permission.

6. Behavior When Removing a User from the Synchronization Group

  • Keep – The user will remain on the Hideez server after being removed from the synchronization group in Active Directory. They will still be able to use SSO login for web services and unlock their PC.

  • Deactivate – The user will be deactivated on the Hideez server but not deleted after being removed from the synchronization group in Active Directory. In this state, they will not be able to use SSO login for web services but will still be able to unlock their PC. To reactivate the user, the administrator must manually activate them in the system.

  • Delete – The user will be completely removed from the Hideez server after being removed from the synchronization group in Active Directory. They will lose access to SSO login for web services and the ability to unlock their PC. To add the user back, the administrator must:

    • Add them to the synchronization group in Active Directory and perform synchronization.

    • Manually add the user.

    • Wait for automatic synchronization (once per hour, the Hideez server automatically synchronizes with Active Directory, imports users from the synchronization group, and updates their data).

7. Complete the Setup

  • Click Create in Hideez Identity Cloud to finalize the integration.

Syncing Employees

  • Employees are synced from Azure AD to Hideez Identity Cloud every hour or after clicking the Sync Now button.

You can view, update, or delete the Microsoft Entra ID integration anytime through the Hideez Identity Cloud dashboard.