Synchronization and import employees from Microsoft Entra ID to Hideez Identity Cloud

How does the integration between Hideez Identity Cloud and Microsoft Entra ID work

The integration allows automatic import of users from Microsoft Entra ID (Azure AD) to Hideez Identity Cloud (HIC), enabling SSO for configured web services. Here's a simplified overview:

1. Create a Group in Azure AD: Add employees you want to import to Hideez Identity Cloud.

1. Enter Credentials in Hideez Identity Cloud: Specify the group name and import employees.

2. Employees Imported: Users will receive invitations to join Hideez Identity Cloud and access services via SSO.

Steps to Integrate Hideez Identity Cloud with Microsoft Entra ID

1. Navigate to Integration

• Go to Integration → Microsoft Entra ID in your Hideez Identity Cloud dashboard.

• Click Create a connection.

2. Register the App in Azure Portal

• Login to Azure portal.

• Navigate to Azure Active Directory → App registrations.

• Click New Registration.

3. Configure Application IDs

• Copy the Application (client) ID and Directory (tenant) ID from the app overview.

• Paste these into Domain Settings on Hideez Identity Cloud:

  • Tenant ID: Your Azure AD tenant ID.

  • Application ID: Your Azure AD application ID.

  • Sync Group Name: The name of the Azure AD group to import employees.

• Tenant ID: enter your Azure AD tenant ID.

• Application ID: enter your Azure AD application ID.

• Sync Group Name: enter the name of the group from which you would like to import employees.

4. Generate Client Secret

• In Azure portal, go to Certificates & secrets → New client secret.

• Copy the Client Secret from the Value column and paste it into the Client Secret field on Hideez Identity Cloud.

5. Assign API Permissions

• In Azure portal, go to API permissions → Add a permission → Microsoft Graph.

• Select Application permissions, scroll to Directory → Directory.Read.All, and assign it

Click Application permissions, then scroll down and select the Directory → Directory.Read.All permission.

6. Behavior When Removing a User from the Synchronization Group

• Keep – The user will remain on the Hideez server after being removed from the synchronization group in Active Directory. They will still be able to use SSO login for web services and unlock their PC.

• Deactivate – The user will be deactivated on the Hideez server but not deleted after being removed from the synchronization group in Active Directory. In this state, they will not be able to use SSO login for web services but will still be able to unlock their PC. To reactivate the user, the administrator must manually activate them in the system.

• Delete – The user will be completely removed from the Hideez server after being removed from the synchronization group in Active Directory. They will lose access to SSO login for web services and the ability to unlock their PC. To restore these disabled functionalities, the tenant administrator can take one of the following actions:

  • Add them to the synchronization group in Active Directory and perform synchronization.

  • Manually add the user.

  • Wait for automatic synchronization (once per hour, the Hideez server automatically synchronizes with Active Directory, imports users from the synchronization group, and updates their data).

7. Complete the Setup

• Click Create in Hideez Identity Cloud to finalize the integration.

Syncing Employees

• Employees are synced from Azure AD to Hideez Identity Cloud every hour or after clicking the Sync Now button.

You can view, update, or delete the Microsoft Entra ID integration anytime through the Hideez Identity Cloud dashboard.