Active Directory

Overview

This guide explains how to configure passwordless login to a Windows workstation joined to an Active Directory (AD) domain using Microsoft Virtual Smart Card technology in combination with the Hideez IdentityCloud and the Hideez Authenticator mobile app. With this setup, users can log in to their domain accounts without entering a password.

Note: The user's domain account password remains unchanged and can be used alongside the Virtual Smart Card.

Use Case

  1. The user scans a QR code on the lock screen of the workstation using the Hideez Authenticator mobile app.

  2. The user authenticates in the app using biometrics or a PIN.

  3. The user selects their account.

  4. The workstation is unlocked — no password input required.

Hint: If there is no internet connection, the user can use offline access codes stored in the app. Detailed instructions are available in the Hideez Authenticator User Guide for Android or Hideez Authenticator User Guide for IOS.

Prerequisites

To configure passwordless login, you will need:

How It Works

  1. A virtual smart card is created on the workstation using the TPM module.

  2. Smart card credentials are generated and securely transferred to the user's smartphone.

  3. At the login screen, the user scans a QR code.

  4. The smartphone sends the smart card credentials to the PC through a secure channel.

  5. The workstation is unlocked without the user entering a password.

Setup Instructions

To set up the environment for passwordless workstation logon, you need to configure both the Active Directory Certification Authority and the Hideez Identity Cloud server. For detailed instructions, please refer to the links below:

1. Set up the Active Directory Certification Authority

2. Configure passwordless logon settings in Hideez Identity Cloud

Last updated