Hideez Identity Cloud
  • Getting Started Guide
    • Key features of Hideez Identity Cloud
    • Quick Start Guide
      • The Hideez Desktop Client
      • Hideez Authenticator App
    • Tennant manegement
      • User Management
        • Passkey
        • Hideez Authenticator App
        • FIDO Security Key
        • Platform Authentication via Windows Hello
        • Password+OTP
      • Workstation management
  • PC Authorization
    • Passwordless Authorization
      • Active Directory
        • Setting Up the Active Directory Certification Authority
        • Setting Up Workstation Passwordless Logon Settings on Hideez Identity Cloud
      • Microsoft Entra ID
    • Password-based Authorization
  • INTEGRATIONS
    • SAML 2.0
      • GitHub Enterprise
      • Google Workspace
      • Okta
    • OIDC (OpenID Connect)
      • Services that support OIDC and their configuration as Client
    • WS-Federation
      • Login to Exchange Outlook Web Application and Exchange Admin Center via Hideez Identity Cloud
    • Active Directory On-Premises
      • Connect Active Directory to Hideez Identity Cloud
      • ADFS integration
        • Login to Microsoft Exchange OWA Using AD FS and Hideez Identity Cloud as a Third-Party IdP
    • Microsoft Entra ID
      • Synchronization and import employees from Microsoft Entra ID to Hideez Identity Cloud
      • Configuration of Hideez Cloud as an External Authentication Method for Microsoft Entra ID via OIDC
    • Chrome OS
  • USE CASES
    • Passkey Login
    • Hideez Authenticator App login
    • FIDO Security Key login
    • Platform login via Windows Hello
    • Password+TOTP login
  • SUPPORT
    • Get Support
    • FAQ
      • What to do if a user loses their key/device and cannot access the site?
      • Can a custom domain name be created for the tenant instead of the default one?
      • Why am I already logged in Hideez, and no authorization occurs when I access my web application?
      • How long does an open authorization session last?
      • How to log out of the web application?
      • Can I administer multiple tenants simultaneously?
      • Can there be multiple administrators for the Hideez Identity Cloud?
    • Glossary
  • Hideez Documentation Portal
Powered by GitBook
On this page
  • Overview
  • Use Case
  • Prerequisites
  • How It Works
  • Setup Instructions
  • 1. Set up the Active Directory Certification Authority
  • 2. Configure passwordless logon settings in Hideez Identity Cloud
  1. PC Authorization
  2. Passwordless Authorization

Active Directory

Last updated 1 month ago

Overview

This guide explains how to configure passwordless login to a Windows workstation joined to an Active Directory (AD) domain using Microsoft Virtual Smart Card technology in combination with the Hideez IdentityCloud and the Hideez Authenticator mobile app. With this setup, users can log in to their domain accounts without entering a password. The domain password is updated automatically and does not need to be changed manually.

Use Case

  1. The user scans a QR code on the lock screen of the workstation using the Hideez Authenticator mobile app.

  2. The user authenticates in the app using biometrics or a PIN.

  3. The user selects their account.

  4. The workstation is unlocked — no password input required.

In case of no internet connection, the user can use offline access codes stored in the app.

Prerequisites

To configure passwordless login, you will need:

  • Admin account in Hideez Identity Cloud.

  • Admin or user account in Active Directory.

  • .

  • .

  • .

  • .

  • .

  • Workstation Requirements:

    • Windows 10 or 11

    • TPM 2.0 is supported and enabled

    • The device is joined to the on-premises Active Directory domain

How It Works

  1. A virtual smart card is created on the workstation using the TPM module.

  2. Smart card credentials are generated and securely transferred to the user's smartphone.

  3. At the login screen, the user scans a QR code.

  4. The smartphone sends the smart card credentials to the PC through a secure channel.

  5. The workstation is unlocked without the user entering a password.

Setup Instructions

To set up the environment for passwordless workstation logon, you need to configure both the Active Directory Certification Authority and the Hideez Identity Cloud server. For detailed instructions, please refer to the links below:

Configured Active Directory Certification Authority (CA).
The Active Directory domain is connected to Hideez Identity Cloud
Passwordless login for workstations enabled and configured.
User registered in Hideez Identity Cloud
Hideez Authenticator mobile app enrolled in the user’s profile on the server
The Hideez Desktop Client is installed on the workstation
The workstation is approved in the Hideez Server
1. Set up the Active Directory Certification Authority
2. Configure passwordless logon settings in Hideez Identity Cloud