Getting Started

This article describes what you need to do to get started with Hydden.Control. All initial steps are described on this page.

• Prerequisites - Ensure the Prerequisites below are met.
• Initial setup steps:
  • Creating your organization
  • Logging in for the first time.
• Preparing the first data sync:
  • Create your Integration with your Hydden.Discovery tenant.
  • Run your Data Sync.

Prerequisites

Data Sources/Collectors

To use Hydden.Control, customers must have a Hydden.Discovery Platform tenant with configured data sources for an access review.

Creating Your Organization

When you first access Hydden.Control, you can either sign in to an existing organization or create a new one. The user creating the tenant for an organization, will automatically be the tenant administrator. This role can be reassigned after the inital setup, once other users are onboarded.

Creating a New Tenant

1. On the sign-in page, click Create a New Tenant.
2. Enter a Tenant Name for your organization, for example, DemoCorp.AccessReview.
3. Select your Authentication Method:

Option 1: Microsoft (Quick Setup)

Select this option if you want to use Microsoft Entra ID (Azure AD) for authentication without managing your own app registration.

• No additional credentials required - Hydden manages the OAuth configuration
• Your users will sign in with their Microsoft accounts
• Simply select Microsoft and proceed to test the connection

Option 2: Custom Provider

Select this option if you need to use your own identity provider configuration. Supported providers include:

Provider	Required Fields
Microsoft (your own app)	Azure AD Tenant ID, Client ID, Client Secret
Google	Client ID, Client Secret
Okta	Okta Domain, Client ID, Client Secret
Other OIDC Provider	Issuer URL, Client ID, Client Secret

1. Select Custom as the authentication method.
2. Choose your Provider Type from the dropdown.
3. Enter the required credentials for your chosen provider.

Completing Tenant Creation

1. Optionally enter Allowed Email Domains to restrict which email domains can sign in to your tenant. Leave empty to allow all domains.
2. Click Test Connection to verify your authentication configuration. A popup window will open for you to authenticate with your identity provider.
3. After successful authentication, review the user details retrieved from your OAuth provider.
4. Click Create Tenant to finalize your organization setup.

You will be automatically redirected to sign in to your new tenant.

Logging In

1. On the sign-in page, enter your business email address.
2. If your email is associated with a single tenant, you will be redirected to your identity provider.
3. If your email is associated with multiple tenants, select the tenant you want to access from the tenant picker.
4. Complete authentication with your identity provider and you will be signed in to Hydden.Control.

First-Time Users

If you sign in to a tenant where you don't have an assigned role, other than the default user role, you'll see a Request Platform Access modal. Use this to request a role assignment (Admin, Reviewer, or Auditor). See Requesting Access for more details.

Setting Up Your Hydden Integration

After signing in, configure the integration to connect Hydden.Control with your Hydden platform.

Creating an API Token

To establish an integration between the Hydden platform and Control, you need to create an API Token in the Hydden Discovery platform for the data sync authentication.

1. In your Hydden platform tenant, navigate to Configuration | Access and select the API Tokens tab.
2. Click + Add API Token.
3. On the Add API Token modal, enter:
   • A Name for your token, for example MyOrg.AccessReview.
   • Click the generate secret button.
   • Modify the default expiration date based on your organization's policy.
4. Click Add.
5. Copy the generated Client ID and Client Secret values - you will need these when configuring the integration.

Configuring the Integration

1. Navigate to Settings.
2. On the Integration tab, configure the following:

Field	Description
Hydden URL	The base URL for your Hydden platform instance (e.g., https://hydden.example.com)
Client ID	The Client ID from your API Token created in the prerequisites
Client Secret	The Client Secret from your API Token
Target Platform	Select Hydden Discovery Platform. The Hydden Observability Platform option has limited access for now.

3. Click Save Changes.

Data Sync

After configuring the integration, synchronize your data:

1. Navigate to Settings | Data Sync tab.
2. Click Sync All Data to start the initial data synchronization.

The sync process pulls the following data from your Hydden platform:

• Accounts
• Owners
• Groups
• Roles
• Applications

To monitor sync progress, check the Job History tab. After a successful synchronization, you can view your data under the respective sections in the navigation.