Admin Synchronisation : Active Directory (AD)

Joane Bonghanoy
Updated

Admin Synchronisation via Active Directory connects your AD to your Phriendly Phishing account for company administrative requirements requiring access to the platform. When an administrator is configured in your AD, they will automatically synchronise as an Admin in your Phriendly Phishing account. When an administrator is removed, they will also be removed from your Phriendly Phishing account on the next scheduled sync.

  Requirement:

To create an AD application you must have an Administrator access to your company's Active Directory instance. 

1. Create an AD group

  1. Within Active Directory please create a security group named Phriendly Phishing Admins (Or your preferred naming convention).
  2. Add all members to the newly created AD group that you would like to provide Admin access to the Phriendly Phishing platform.

2. Install your AD Synchronise Script

  1.  Log in to Phriendly Phishing. Go to Settings adminapi7.png and follow through per screenshot below. AD Admin.png
  2. From an AD connected machine, run PowerShell in Administrator mode.
  3. Navigate to the directory that the SSO Synchronise Script was downloaded to and use the CD command. Back in PowerShell type without quotations ‘.\’ then paste in the file name followed by ‘.ps1’ and hit enter.
  4. PowerShell will ask you to enter the Authentication Token. 
  5. Copy the Authentication Token to the clipboard and input that into PowerShell. Hit enter.
  6. You will now see a Sync Successful message. mceclip7.png
  7. Go back to Phriendly Phishing platform, refresh the page and you will see a red notification on the bell icon. Click the bell and then ‘Click to proceed’. mceclip8.png

3. Configure in Phriendly Phishing

  1. Navigate back to Phriendly Phishing platform, click adminapi7.png and follow through per screenshot below. 
  2. Enable the Admin Synchronisation button. AD Admin2.png

4. Configure the Task Scheduler

  1. Select Action > Create Task. 
    mceclip29.png
  2. Once Task has been created, under General tab, fill out fields per below screenshot. 
    mceclip30.png
  3. Under Triggers tab.
    mceclip31.png
  4. For the new Trigger, the Recommendation is setting the sync weekly at a minimum. 
    mceclip32.png
  5. Under Actions tab, click New
    mceclip33.png
  6. Once created, fill out per below for Program/script. 
    mceclip34.png
  7. Select Add arguments, fill out -ExecutionPolicy Bypass C:\<path of script location>\ph2_get_ad_users.ps1 -token <your unique id obtained in the platform. 
    mceclip35.png
  8. Click OK.
    mceclip36.png

 Warning

  1. There should be no spaces in the file path as it will cause issues with Powershell's ability to parse the arguments provided in the scheduled task.
  2. For Example : If the script is located at C:\Phriendly Phishing\get_ad_users.ps1, you will either need to do any of below bullet points:
    • Update the path to remove any space characters (i.e. C:\PhriendlyPhishing\get_ad_users.ps1)
    • Ensure the path to the script is encapsulated in quotes in the scheduled task arguments (-ExecutionPolicy Bypass "C:\Phriendly Phishing\get_ad_users.ps1" -token <token_goes_here>)

Congratulations! You have successfully configured synching your Admins straight from your Active Directory.

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.