User Synchronisation : Microsoft Entra ID API

Joane Bonghanoy
Updated

User synchronisation via API connects your Microsoft Entra ID to your Phriendly Phishing account. When an individual is configured in your AD, they will be automatically synchronised as a new Learner in your Phriendly Phishing account. Synchronising your Microsoft Entra ID security groups to Phriendly Phishing automates the process of adding or removing users into Phriendly Phishing platform.

  Requirements

  1. It is required to have a Microsoft Entra tenant. You will also be required to have a security group within your tenant that lists all users in your Organisation that you would like to be added into Phriendly Phishing.
  2. The Microsoft Entra ID Service Account that is used in Phriendly Phishing platform should be assigned at least the Application Administrator role within your Microsoft Entra ID environment. 
  3. Disabled Accounts or Profile in Microsoft Entra ID will be out of scope and will not sync to Phriendly Phishing. 
  4. Users in a nested Security Group will not sync to Phriendly Phishing 

  5. There is a required change that needs to be done by Phriendly Phishing. Please contact Support and mention that you want to synchronise Learners via API. If this is not done, you will encounter below error message.

    APIConnector.png

1. How to Create a New Enterprise Application in Microsoft Entra ID

  1. Sign into Microsoft Azure and select Enterprise applications.

  2. Select New application then Create your own application.AdminAPI2.png

  3. Enter a name for your application and follow per screenshot belowadminapi3.png

2. How to Assign Groups to the created Enterprise Application

  1. In the Overview page of the application, select Users and Groups > Add User / Gro. adminapi4.png

  2. Select User and Groups and search the group/s you want to assign.

  3. Select adminapi6.png

3. How to Configure Learner Synchronisation in Phriendly Phishing

  1. Log in to Phriendly Phishing. Go to Settingsadminapi7.png and follow through per the screenshot belowAPILearner.png

  2. Click Log In to Azure button. One logged in select the desired frequency of user synching.

       You need to be assigned as a minimum requirement the Application Administrator role within your Microsoft Entra ID environment.

     

      APILearner3.png

  3. If it is your first time connecting, you will be redirected to the Microsoft login page. Choose the account that you would like to use to log in. Phriendly Phishing requires permissions to be able to sync your users successfully, please read and Accept permissions.
    APILearner2.png

  4. Add the Security Group name/s that you previously assigned in the application and select Save Settings. APILearner4.png 
     

     Warning

    1. If the group name entered in the Phriendly Phishing platform is not an exact match to that in your AD, sync won't be successful.
    2. Users from nested groups won't be recognised. These users in nested groups needs to be specified in the configuration.
    3. The Security Group Name is visible as a Segment under Learners section in the platform.

  5. Select the required attributes by dragging the attributes to the dashed-line boxes. Scroll down to the Search field and tick any additional attributes that you would like to import into Phriendly Phishing. It is recommended that you Set Unique identifier as ID. Click Save Settings once done. Note: Custom attributes cannot be synced to the Phriendly Phishing portal. APILearner5.png

  6. Do a Trigger Sync and refresh the page. A notification will appear in the bell icon once the process is finished. APILearner6.png

  7. Click to proceed takes you to below screenshot to enable the Synchronisation button. APILearner7.png

     

    Information

    • If you have pre-existing users within the platform, it is recommended that you carefully Review the Data
    • If you are notified the process is finished and the option to enable it is still greyed out, the most common issue would be the user group specified in the configuration. Please confirm the group name is correct.

Where to review the User Synchronisation data

  1. Under Azure Synchronisation scroll down to the Preview Sample learners list.APILearner8.png

  2. The Raw data CSV file shows each Learner's email address, first name, last name, and if their email address listed is valid. It also shows the total number of Learners.

  3. The Preview processed data CSV file again shows each Learner's email address, first name, last name, and whether the Learner was Added, Updated, Removed, or/and email is Invalid.

  4. If a high volume of learners will be removed, the User Synchronisation is automatically disabled. You will see below message under Notifications.APILearner9.png

What are the required steps to switch from Email Address to ID as the Unique Identifier

  1. Disable the User Synchronisation > Learner Synchronisation button

  2. Switch the mapping value from Email to Unique Identifier and Save Settings

  3. Click Trigger Sync button (via button or by pushing new data from ADFS script)

  4. Preview processed data and if learners are being erroneously removed, contact Support to remediate. 

Congratulations! You have successfully synched your Learners into Phriendly Phishing platform straight from your Microsoft Entra ID via API method .

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.