Azure API Active Directory (AD) User synchronisation enables you to connect your Azure Active Directory to your Phriendly Phishing account. When an individual is configured in your AD then they will automatically synchronise this new staff member in your Phriendly Phishing account. This document describes how to synchronise Azure AD security groups to Phriendly Phishing. This will automate the process of adding or removing users into the portal.
Note: It is required to have an Azure Active Directory tenant. You will also be required to have a security group within Azure AD that contains all users that you would like to participate in Phriendly Phishing.
A change is required to be made by Phriendly Phishing before starting this process. Please email support@phriendlyphishing.com to inform us you would like to use Azure API AD Synchronisation.
If this is not done, you will receive the below error when logging in at step 5.
This article discusses below questions:
- How to Configure your Azure API AD User Synchronisation
- Where to review the User Synchronisation data
- What are the required steps to switch from Email to ID as the Unique Identifier (applicable for existing API set-up)
How to Configure your Azure API AD User Synchronisation
1. Log into your Phriendly Phishing account and click the settings cog icon located at the top right-hand side of the portal.
2. Select User Synchronisation > Learner Synchronisation
3. Click Azure API radio button and Azure Synchronisation to expand the configuration options.
4. Click the Log in to Azure button and choose preferred Synch timing.
Note: The minimum requirement for this account is to be assigned the Application Administrator role within your Azure environment.
5. You will be redirected to the Microsoft login page, please choose the account that you would like to use to log in. Phriendly Phishing requires permissions to be able to sync your users successfully, please read and Accept permissions.
6. Enter the name of the Azure AD security group that you would like to sync to Phriendly Phishing platform. It is possible to add multiple groups.
Important Things to Note:
- It is crucial to have the correct name of the group for the sync to work, if the group isn't being identified there could be a ' ' (space) at the end of a group name.
- Users from nested groups are not recognised. Users in nested groups needs to specified in the configuration.
- The AD security group name will be shown as a Segment under the Learners page.
7. Select the required attributes by dragging the attributes to the dashed-line boxes. Scroll down to the Search field and tick any additional attributes that you would like to import into Phriendly Phishing. Ensure you click Save Settings once done.
Note: Custom attributes cannot be synced to the Phriendly Phishing portal
8. We recommend using ID (Unique identifier) as it will update users if their email address changes. For existing customers keen on switching from Email to ID, refer to What are the required steps to switch from Email to ID as the Unique Identifier section of this article.
9. Once you have saved your configuration, do a Trigger Sync. Refresh the page and you will be notified that the process is finished by the bell icon in the top right.
10. Once completed please set Azure Synchronisation to Enabled.
Notes:
- If you have pre-existing users within the platform, it is recommended that you carefully Review the Data
- If you are notified the process is finished and the option to enable it is still greyed out, the most common issue would be the user group specified in the configuration. Please confirm the group name is correct.
11. Read the warning prompt message and Click OK when you are ready to proceed and click Finish.
Where to review the User Synchronisation data
1. Under Azure Synchronisation scroll down to the Preview Sample List.
2. Download the pending synchronisation data in CSV format.
3. The Raw data CSV file shows each Learner's email address, first name, last name, and if their email address listed is valid. It also shows the total number of Learners.
4. The Preview processed data CSV file again shows each Learner's email address, first name, last name, and whether the Learner was Added, Updated, Removed, or/and email is Invalid.
5. If a high volume of learners will be removed, the User Synchronisation is automatically disabled. Below message will also appear under Notifications.
What are the required steps to switch from Email Address to ID as the Unique Identifier
1. Disable the User Synchronisation > Learner Synchronisation button
2. Switch the mapping value from Email to Unique Identifier and Save Settings
3. Click Trigger Sync button (via button or by pushing new data from ADFS script)
4. Preview processed data and if learners are being erroneously removed, contact support to remediate.
Explore Phriendly Phishing's award-winning course catalogue here!
Comments
0 comments
Please sign in to leave a comment.