User synchronisation via API connects your Microsoft Entra ID to your Phriendly Phishing account. When an individual is configured in your AD, they will be automatically synchronised as a new Learner in your Phriendly Phishing account. Synchronising your Microsoft Entra ID security groups to Phriendly Phishing automates the process of adding or removing users into Phriendly Phishing platform.
Requirements
- It is required to have a Microsoft Entra tenant. You will also be required to have a security group within your tenant that lists all users in your Organisation that you would like to be added into Phriendly Phishing.
- There is a required change that needs to be done by Phriendly Phishing. Please contact Support and mention that you want to synchronise Learners via API. If this is not done, you will encounter below error message.
This article takes you through the steps in synching your Users to the Phriendly Phishing platform:
-
- How to Create a New Enterprise Application in Microsoft Entra ID
- How to Assign Groups to the created Enterprise Application
- How to Configure Learner Synchronisation in Phriendly Phishing
- Where to review the User Synchronisation data
- What are the required steps to switch from Email to ID as the Unique Identifier (applicable for existing API set-up)
1. How to Create a New Enterprise Application in Microsoft Entra ID
a. Sign into Microsoft Azure and select Enterprise applications.
b. Select New application then Create your own application.
c. Enter a name for your application and follow per screenshot below
2. How to Assign Groups to the created Enterprise Application
a. In the Overview page of the application, select Users and Groups > Add User / Group.
b. Select User and Groups and search the group/s you want to assign.
c. Select
3. How to Configure Learner Synchronisation in Phriendly Phishing
a. Log in to Phriendly Phishing. Go to Settings and follow through per the screenshot below.
b. Click Log In to Azure button. One logged in select the desired frequency of user synching.
You need to be assigned as a minimum requirement the Application Administrator role within your Microsoft Entra ID environment
c. If it is your first time connecting, you will be redirected to the Microsoft login page. Choose the account that you would like to use to log in. Phriendly Phishing requires permissions to be able to sync your users successfully, please read and Accept permissions.
d. Add the Security Group name/s that you previously assigned in the application and select Save Settings.
Reminder
- If the group name entered in the Phriendly Phishing platform is not an exact match to that in your AD, sync won't be successful.
- Users from nested groups won't be recognised. These users in nested groups needs to be specified in the configuration.
- The AD Security Group Name is visible as a Segment under Learners section in the platform
e. Select the required attributes by dragging the attributes to the dashed-line boxes. Scroll down to the Search field and tick any additional attributes that you would like to import into Phriendly Phishing. It is recommended that you Set Unique identifier as ID. Click Save Settings once done.
Note: Custom attributes cannot be synced to the Phriendly Phishing portal
f. Do a Trigger Sync and refresh the page. A notification will appear in the bell icon once the process is finished.
g. Click to proceed takes you to below screenshot to enable the Synchronisation button.
Things to Note:
- If you have pre-existing users within the platform, it is recommended that you carefully Review the Data
- If you are notified the process is finished and the option to enable it is still greyed out, the most common issue would be the user group specified in the configuration. Please confirm the group name is correct.
Where to review the User Synchronisation data
a. Under Azure Synchronisation scroll down to the Preview Sample learners list.
b. The Raw data CSV file shows each Learner's email address, first name, last name, and if their email address listed is valid. It also shows the total number of Learners.
c. The Preview processed data CSV file again shows each Learner's email address, first name, last name, and whether the Learner was Added, Updated, Removed, or/and email is Invalid.
d. If a high volume of learners will be removed, the User Synchronisation is automatically disabled. You will see below message under Notifications.
What are the required steps to switch from Email Address to ID as the Unique Identifier
a. Disable the User Synchronisation > Learner Synchronisation button
b. Switch the mapping value from Email to Unique Identifier and Save Settings
c. Click Trigger Sync button (via button or by pushing new data from ADFS script)
d. Preview processed data and if learners are being erroneously removed, contact Support to remediate.
Comments
0 comments
Please sign in to leave a comment.