Microsoft AD Integration
This article describes how you can manage your learners through integration with your company’s Microsoft Active Directory or Azure server. Syncing your learners with Microsoft Active Directory or Azure is a simple three-step process. You can configure your settings to sync all your company contacts in your Active Directory or you can create a designated group in your Active Directory and only sync the contacts that will participate in Security Awareness training.
Step 1: Register Graph API Application
First, you need to create a valid Microsoft Graph API application — you will enter these credentials into the Security Awareness Platform in Step 2.
Follow these steps to create a valid Microsoft Graph API application:
1. Sign in to your Azure Portal
- If your account gives you access to more than one tenant, select your account in the top right corner, and set your portal session to the Azure AD tenant that you want.
3. In the left-hand navigation pane, select the Azure Active Directory service, and then select App registrations > New registration.
4. When the Register an application page appears, give your application a Security Awareness related name, for example, "Security Awareness Integration".
5. When finished, select Register.
6. Temporarily copy the following keys to a text file, as you'll be entering these values into our Platform later.
- Application (client) ID
- Directory (tenant) ID
7. Select Certificates & secrets then "Add a client secret", choose an expiration time, and finally select "Add".
Note: you will need to renew this secret when it expires to maintain a connection with the Security Awareness Platform.
8. Temporarily copy the newly created client Secret Value into the text file from step 6, as you will need to input it into our Platform later.
9. Select API Permissions then "Add a permission". Choose "Microsoft Graph > Application permissions", select "Directory > Directory.Read.All", then select "Add Permissions". This is the only permission our Platform needs access to.
10. Finally, select API Permissions, then select "Grant admin consent for..."
Step 2: Configure in the Security Awareness Platform
Next, you need to add these credentials from Step 1 into the User Sync section on the Platform.
Follow these steps to add your copied data from Step 1 into our Platform:
1. To get started navigate to the 'Users' section, click the 'Add Users' button in the top right corner and select 'Sync Users'.
2. You will be taken to the 'Settings' > 'User Sync' section. Click the 'Setup Microsoft' option.
3. Select your sync Schedule Type (when do you want syncing to take place):
- Manual: Not scheduled, instead sync on demand.
- Daily: Choose the time that syncing will automatically occur daily.
- Weekly: Choose the day and time for weekly syncing.
4. Paste the Application (client) ID from the temporary text file you created into the "Application ID" field.
5. Paste the Directory (tenant) ID from the temporary text file you created into the "Tenant ID" field.
6. Paste the Client Secret from the temporary text file you created into the "Client Secret" field.
7. Click 'Save' to progress to the Sync Summary and Review step.
Active Directory Group Sync (Optional)
Sometimes it can be helpful to only sync certain users from Active Directory with our Platform.
Follow these steps to do this using the Active Directory “Groups” feature:
1. In the left-hand navigation pane, select the Azure Active Directory service, and then select Groups > New group.
2. Choose "Security" as the group type and give it a name/description. For example, "Security Training".
3. Click on the newly created group's name then click "Members", from here you can add any users you want to the group.
4. Next copy the Group's Object Id. You can find this ID by clicking on "Properties" and looking for the "Object Id" field.
5. Lastly, paste that ID into the "Group ID" field of the sync configuration in the Platform. Now only users who are inside this Active Directory Security group will be synced with the Security Awareness Platform.
6. Click 'Save' to progress to the Sync Summary and Review step.
Step 3: Sync Summary & Sync Review
1. Once on the Config Summary page, double check your Sync config settings are correct.
2. Select the 'Test Connection' button to confirm settings are correct. A confirmation message will appear if the connection is successful.
3. Select the 'Preview Sync' button.
4. The Preview Sync dashboard will give you a preview to what actions will take place on the Security Awareness Platform once the User Sync is activated. Users will be allocated one of four status's:
- New Learners: Learners that don't currently exist on the Platform but appear in your Active Directory. They will be imported into the Platform when the next sync runs.
- Deleted Learners: Learners that currently exist on the Platform but don't appear in your Active Directory. They will be removed from the Platform when the next sync runs.
- Existing Learners: Learners that currently exist on the Platform AND in your Active Directory. They will remain unchanged on the Platform when the next sync runs.
- Manager: The designated company Manager will remain unchanged by User Sync.
5. Select the 'Run User Sync' button in the top right corner. This will manually run your first sync, and it will activate any scheduled syncing to occur in future.