Description


On-Premise Active Directory Synchronization feature allows you to manage users inside the MPaware portal with ease. Add, Modify, or Deactivate users as soon as they’re in your client’s system so they can get up to speed on cybersecurity.


Requirements


Admin Access to MPaware Portal and On Prem Server.


The Process


1. Open the Active Directory Users and Computers application

2. Under the “Users and Orgs” folder, right-click the “Groups” folder and click New  Group to create the 

BSN-Employees group with the following parameters:

*Note. Include all users in Employee group as this will create the accounts in the MPaware portal and provide the login credentials. Add users that should have standard employee access to the MPaware Portal


Group Type: Security
Group Name: BSN-Employees

Defines the users that will be enrolled in the portal as standard employees under that client.


Optional Groups:

BSN-Managers

Defines users in the manager role, supersedes BSN-Employees.
(Managers get access to reporting and employee data inside the MPaware Portal)


BSN-ManagerAdmins

Add the BSN-ManagerAdmins group to give select managers the ability to manage phishing campaigns as well as the bulk manage user functionality. Standard manager accounts do NOT have this functionality. 

 


Note: When entering the above security groups, DO NOT include any spaces before, after, or within the string. 


3. Optional - If you wish to create Tag Groups. 

Tags are used for creating specific groups, typically to separate users by department, to create groups you’d like to send specific phishing emails to, or to simplify tracking in the portal.


Follow Steps above to create a new group, but ensure the Group Name is: BSN-TAG-<tagname

For example: BSN-TAG-Executive TeamBSN-TAG-Accounts, etc. 

 


MPaware Portal - With Global Admin Credentials:

4. Log in to the MPaware Portal


5. Select the ”Manage Clients” app and select the customer account you are setting up OnPrem AD sync on.


6. Select the ”Directory Sync” tab. 


7. Under the Sync Type, select ”On Premise Active Directory” from the Sync Type dropdown.


8. Enable the sync.


9. Copy the ”Agent Client ID” and paste it somewhere for reference (i.e. Notepad).


10. Note your selection for ”use as portal login” (email or UPN).


11. Select the ”Save” button on the right. 

Note: If you do not save, the Client ID will not be held, which prevents the OnPrem agent from connecting. 


12.  Once saved, we recommend configuring your Welcome Message options.

Send Welcome Messages =  will send the welcome message to newly added employees during the sync. 

Use Custom Message = will enable welcome messages to be customized. Without this option checked, the standard messages will be sent based off the Global Messages in the Partner Profile.

Clicking Welcome Message” or Welcome Back Message” = will allow you to adjust the default message 


Note: 

Welcome Message: Email sent to new users added to the platform
Welcome Back Message: Email sent to reactivated users 


Downloading the On-Premise Directory Sync Agent 

13. Click the link “Click here to download Directory Sync Agent” to download the OnPrem AD sync installation file.

14. Run the installation file.

15. Paste the Client ID into the AD agent install window.

16. Select ”Install Now”


Note: OnPrem Agent can only be installed on Windows Server 2016 or higher. 

Note: When adding a new user to the groups:

a. Make sure the email field is filled out for users under properties (automatically applied if connected to exchange server.)
b. Add to a BSN security group 

Note: The sync frequency is every 2 hours, but to sync right away, you need to start and stop the service. 


17.Navigate to the ”Server Manager.”

28. Select ”Tools” on the top right.

19. Select ”Services.”

20. Locate ”BSN ADSync

21. Right-click on the application and select ”Stop” and then right-click and select ”Start.”

22. Refresh the MPaware portal and the user will be on the user list


Notes: 

  • If the user is deleted in PII-Protect, and not deleted on the agent, they will be readded.
  • If the user is added in the PII-Protect portal with an email that is not on the directory, they will not be impacted and can be managed in the portal.
  • If a user with the same email address is added in MPaware portal, it will link the two accounts and merge them. 
    No duplicate will be created.
  • It is recommended to preform all directory management from the agent side.