LogoLogo
  • Knowledge Base
  • Admin Portal
    • Getting Started
    • Dashboard
    • Reports
      • Group Reports Guide
      • Recipient Reports Guide
      • Risk Score Reports Guide
      • Training Reports Guide
      • Phish Prone Reports Guide
      • Phishing Reports
    • Email Campaigns
    • Training Campaigns
      • Creating Training Campaigns
      • Editing Training Campaigns
    • USB Campaigns
    • Recipients
      • Creating Recipients
      • Editing Recipients
    • Groups
      • Smart/Normal Groups
      • Smart Groups
      • Normal Groups
    • Email Templates
      • Creating Email Templates
      • Editing Email Templates
    • Landing Pages
      • Creating Landing Pages
      • Editing Landing Pages
    • Course Catalogue
    • Course Editor
    • Login Info & Security
      • Login Details Guide
      • Two-Factor Authentication Guide
      • Support Access
      • Session Timeout
    • User Management
      • Active Users
        • Phishing Admin
        • Training Admin
        • View Only User
      • Archived Users
    • Organisation Settings
    • SMTP Profiles
    • Categories
    • Authorised Domains
    • Plugins
      • Microsoft 365 Phishing Reporter
    • Active Directory
    • Audit Logs
    • Brand Settings
    • Student Notifications
    • SSO (Single Sign-on)
  • User Portal
    • How to reset your password (For recipients)
    • User Portal
  • Tips and Tricks
    • How to change an administrator's password as an admin
    • How to change a recipient's password as an admin
    • How to reset your password (For administrators)
    • Whitelist IPs and Domains
    • Microsoft 365 Whitelist
    • Browser Support
Powered by GitBook
On this page
  1. Admin Portal

Active Directory

Last updated 8 months ago

Active Directory Guide

In this article, we illustrate how to properly set up the Active Directory functionality of the admin portal. Whether you utilise on-premises Active Directory or you are dependent in one from the cloud (Azure AD), by enabling this option, the CYBERAWARE SECURITY platform will retrieve and synchronise your groups and recipients accordingly.

Prerequisites (Only for Azure AD Domain Services):

Before you can integrate an Active Directory using Azure AD Domain Services, please make sure to visit and establish either of the following:

1. As a reference point, let's have a look at our and . Before synchronisation, they are both empty:

2. Navigate to Active Directory:

3. Go ahead and select the Enable AD Synchronisation option:

You should get the following output:

4. Click on the AD Sync installer.msi in order to download it. You'll later need to install it.

After the installation, this service tool will be used to synchronise both ends, our platform's client with your AD server.

5. When enabling the Active Directory Synchronisation, you will be deprived of the opportunity for manual creation of groups and recipients. To be able to once again have the ability to manually create groups and recipients, click on the indicated buttons shown below:

6. Before you Confirm, copy, and essentially store temporarily the provided configuration key; you'll be required to use it when setting up the config file for the sync service (we will discuss this further down the line).

7. On the confirmation prompt that pops up, select to Confirm or Cancel accordingly:

8. If you’ve confirmed the action, click OK to proceed:

9. As we can see, the Active Directory Synchronisation has been enabled!

10. Now, let's go ahead and open up the installer you've downloaded earlier in order to install the sync service.

You will be prompted with the Setup Wizard:

11. To continue, click on Next:

You will be met with the End-User License Agreement:

12. Accept the terms and select Next:

13. Choose the destination for your folder and click on Next to proceed accordingly:

14. Click on Install to finally install the machine:

15. Untick the box to avoid launching the AD Sync Manager as we are yet to set up the config file. Click Finish to close the window.

16. Finally, navigate to the directory/path you've chosen during the installation steps and open up the config file:

In this instance, we are using notepad to open it. As always, you may use any text editor you might prefer.

17. When the file opens up, you will come across the following configuration:

18. It is a must to edit and fill the following fields:

Please refer to the table below for more:

Attributes
Details

workspace_key

This is the configuration key we've previously stored when enabling the Active Directory Synchronisation.

[ldap] - host

If the organisation is using a local machine to run the Active Directory role, you should add its IP. Otherwise, if your Active Directory runs on top of Azure, you should add the external IP address (public) or the FQDN of the Active Directory Services. Use localhost if the tool is installed on the Domain Controller.

[ldap] - port

Could be port 389 or 636 for a local setup. For Azure AD, you can only use port 636.

[ldap] - user

For an on-premises configuration, this is the username of the profile you are using to administer Active Directory. If you are rather managing Azure Active Directory Services, you should leave this attribute blank.

[ldap] - pass

This is the password required to gain access to the admin role.

[ldap] - enable_tls

Assuming you are using port 636, for secure ldap (ldaps), the value of this attribute should be set to true, otherwise you should leave it as its default (false).

[ldap] - #bind_str

This attribute is a comment by default. It should only be uncommented if you are using Azure. It can take parameters such as the user managing the Azure AD, his/her group, and the domain.

[ldap.ad] - base_dn

Here, you should add the domain as a parameter. It should match the one you've added in the bind_str attribute.

19. It is recommended to edit the following fields as well, but they are optional:

You may essentially exclude groups which aren't needed, such as the group of enterprise admins, etc.

20. After saving the changes, go ahead and load the manager application that exists within the same folder:

The following window should then pop up:

21. Click on the Start service button to start the service:

22. The service is now Running as expected!

23. After some time, when the synchronisation is complete, we may distinguish that the changes have been applied. Groups and Recipients sections should now appear updated:

24. As always, you may disable the Active Directory Synchronisation feature from the button shown below:

25. On the prompt that will pop up, press on Disable or Cancel accordingly:

26. At the last confirmation, click OK to finalise.

Create and configure an Azure Active Directory Domain Services managed domain
Configure secure LDAP for an Azure Active Directory Domain Services managed domain
Groups
Recipients