Fortinet black logo

Administration Guide

Home FortiPhish 23.2.0 Administration Guide
23.2.0
24.1.0
23.4.0
23.3.0
23.2.a
23.2.0
23.1.a

Azure AD Server

Azure AD Server

Connect FortiPhish to your organization's Azure AD tenant to import users and groups to create new recipients.

Configuring Azure AD for FortiPhish

Generate a Application ID and Secret in Azure AD to allow access for FortiPhish service.

To generate a Application ID and Secret in Azure AD:
  1. In Azure or O365 portal, switch to Azure Active Directory page.
  2. Create a new application that can be associated with FortiPhish. In azure portal:
    1. Go to App Registrations > New Registration.
      1. Provide a name for App. Ex. FortiPhish-AD-Proxy.
      2. Select the tenant.
      3. Leave Redirect URI blank.
    2. Record the Application ID and Tenant ID.
  3. Create an Access key.
    1. Under App Registrations select the created application.
    2. Go to Certificates & Secrets > New Client Secret.
    3. Record the Client Secret (named value in the GUI).
  4. Provide permissions to Graph API.
    1. Under App Registrations select the created application.
    2. Go to API Permissions > Add permission.
    3. Select Microsoft Graph” and then Application Permissions.
    4. Provide Permissions to the list of users and groups such as Directory ReadAll and Group ReadAll.
      Note

      After permissions are added, you should grant them using Grant admin consent to xxx in permission overview page.

Adding an Azure AD server

To add an Azure AD server:

  1. Go to Recipients > Azure AD and click Add Client+. The Azure AD-Create page opens.

  2. Configure the Azure AD server settings.

    1. Enter a Name for Azure AD.

    2. - Enter the Tenant ID, Application AD, and Client Secret information gathered during Configuring Azure AD for FortiPhish.

    3. Select Sync Users to import only the users or select Sync Users and Groups to import both users and groups from Azure AD.

  3. To test the connectivity, click Test Connectivity.

  4. Click Submit. A confirmation message is displayed.

Note

Groups imported from Azure AD are automatically added under Recipients > Group List. If only users are imported, they must be added to a group manually. See Creating Azure AD user groups.

Syncing the Azure AD server

You can sync the Azure AD server when members join or leave your organization.

To sync the server:
  1. In FortiPhish, go to Recipients > Azure AD .
  2. (Optional) In the Sync Status column, hover over the status column to view the latest sync date and time. If Sync Users and Groups option is selected while adding Azure AD, number of users and groups fetched is displayed else if Sync Users is selected, only the number of users fetched is displayed.

  3. In the Action column, click the sync button. During the sync process, clicking the sync button will display the number of users or users and groups fetched information.
  4. When the sync is complete, a confirmation message is displayed. Once the sync process is completed, if you click the sync button, sync process will start again.

Deleting an Azure AD server

To delete an Azure AD server:

  1. Go to Recipients > Azure AD Server.

  2. In the Actions column of the desired Azure AD client click the delete button. A confirmation window is displayed.

  3. Click Yes.

Note

When an Azure AD client is deleted, the associated groups that have been imported will also be deleted, along with the client details.
Previous
Next

Azure AD Server

Connect FortiPhish to your organization's Azure AD tenant to import users and groups to create new recipients.

Configuring Azure AD for FortiPhish

Generate a Application ID and Secret in Azure AD to allow access for FortiPhish service.

To generate a Application ID and Secret in Azure AD:
  1. In Azure or O365 portal, switch to Azure Active Directory page.
  2. Create a new application that can be associated with FortiPhish. In azure portal:
    1. Go to App Registrations > New Registration.
      1. Provide a name for App. Ex. FortiPhish-AD-Proxy.
      2. Select the tenant.
      3. Leave Redirect URI blank.
    2. Record the Application ID and Tenant ID.
  3. Create an Access key.
    1. Under App Registrations select the created application.
    2. Go to Certificates & Secrets > New Client Secret.
    3. Record the Client Secret (named value in the GUI).
  4. Provide permissions to Graph API.
    1. Under App Registrations select the created application.
    2. Go to API Permissions > Add permission.
    3. Select Microsoft Graph” and then Application Permissions.
    4. Provide Permissions to the list of users and groups such as Directory ReadAll and Group ReadAll.
      Note

      After permissions are added, you should grant them using Grant admin consent to xxx in permission overview page.

Adding an Azure AD server

To add an Azure AD server:

  1. Go to Recipients > Azure AD and click Add Client+. The Azure AD-Create page opens.

  2. Configure the Azure AD server settings.

    1. Enter a Name for Azure AD.

    2. - Enter the Tenant ID, Application AD, and Client Secret information gathered during Configuring Azure AD for FortiPhish.

    3. Select Sync Users to import only the users or select Sync Users and Groups to import both users and groups from Azure AD.

  3. To test the connectivity, click Test Connectivity.

  4. Click Submit. A confirmation message is displayed.

Note

Groups imported from Azure AD are automatically added under Recipients > Group List. If only users are imported, they must be added to a group manually. See Creating Azure AD user groups.

Syncing the Azure AD server

You can sync the Azure AD server when members join or leave your organization.

To sync the server:
  1. In FortiPhish, go to Recipients > Azure AD .
  2. (Optional) In the Sync Status column, hover over the status column to view the latest sync date and time. If Sync Users and Groups option is selected while adding Azure AD, number of users and groups fetched is displayed else if Sync Users is selected, only the number of users fetched is displayed.

  3. In the Action column, click the sync button. During the sync process, clicking the sync button will display the number of users or users and groups fetched information.
  4. When the sync is complete, a confirmation message is displayed. Once the sync process is completed, if you click the sync button, sync process will start again.

Deleting an Azure AD server

To delete an Azure AD server:

  1. Go to Recipients > Azure AD Server.

  2. In the Actions column of the desired Azure AD client click the delete button. A confirmation window is displayed.

  3. Click Yes.

Note

When an Azure AD client is deleted, the associated groups that have been imported will also be deleted, along with the client details.
Previous
Next