Fortinet black logo

Administration Guide

Home FortiPhish 23.4.0 Administration Guide
23.4.0
24.1.0
23.4.0
23.3.0
23.2.a
23.2.0
23.1.a

Azure AD Server

Azure AD Server

Connect FortiPhish to your organization's Azure AD tenant to import users and groups to create new recipients.

Configuring Azure AD for FortiPhish

Generate a Application ID and Secret in Azure AD to allow access for FortiPhish service.

To generate a Application ID and Secret in Azure AD:
  1. In Azure or O365 portal, switch to Azure Active Directory page.
  2. Create a new application that can be associated with FortiPhish. In azure portal:
    1. Go to App Registrations > New Registration.
      1. Provide a name for App. Ex. FortiPhish-AD-Proxy.
      2. Select the tenant.
      3. Leave Redirect URI blank.
    2. Record the Application ID and Tenant ID.
  3. Create an Access key.
    1. Under App Registrations select the created application.
    2. Go to Certificates & Secrets > New Client Secret.
    3. Record the Client Secret (named value in the GUI).
  4. Provide permissions to Graph API.
    1. Under App Registrations select the created application.
    2. Go to API Permissions > Add permission.
    3. Select Microsoft Graph” and then Application Permissions.
    4. Provide Permissions to the list of users and groups such as Directory ReadAll and Group ReadAll.
      Note

      After permissions are added, you should grant them using Grant admin consent to xxx in permission overview page.

Adding an Azure AD server

To add an Azure AD server:

  1. Go to Recipients > Azure AD and click Add Client+. The Azure AD-Create page opens.


  2. Configure the Azure AD server settings.

    1. Enter a Name for Azure AD.

    2. - Enter the Tenant ID, Application AD, and Client Secret information gathered during Configuring Azure AD for FortiPhish.

    3. Select Sync Users to import only the users or select Sync Users and Groups to import both users and groups from Azure AD.

    4. Set synchronization schedule to automatically sync users or users and groups.

      1. Select the frequency of the synchronization, Daily , Weekly, or Monthly. Select None to disable automatic syncing.

      2. Select the desired time zone from the drop down menu.

      3. Set the time of synchronization by selecting hours and minutes.

      4. If Weekly or Monthly is set as the frequency, select the days on which the synchronization must be performed. When configuring the synchronization frequency to Monthly, select 31 from At day drop down to schedule synchronization on the last day of each month.

        Note

        If both the Sync Schedule and Campaign Schedule which includes Azure AD users as recipients, are configured for the same time, the schedule that is executed first will delay the execution of the other until it is completed.

  3. To test the connectivity, click Test Connectivity.

  4. Click Submit. A confirmation message is displayed.

Note

  • Groups imported from Azure AD are automatically added under Recipients > Group List. If only users are imported, they must be added to a group manually. See Creating Azure AD user groups.

  • To update user information, the changes must be made within Azure AD server and then synced back to FortiPhish.

  • When you remove a user in Azure AD, FortiPhish removes them from all the groups they belong to, including manually created groups. This change takes effect after the next synchronization

Syncing the Azure AD server

You can sync the Azure AD server when members join or leave your organization.

To sync the server:
  1. In FortiPhish, go to Recipients > Azure AD .
  2. (Optional) In the Sync Status column, hover over the status column to view the latest sync date and time. If Sync Users and Groups option is selected while adding Azure AD, number of users and groups fetched is displayed else if Sync Users is selected, only the number of users fetched is displayed.

    The Next Sync Scheduled At column, displays date and time of the next synchronization schedule. If sync schedule is not configured, NA is displayed.

  3. In the Action column, click the sync button. During the sync process, clicking the sync button will display the number of users or users and groups fetched information.
  4. When the sync is complete, a confirmation message is displayed. Once the sync process is completed, if you click the sync button, sync process will start again.

Deleting an Azure AD server

To delete an Azure AD server:

  1. Go to Recipients > Azure AD Server.

  2. In the Actions column of the desired Azure AD client click the delete button. A confirmation window is displayed.

  3. Click Yes.

Note

  • Deleting an Azure AD client from FortiPhish won't affect existing Azure AD imported groups. However, you can manually delete them if no longer needed.

  • Adding or removing recipients from these AD groups automatically will change the Created field in Recipients > Group List page from Azure AD Sync to Manually.
Previous
Next

Azure AD Server

Connect FortiPhish to your organization's Azure AD tenant to import users and groups to create new recipients.

Configuring Azure AD for FortiPhish

Generate a Application ID and Secret in Azure AD to allow access for FortiPhish service.

To generate a Application ID and Secret in Azure AD:
  1. In Azure or O365 portal, switch to Azure Active Directory page.
  2. Create a new application that can be associated with FortiPhish. In azure portal:
    1. Go to App Registrations > New Registration.
      1. Provide a name for App. Ex. FortiPhish-AD-Proxy.
      2. Select the tenant.
      3. Leave Redirect URI blank.
    2. Record the Application ID and Tenant ID.
  3. Create an Access key.
    1. Under App Registrations select the created application.
    2. Go to Certificates & Secrets > New Client Secret.
    3. Record the Client Secret (named value in the GUI).
  4. Provide permissions to Graph API.
    1. Under App Registrations select the created application.
    2. Go to API Permissions > Add permission.
    3. Select Microsoft Graph” and then Application Permissions.
    4. Provide Permissions to the list of users and groups such as Directory ReadAll and Group ReadAll.
      Note

      After permissions are added, you should grant them using Grant admin consent to xxx in permission overview page.

Adding an Azure AD server

To add an Azure AD server:

  1. Go to Recipients > Azure AD and click Add Client+. The Azure AD-Create page opens.


  2. Configure the Azure AD server settings.

    1. Enter a Name for Azure AD.

    2. - Enter the Tenant ID, Application AD, and Client Secret information gathered during Configuring Azure AD for FortiPhish.

    3. Select Sync Users to import only the users or select Sync Users and Groups to import both users and groups from Azure AD.

    4. Set synchronization schedule to automatically sync users or users and groups.

      1. Select the frequency of the synchronization, Daily , Weekly, or Monthly. Select None to disable automatic syncing.

      2. Select the desired time zone from the drop down menu.

      3. Set the time of synchronization by selecting hours and minutes.

      4. If Weekly or Monthly is set as the frequency, select the days on which the synchronization must be performed. When configuring the synchronization frequency to Monthly, select 31 from At day drop down to schedule synchronization on the last day of each month.

        Note

        If both the Sync Schedule and Campaign Schedule which includes Azure AD users as recipients, are configured for the same time, the schedule that is executed first will delay the execution of the other until it is completed.

  3. To test the connectivity, click Test Connectivity.

  4. Click Submit. A confirmation message is displayed.

Note

  • Groups imported from Azure AD are automatically added under Recipients > Group List. If only users are imported, they must be added to a group manually. See Creating Azure AD user groups.

  • To update user information, the changes must be made within Azure AD server and then synced back to FortiPhish.

  • When you remove a user in Azure AD, FortiPhish removes them from all the groups they belong to, including manually created groups. This change takes effect after the next synchronization

Syncing the Azure AD server

You can sync the Azure AD server when members join or leave your organization.

To sync the server:
  1. In FortiPhish, go to Recipients > Azure AD .
  2. (Optional) In the Sync Status column, hover over the status column to view the latest sync date and time. If Sync Users and Groups option is selected while adding Azure AD, number of users and groups fetched is displayed else if Sync Users is selected, only the number of users fetched is displayed.

    The Next Sync Scheduled At column, displays date and time of the next synchronization schedule. If sync schedule is not configured, NA is displayed.

  3. In the Action column, click the sync button. During the sync process, clicking the sync button will display the number of users or users and groups fetched information.
  4. When the sync is complete, a confirmation message is displayed. Once the sync process is completed, if you click the sync button, sync process will start again.

Deleting an Azure AD server

To delete an Azure AD server:

  1. Go to Recipients > Azure AD Server.

  2. In the Actions column of the desired Azure AD client click the delete button. A confirmation window is displayed.

  3. Click Yes.

Note

  • Deleting an Azure AD client from FortiPhish won't affect existing Azure AD imported groups. However, you can manually delete them if no longer needed.

  • Adding or removing recipients from these AD groups automatically will change the Created field in Recipients > Group List page from Azure AD Sync to Manually.
Previous
Next