This integration is specifically for Azure's Cloud-Based Active Directory (AD). To use an Active Directory Group in BullPhish ID™, the following information is required: given name, surname, job title, and mail to translate to BullPhish ID.
Grant API Access to Azure AD
- Log into Azure Portal.
- Navigate to the left hamburger menu, and click Azure Active Directory.
3. Click App registrations from the sub-menu tab.
4. Click + New Registration from the top menu bar.
5. Provide the application name on Register an application page, and select Accounts in any organizational directory (Any Azure AD directory - Multitenant) from the Supported account types radio button.
6. Click the "Register" button. An Application ID, Tenant ID, and Object ID are displayed on the screen. It is needed to authenticate in BullPhish ID.
7. Click API permissions.
8. Click Add permission.
9. Click Microsoft Graph from the right-side menu.
10. Click Application permissions.
11. Scroll down to Group > click the dropdown and select Group.Read.All.
12. Scroll down to User > click the dropdown and select User.Read.All.
13. Click Add permissions.
14. Click Grant admin consent for Default Directory from the API Permissions page. This action requires admin-level access.
15. Click on Certificates & secrets from the left-side menu.
16. Click New client secret. This secret is needed to authenticate with BullPhish ID.
Important: The Client Secret is only visible and should be safely recorded or used, as it will not be retrievable later.
17. Choose when the secret should expire from the dropdown. Click on the "Add" button.
18. Copy the value from the client secret you just created and paste it within the client secret field on the new directory sync modal.
Authenticate with BullPhish ID
1. Log into https://bullphishid.com/.
2. Navigate to the left-side menu and select Targets & Groups > Directories.
3. Select the Add Directory Sync button.
4. Select the organization and the Azure directory type. Enter the Tenant ID and Client ID from step 6 and the Client Secret from step 18.
5. If synced correctly, the user will be taken to the organizations edit directory page, where they can select a group to be imported from the Azure Active Directory. Select the AD Group to be synced with BullPhish ID. Click Sync.
6. If a process is successful, the group will be present under the Synced Groups table.
- If you manually upload a directory, you can create a note, edit the group/the targets attached to the group, or delete the group under the Actions. If the directory is synced via an AD, it is viewed only.
- There is no specific time for syncing AD groups to BPID. This action is performed daily and isn't scheduled for one particular time. Also, we are syncing groups right after clicking on the sync button from the page of AD configurations for an organization. In addition to that, we are synchronizing groups right before the campaign starts for a group.
- Editing any targets and groups that came to the system from AD is prohibited because they will be overwritten on the next sync.
- BullPhish ID does support Azure Active Directory dynamic and nested Groups.
- If you have questions or need further assistance, please contact your Partner Success Manager or email email@example.com.
All rights reserved. No part of this document may be reprinted or reproduced or utilized in any form or by any electronic, mechanical, or other means, now known or invented, including photocopying and recording or in any information storage or retrieval system without written permission from the publisher.