This article describes how to enable and disable synchronization with Microsoft Azure Active Directory (AAD).

AAD integration allows for Lupasafe to have all users up to date for for example phishing and cyber awareness.


How it works

Lupasafe can synchronize employees that are stored and maintained in the AAD. Lupasafe uses the Microsoft Graph API to enumerate employees and synchronize them. Lupasafe will add new employees and set employees that aren’t found in the AAD to inactive. Also the asset assigned to these users will be set to inactive. Since some organizations have a more complex structure, the synchronization will only add employees that have an email address that has a domain name that has been added in the domain section of the settings in Lupasafe .


Requirements

You will need to add any domain names used for email in the “Manage Domain” section of the settings within Lupasafe


To do this go to the green circle on the right top side of the Lupasafe portal, select ‘Settings’ from the drop down menu and select ‘Manage domains’ from the navigation menu on the left side. You can add domains here.

What you need: an administrator account for the AAD (for example the administrator account for Office365) that can login during the enable process of the integration.


How to enable AAD synchronization

To to enable the AAD synchronization in four steps:

  1. Go to the ‘Settings’ menu within the Lupasafe portal. From there, choose the ‘Integration’ option in the navigation menu on the left of the screen.
  2. Here you can click ‘Add AAD Integration’ to start the authorization process. Lupasafe will redirect to the Microsoft authentication page to request authorization to query the AAD for your organization. The Microsoft page looks like this (after the standard login process).
  3. After checking the ‘Consent on behalf of your organisation’ box and clicking ‘Accept’ Microsoft will redirect you back to Lupasafe and the synchronization is enabled.
  4. Make sure there are domains linked to the AAD. You can do this under ´Manage domains´. Click on ´Add a domain´ and enter the domain you want to be synced.


Notes:

The synchronisation will take place every 6 hours, so it might take a bit of time for you to see the first results.

Manually added employees will be disabled after enabling the AAD synchronisation.


Remove the integration

Removing / disabling the integration is simple.  Just go to ‘Integration’ menu within the Lupasafe portal and click ‘Remove AAD Integration’.

After removing the AAD integration, all information that is needed to read from the AAD is deleted from our database. You can always add the integration again if required.