Your Users are the heart of your Passly license. There are three ways to add users to Passly, and the following articles will go over them. To access your Users, click the “Directory Manager” option on the left-side control panel. You will be taken to your Users screen.
If you want to add users individually or in small groups, you can do so via manual creation. Click the green “+” in the bottom-right corner. From there, you can select either “Add New User” or “Import Users”. Click “Add New User”.
On the right side of the screen a menu will appear, directing you to manually enter in the details of your User, including:
- Display Name
- Email Address
- Provisioning Policy
These options allow you to set the credentials that users are required to enter when using Passly. Additionally, a user must be assigned to a Provisioning Policy. For more information, please review the “Provisioning Policy” articles.
The last option you will see is the “generate password” option, which allows you to manually create a password for the user. If you do not generate a password, the user will create one when they log in for the first time. Once you have finished this, click “add user”. To cancel adding a user, click “cancel”.
If you would like to add users en masse from a CSV, you may do so from the “Import Users” option. Click the green “+” in the bottom-right corner. From there, you can select either “Add New User” or “Import Users”. Click “Import Users”.
On the right side of the screen a menu will appear, prompting you to upload your directory using a .CSV file. Passly provides you with a downloadable template to add users onto. Note that the first 4 columns firstName, lastName, emailAddress and principalName, are required. Once you have completed the .CSV file, upload it onto Passly by using the “Select .CSV file” button. Your last step is to then select the provisioning policy you would like to use for your uploaded directory. For more information, please review the “Provisioning Policy” articles.
Once you have finished this, click “add users”. To cancel uploading a directory, click “cancel”.
If you wish to sync your Passly users with an on-premises Active Directory, you can perform a Directory Sync using Passly’s Universal Directory service. To get started with Directory Sync, click “Directory Manager” on the left side bar, then click “Directory Sync”.
In order to utilize Passly’s Universal Directory service, you’ll need to install it. If this is your first time using Passly, the graphic in the bottom-right corner of the screen will inform you that you do not have any directory sync agents and will direct you to add them by clicking the green “+” button. Clicking this button will bring you to the following screen:
To begin the installation process, click “Let’s Get Started”.
An important thing to keep in mind when downloading Directory sync is to evaluate whether or not your system has the ability to download and utilize the Agent. It is recommended to be installed directly on a member server rather than the domain controller for safety reasons. Microsoft .NET Framework 4.6+ is also required to be downloaded on the server. Once these prerequisites have been fulfilled, you may proceed to install the agent, which is covered by the next steps.
Configuring the Directory Sync agent on a Domain joined machine.
- Download directory on the server, or copy the DirectorySyncAgent.exe file directly to the machine.
Note: If you have any installation issues try running the MSI from an elevated command prompt (Run as Administrator) this should prevent interference from UAC (User Account Controls).
- Select Next
- Select Install.
- Select Finish.
- Enter your Passly Domain.
- Log into your Passly account.
- Select authentication method.
- Once authenticated select Allow
- Select OK.
From here you will return to the tenant web interface.
The newly installed agent will check in and be displayed in the Directory Sync section.
Select the agent by clicking on it.
By selecting Edit you can set the following.
- Sync Frequency (Hours)
- Account Status on Sync
- Send Activation emails
- Require MFA
Selecting Organizational Units will allow you to define what items from Active Directory should be synchronized. Note: If you choose to use the Full On-boarding Policy all the users added will receive an enrollment email.
Once you have successfully performed a Directory Sync using Passly’s Universal Directory service, you will be able to configure your individual directory agents under Directory Management > All Agents.
From this screen you will see a dashboard of all your current agents, listing their Name, Last Checked In date/time, and Status. To view and configure your agent, click its name.
From this screen, you can view and edit the details of your selected agent, including its Name, Status, Version, Provisioning Policy, and whether or not Windows Authentication is enabled.
One of the most important features of this page is the ability to view your enabled Password Policy, which includes the following elements:
- Supports Two-Way Sync: If your policy does not support two-way sync (meaning one-way sync is enabled), passwords of users in your selected agent must be reset via the active directory. If two-way sync is supported, user passwords can be reset directly through Passly.
- Synchronize Changes
- Requires Complex Value
- Minimum Age
- Maximum Age
- Minimum Length
Organizational Units allow you to select which groups you want to sync from a designated directory. These individual units are displayed as folders that you can select and deselect depending on the people you wish to provision under your Passly Policy.
Mapped Attributes are the default characteristics imported from a synced directory.
New User Onboarding
When a user is provisioned, they are taken through the initial onboarding process, which includes the following steps:
- Verify via email
When you are provisioned onto Passly, you are sent an email invitation to use Passly. In order to accept the invitation, the user must click “Lets Get Started”
You will then be redirected to the welcome portal:
- Setup your password
- Once you have verified your email, from the Welcome portal online, click on the “Let’s Get Started” button to be redirected to the password setup screen:
Once you have created a simple password, you will be walked through the 2FA registration process.
Regardless if an Authentication Policy requires 2FA with each sign in, you must set up 2FA upon signing up for Passly. To set up 2FA:
- Select your 2FA Recovery Device
- You will be given a menu of options to associate a Passly account with a 2FA token. There are currently 4 authentication options available – iPhone, Android, Windows Desktop and U2F token. Simply select the device you wish to set up with a 2FA token and click “Next”.
- Set Up 2FA
- Mobile: If you select a Mobile device (Android or iPhone) you will then be asked if you want to be sent a Push Notification from the Passly app or a one-time SMS Passcode.If you select a mobile device, you will be provided a QR code that, when scanned, takes you directly to your phone’s application store to download Passly. Once Passly is downloaded, follow the instructions on screen to finish setting up 2FA.
- Start using Passly
After you have approved your first authentication request you will see the following screen, verifying you have successfully been recruited under Passly:
Selecting the “Nice. Let’s Move On” button will immediately launch you into the evaluation.