Users, Directory Sync, and Onboarding

Users

Your Users are the heart of your Passly license. There are three ways to add users to Passly, and the following articles will go over them. To access your Users, click the “Directory Manager” option on the left-side control panel. You will be taken to your Users screen. 

Manual Creation

If you want to add users individually or in small groups, you can do so via manual creation. Click the green “+” in the bottom-right corner. From there, you can select either “Add New User” or “Import Users”. Click “Add New User”.

 

On the right side of the screen a menu will appear, directing you to manually enter in the details of your User, including:

  • Display Name
  • Email Address
  • Username
  • Provisioning Policy

These options allow you to set the credentials that users are required to enter when using Passly. Additionally, a user must be assigned to a Provisioning Policy. For more information, please review the “Provisioning Policy” articles.

 

The last option you will see is the “generate password” option, which allows you to manually create a password for the user. If you do not generate a password, the user will create one when they log in for the first time. Once you have finished this, click “add user”. To cancel adding a user, click “cancel”.

Import

If you would like to add users en masse from a CSV, you may do so from the “Import Users” option. Click the green “+” in the bottom-right corner. From there, you can select either “Add New User” or “Import Users”. Click “Import Users”.

 

On the right side of the screen a menu will appear, prompting you to upload your directory using a .CSV file. Passly provides you with a downloadable template to add users onto. Note that the first 4 columns firstName, lastName, emailAddress and principalName, are required. Once you have completed the .CSV file, upload it onto Passly by using the “Select .CSV file” button. Your last step is to then select the provisioning policy you would like to use for your uploaded directory. For more information, please review the “Provisioning Policy” articles. 

 

Once you have finished this, click “add users”. To cancel uploading a directory, click “cancel”.

 

Directory Sync

If you wish to sync your Passly users with an on-premises Active Directory, you can perform a Directory Sync using Passly’s Universal Directory service. To get started with Directory Sync, click “Directory Manager” on the left side bar, then click “Directory Sync”. 

 

Agent Installation 

In order to utilize Passly’s Universal Directory service, you’ll need to install it. If this is your first time using Passly, the graphic in the bottom-right corner of the screen will inform you that you do not have any directory sync agents and will direct you to add them by clicking the green “+” button. Clicking this button will bring you to the following screen:

Picture5.png

To begin the installation process, click “Let’s Get Started”.

Picture6.png

An important thing to keep in mind when downloading Directory sync is to evaluate whether or not your system has the ability to download and utilize the Agent. It is recommended to be installed directly on a member server rather than the domain controller for safety reasons. Microsoft .NET Framework 4.6+ is also required to be downloaded on the server. Once these prerequisites have been fulfilled, you may proceed to install the agent, which is covered by the next steps.

 

Configuring the Directory Sync agent on a Domain joined machine.
  1. Download directory on the server, or copy the DirectorySyncAgent.exe file directly to the machine.
    Note: If you have any installation issues try running the MSI from an elevated command prompt (Run as Administrator) this should prevent interference from UAC (User Account Controls).
  2. Select Next
    Picture7.png
  3. Agree to the Terms of Use.
    Picture8.png
  4. Select Install.
    Picture9.png
  5. Select Finish.
    Picture10.png
  6. Enter your Passly Domain.
    Picture11.png
  7. Log into your Passly account.
    Picture12.png
  8. Select authentication method.
    Picture13.png
  9. Once authenticated select Allow
  10. Select OK.
    Picture14.png

 

From here you will return to the tenant web interface.

The newly installed agent will check in and be displayed in the Directory Sync section.

Select the agent by clicking on it.

By selecting Edit you can set the following.

  • Name
  • Status
  • Sync Frequency (Hours)
  • Account Status on Sync
  • Send Activation emails
  • Require MFA

Selecting Organisational Units will allow you to define what items from Active Directory should be synchronised. Note: If you choose to use the Full On-boarding Policy all the users added will receive an enrolment email. 

Agent Configuration

Once you have successfully performed a Directory Sync using Passly’s Universal Directory service, you will be able to configure your individual directory agents under Directory Management > All Agents. 

From this screen you will see a dashboard of all your current agents, listing their Name, Last Checked In date/time, and Status. To view and configure your agent, click its name.

Picture15.png
From this screen, you can view and edit the details of your selected agent, including its Name, Status, Version, Provisioning Policy, and whether or not Windows Authentication is enabled. 

One of the most important features of this page is the ability to view your enabled Password Policy, which includes the following elements:

  • Supports Two-Way Sync: If your policy does not support two-way sync (meaning one-way sync is enabled), passwords of users in your selected agent must be reset via the active directory. If two-way sync is supported, user passwords can be reset directly through Passly.
  • Synchronise Changes
  • Requires Complex Value
  • Minimum Age
  • Maximum Age
  • Minimum Length

Organisational Units allow you to select which groups you want to sync from a designated directory. These individual units are displayed as folders that you can select and deselect depending on the people you wish to provision under your Passly Policy. 

Mapped Attributes are the default characteristics imported from a synced directory. 

 

New User Onboarding 

Setup Account 

When a user is provisioned, they are taken through the initial on-boarding process, which includes the following steps:

  • Verify via email
    When you are provisioned onto Passly, you are sent an email invitation to use Passly. In order to accept the invitation, the user must click “Lets Get Started”

 Picture16.png

You will then be redirected to the welcome portal: Picture17.png

 

  • Setup your password 
    1. Once you have verified your email, from the Welcome portal online, click on the “Let’s Get Started” button to be redirected to the password setup screen:

Picture18.png

Once you have created a simple password, you will be walked through the 2FA registration process. 

Setup 2FA 

Regardless if an Authentication Policy requires 2FA with each sign in, you must set up 2FA upon signing up for Passly. To set up 2FA:

  1. Select your 2FA Recovery Device
    1. You will be given a menu of options to associate a Passly account with a 2FA token. There are currently 4 authentication options available – iPhone, Android, Windows Desktop and U2F token. Simply select the device you wish to set up with a 2FA token and click “Next”.
  2. Set Up 2FA 
    1. Mobile: If you select a Mobile device (Android or iPhone) you will then be asked if you want to be sent a Push Notification from the Passly app or a one-time Passcode. If you select a mobile device, you will be provided a QR code that, when scanned, takes you directly to your phone’s application store to download Passly. Once Passly is downloaded, follow the instructions on screen to finish setting up 2FA. 

Picture19.png

  1. Start using Passly

After you have approved your first authentication request you will see the following screen, verifying you have successfully been recruited under Passly:

Picture20.png

Selecting the “Nice. Let’s Move On” button will immediately launch you into the evaluation.

Picture21.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us