Phin Security

How to Add Users via Phin's Azure User Sync

Phin's Azure User Sync allows administrators with Global Admin or Privileged Role Administrator access to connect their Azure AD tenant to Phin via the client portal's Integrations page, enabling automatic, cyclical synchronization of licensed and mailbox-enabled users and groups—where users can be staged for inclusion, disabled users are marked inactive ("slept"), and unlicensed users removed—while maintaining the connection ensures ongoing updates for Security Awareness Training user management.

Overview

Phin's Azure User Sync simplifies user management for Security Awareness Training by automatically updating users on a rotating cycle. This guide explains how to connect and use Azure Sync within the Phin platform.

Navigating to the Azure Sync

  1. 1.Go to the home screen of the client portal.
  2. 2.Click on Integrations in the left-hand menu.
  3. 3.On the Integrations page, find the User Sync option and click Connect.
  4. 4.You will be directed to the Azure Sync page to proceed with the setup.

Connecting Phin's Azure Sync

  • You need Global Admin or Privileged Role Administrator access for the client you are connecting.
  • Click Continue to Microsoft on the Azure Sync page.
  • If your client uses Azure AD for US Government, toggle the button to switch the sync to Azure AD for US Gov.
  • Log in with the Global Admin account on Microsoft's sign-in page.
  • Review the requested permissions and click Accept.
  • The sync process will begin and may take a few minutes.
  • After verifying Microsoft's consent status, you will enter the Staging phase.

Staging Phase: Selecting Users and Groups

  • In the Staging step, you can select specific groups to include in the sync. To sync all licensed users, skip this step.
  • Once staged, all users and groups from your Azure tenant are listed as pending changes to your Phin account.

Important Notes:

  • Users without mailboxes or valid licenses will not be synced.
  • If a licensed user in Phin becomes unlicensed in Azure, they will be removed from Phin.
  • Disabled users in Azure will be marked as slept in Phin.
  • The integration must remain connected for changes in Azure to be reflected in Phin.

Sleeping Users and Groups During Sync

Sleeping users or groups removes their ability to receive Phishing or Training emails and makes them inactive (not billable for full inactive months).

  • Best Practice: Use security groups for large organizations. Create a group in Microsoft for all users needing Phin access and sync only that group.

Sleeping Users

  • In the staged user list, under the Action column, click Sleep to sleep a user. The user will appear greyed out.
  • To wake a user, click Include. The user will be reactivated and able to receive Phishing and Training.

Sleeping Groups

  • Switch from Users to Groups at the top of the list.
  • Click Sleep next to the group you want to sleep. The group will be marked as slept.
  • To wake a group, click Include. The group will be reactivated.

Finishing the Azure Sync

  • After sleeping the desired users or groups, click Commit to finish the sync process.
  • The first sync will initiate. Once complete, you will be taken to the Connected page.
  • You can check sync status and errors on this page.

Automatic Sync: Azure Sync automatically re-syncs every 6 hours. You can also manually resync by clicking Sync Now.

Warning: Manually syncing too soon after a previous sync may cause duplicate users. If a user is deleted and re-added, they will be treated as a new user. Deleted users appear under the 'Deleted' filter in analytics but not in PDF reports.

Additional Notes

  • Azure Dynamic Groups are not fully supported.
  • If a user was added manually and later synced via Azure, their information will be updated from Azure, but their training and phishing data will remain unaffected.
  • The following fields are synced: First Name, Last Name, Email, Manager, Department, Phone number.