Configuring Azure AD and Office 365 Sync
Before you get started, make sure that the server you're installing the agent on is supported!
In order for the agent to work the server needs:
- Supports TLS 1.2. More information on which versions of windows server support which TLS protocols can be found in this article
- If not current or installed, the agent will also deploy C++ and .NET 4.5 or newer during the install.
The Azure and O365 sync is a tool that allows you to store passwords and push password changes to Azure AD and Office 365 synced accounts. The tool will run as a service on the machine which it is installed, and periodically sync with the Passportal cloud.
You will only need to install the Azure AD Office 365 agent if you do not have these account linked to an existing local AD environment already. If the Office 365 accounts are linked already to a local AD account, then the standard AD agent is all that is required and will not interfere with that plugin. The Azure AD and Office 365 integration only needs to be deployed if you are working with cloud Azure AD Office 365.
Setup - The admin account that the Passportal Agent uses to connect must have the Credential Type set to "Azure/Office365 Admin" within Passportal.
AD sync is set by default to update the password on Azure AD and Office 365, if it is changed in Passportal. However, this can be changed at the password level (individual passwords may have their own settings). The two modes are:
- Report Mismatches. This mode is a passive monitoring mode. It will attempt to match username/password pairs in Passportal with their equivalent usernames and passwords on the server. If there are any discrepancies (such as the password being changed by the user or in Azure AD and/or Office 365) then the tool will flag that password entry. The flag will appear on the password, the client and on the dashboard prompting users to update the information accordingly within Passportal.
- Enabled. This mode directly changes passwords on the Microsoft service. This is only a one-way push/sync - from Passportal to Azure AD and/or Office 365. Any changes made directly in Azure AD or Office 365 would be overwritten with the current value in Passportal.
Moving from "Report Mismatches" to "Enabled" would apply the password in Passportal to Azure AD and Office 365, so ensure that these changes are made prior to this switch.
- Create or edit a client, and enable "Windows Sync".
It is not possible to pull user Passwords from Azure AD and Office 365 to pre-seed data into Passportal. You will need to add accounts manually in Passportal, then enable Windows sync.
- Install the Remote Monitor Tool. This can be found under the downloads section.
- Select to only install the Azure AD and Office 365 Sync by selecting azuread/office365 intergration.
- Install all Azure AD and Office 365 requirements.
- Verify permission level and select client.
- Email from any organization administrator account in Passportal
- Password: Password from any organization administrator in Passportal (this will only be used on the first authentication in order to generate an ongoing secure unique authentication token)
- Organization Key: The company's unique Organization Key for Passportal
- Country: Canada or USA depending on your datacenter.
- Client: Choose the appropriate client from the dropdown
If you input a Domain Admin account that does not exist, You will get an Error, the user needs to be a allready existing admin account in Office 365 or Azure AD.
To access the "edit client" screen in your company vault, select Edit from the top bar within the company vault.