Create New Client
To create a new client:
- Select Clients on the main menu, and select the + New Client button
- The New Client dialog opens. Enter the client Name and Phone number
- Enable the Custom Rotation Policy toggle if required
- Activate the Enable Site Login if required (requires the Site product)
- Enable Forced Credential Types if required (This forces the client to use the credential types list from the organization)
- Select the Microsoft Sync type from the drop-down:
- None
- Connect to Azure
- Connect to Active Directory
The Windows Agent will need to be installed on the Domain Controllers of the client for AD sync to operate. Instructions for install are contained in the following topics:
- Active Directory + Azure
When selected, a new option to Mute Azure sync is provided. Toggle as required to turn on or off password processing for the Azure connection. After Client creation is complete, follow the Azure Synchronization directions to connect to and authenticate with Azure.
- Where Connect to Active Directory or Active Directory + Azure has been selected, click Settings next to Active Directory in order to configure the Windows Agent settings. These settings are detailed the below table.
- Where Connect to Active Directory or Active Directory + Azure has been selected, enter the AD domain name in the Active Directory Domain field. We use the User Principal Name (UPN) for synchronization between Active Directory and Azure. The UPN is the name of a system user in an email address format, but is not generally the user's email address.
- Click Create once all required details has been added.
See Credential Rotation for Custom Rotation Policy information
After Client creation is complete, follow the Azure Synchronization directions to connect to and authenticate with Azure.
Active Directory Settings
| Setting | Description |
|---|---|
| Sync behavior | |
| Mute Agent | Turns off all password processing for the agent. |
| One-way sync | Password changes are sent one-way only and any changes at the destination will be overwritten. |
| AD to Passportal | Changes from AD are sent to Passportal on sync. Changes in Passportal will get overwritten by Windows agent. |
| Passportal to AD | Changes from Passportal are sent to AD on sync. Changes in AD will get overwritten by Windows agent. |
| Two-way sync | Password changes are sent both ways on sync. Password must be changed first in Passportal for this to work. |
| Services | |
| Update Service Credentials on Network | Update all network services with password changes. |
| Auto Restart Updated Services | When service account logins are updated, restart the service. |
| User Settings | |
| Unlock Windows Accounts on resets | When resetting an account via Blink also unlock the account. |
| Auto Create Users as Passwords | When a password change is detected, create the user as a password in Passportal |
| Force Username to UPN |
When passwords are autoimatically created, e,ploy User Principle Name (UPN). When Active Directory + Azure sync is enabled, forcing the username to UPN may disrupt Azure syncing if the agent domain name is different than the Azure domain name. |
| Auto Create Missing Windows Users | Create the user in Windows if present in Passportal and set to update password. |
| Blink app | |
| Agent Settings Override Blink Options | When this setting is off, the options in the blink app will be used for password resets |
| Require password change on Blink resets | When Blink users request password resets, true means they will be forced to change their password at next login. |
| Agent folder settings | |
| Folder Path - Sync Agent 4.1.0 or higher to use these settings |
Folder where synced passwords will be created. Available after an Agent 4.1.0 and above has synced. Configure to automatically store any new synchronized passwords in the selected folder rather than in the root of the client. This ensures that any sensitive passwords appear in this folder first before moving them elsewhere. For additional security and restrict access, apply multiple security groups to the selected folder. Use in conjunction with the Org Unit Filter to select which Organization Units synchronize to the folder. |
| Org Units Filter - Sync Agent 4.1.0 or higher to use these settings |
Select the Organization Units you want to sync with ". Available after an Agent 4.1.0 and above has synced. Choose the Active Directory Organization Units to synchronize with Passportal. After selection, Passportal only synchronizes with those units included in the filter. Org Units Filtering does not apply to default Organizational Unit structures which always synchronize. |