Create New Client

To create a new client:

1. Select Clients on the main menu, and select the + New Client button



2. The New Client dialog opens. Enter the client Name and Phone number



3. Enable the Custom Rotation Policy toggle if required

See Credential Rotation for Custom Rotation Policy information

4. Activate the Enable Site Login if required (requires the Site product)
5. Enable Forced Credential Types if required (This forces the client to use the credential types list from the organization)
6. Select the Microsoft Sync type from the drop-down:
• None
• Connect to Entra ID

After Client creation is complete, follow the Entra ID Synchronization directions to connect to and authenticate with Entra ID.

• Connect to Active Directory

  The Windows Agent will need to be installed on the Domain Controllers of the client for AD sync to operate. Instructions for install are contained in the following topics:

  • Configuring AD Sync in a Single Domain Controller Environment

  • Configuring AD Sync in a Multi-Domain Controller Environment

• Active Directory + Entra ID

  When selected, a new option to Mute Entra ID sync is provided. Toggle as required to turn on or off password processing for the Entra ID connection. After Client creation is complete, follow the Entra ID Synchronization directions to connect to and authenticate with Entra ID.

7. Where Connect to Active Directory or Active Directory + Entra ID has been selected, click Settings next to Active Directory in order to configure the Windows Agent settings. These settings are detailed the below table.



8. Where Connect to Active Directory or Active Directory + Entra ID has been selected, enter the AD domain name in the Active Directory Domain field. We use the User Principal Name (UPN) for synchronization between Active Directory and Entra ID. The UPN is the name of a system user in an email address format, but is not generally the user's email address.



9. Click Create once all required details has been added.

Active Directory Settings

Setting	Description
Sync behavior
Mute Agent	Turns off all password processing for the agent.
One-way sync	Password changes are sent one-way only and any changes at the destination will be overwritten.
AD to Passportal	Changes from AD are sent to Passportal on sync. Changes in Passportal will get overwritten by Windows agent.
Passportal to AD	Changes from Passportal are sent to AD on sync. Changes in AD will get overwritten by Windows agent.
Two-way sync	Password changes are sent both ways on sync. Password must be changed first in Passportal for this to work.
Services
Update Service Credentials on Network	Update all network services with password changes.
Auto Restart Updated Services	When service account logins are updated, restart the service.
User Settings
Unlock Windows Accounts on resets	When resetting an account via Blink also unlock the account.
Auto Create Users as Passwords	When a password change is detected, create the user as a password in Passportal
Force Username to UPN	When passwords are automatically created, employ User Principle Name (UPN). When Active Directory + Entra ID sync is enabled, forcing the username to UPN may disrupt Entra ID syncing if the agent domain name is different than the Entra ID domain name.
Auto Create Missing Windows Users	Create the user in Windows if present in Passportal and set to update password.
Blink app
Agent Settings Override Blink Options	When this setting is off, the options in the Blink app will be used for password resets
Require password change on Blink resets	When Blink users request password resets, true means they will be forced to change their password at next login.
Agent folder settings
Folder Path - Sync Agent 4.1.0 or higher to use these settings	Folder where synced passwords will be created. Available after an Agent 4.1.0 and above has synced. Configure to automatically store any new synchronized passwords in the selected folder rather than in the root of the client. This ensures that any sensitive passwords appear in this folder first before moving them elsewhere. For additional security and restrict access, apply multiple security groups to the selected folder. Use in conjunction with the Org Unit Filter to select which Organization Units synchronize to the folder.
Org Units Filter - Sync Agent 4.1.0 or higher to use these settings	Select the Organization Units you want to sync with ". Available after an Agent 4.1.0 and above has synced. Choose the Active Directory Organization Units to synchronize with Passportal. After selection, Passportal only synchronizes with those units included in the filter. Org Units Filtering does not apply to default Organizational Unit structures which always synchronize.