Create New Client

To create a new client:

  1. Select Clients on the main menu, and select the + New Client button
  2. The New Client dialog opens. Enter the client Name and Phone number
  3. Enable the Custom Rotation Policy toggle if required
  4. See Credential Rotation for Custom Rotation Policy information

  5. Activate the Enable Site Login if required (requires the Site product)
  6. Enable Forced Credential Types if required (This forces the client to use the credentials list from the organization)
  7. Select the Microsoft Sync type from the drop-down:
  8. Where Connect to Active Directory or Active Directory + Azure has been selected, click Settings next to Active Directory in order to configure the Windows Agent settings. These settings are detailed the below table.
  9. Where Connect to Active Directory or Active Directory + Azure has been selected, enter the AD domain name in the Active Directory Domain field. We use the User Principal Name (UPN) for synchronization between Active Directory and Azure. The UPN is the name of a system user in an email address format, but is not generally the user's email address.
  10. Click Create once all required details has been added.

Active Directory Settings

Setting Description
Sync behavior
Mute Agent Turns off all password processing for the agent.
One-way sync Password changes are sent one-way only and any changes at the destination will be overwritten.
AD to Passportal Changes from AD are sent to Passportal on sync. Changes in Passportal will get overwritten by Windows agent.
Passportal to AD Changes from Passportal are sent to AD on sync. Changes in AD will get overwritten by Windows agent.
Two-way sync Password changes are sent both ways on sync. Password must be changed first in Passportal for this to work.
Update Service Credentials on Network Update all network services with password changes.
Auto Restart Updated Services When service account logins are updated, restart the service.
User Settings
Unlock Windows Accounts on resets When resetting an account via Blink also unlock the account.
Auto Create Users as Passwords When a password change is detected, create the user as a password in Passportal
Force Username to UPN

When passwords are autoimatically created, e,ploy User Principle Name (UPN).

When Active Directory + Azure sync is enabled, forcing the username to UPN may disrupt Azure syncing if the agent domain name is different than the Azure domain name.

Auto Create Missing Windows Users Create the user in Windows if present in Passportal and set to update password.
Blink app
Agent Settings Override Blink Options When this setting is off, the options in the blink app will be used for password resets
Require password change on Blink resets When Blink users request password resets, true means they will be forced to change their password at next login.
Agent folder settings
Folder Path - Sync Agent 4.1.0 or higher to use these settings

Folder where synced passwords will be created. Available after an Agent 4.1.0 and above has synced.

Configure to automatically store any new synchronized passwords in the selected folder rather than in the root of the client. This ensures that any sensitive passwords appear in this folder first before moving them elsewhere. For additional security and restrict access, apply multiple security groups to the selected folder. Use in conjunction with the Org Unit Filter to select which Organization Units synchronize to the folder.

Org Units Filter - Sync Agent 4.1.0 or higher to use these settings

Select the Organization Units you want to sync with ". Available after an Agent 4.1.0 and above has synced.

Choose the Active Directory Organization Units to synchronize with Passportal. After selection, Passportal only synchronizes with those units included in the filter.

Org Units Filtering does not apply to default Organizational Unit structures which always synchronize.