Adding a directory sync

NOTE A video tutorial is available at the end of this article.

Directory sync

Directory sync allows you to integrate a BullPhish ID client organization with a directory resource to import groups and targets. Imported groups and targets are automatically synchronized with the organization's directory resource to keep group information up to date in BullPhish ID.

Integrating a client organization with a directory resource makes it easy to select the groups to include in phishing and training campaigns.

Directory sync provides the following key features:

BullPhish ID supports integration with Microsoft Entra ID, Google Workspace, Passly, and IT Glue.
BullPhish ID supports dynamic and nested groups in Microsoft Entra ID and Google Workspace. BullPhish ID does not support dynamic distribution groups.
BullPhish ID provides seamless access and ongoing synchronization of all active directory groups. You have the option to import and maintain a constant sync of all groups within BullPhish ID. Or, you can choose specific groups to synchronize. Additionally, there is an option to import all targets from a directory into BullPhish ID.
Users that are added to or deleted from a directory are automatically added to/deleted from the corresponding synced group in BullPhish ID when the next synchronization occurs.
Each client's BullPhish ID data is automatically synchronized with its directory information once a day at 00:00 UTC.
A directory sync is automatically performed right before processing begins for each campaign for groups that are associated with the campaign.
Users can trigger a manual sync for a specific group or a manual sync can be triggered for all groups at once.
The Directory Sync Preference option can be changed. (This configuration is not available for IT Glue).
For a Microsoft Entra ID directory sync, the Client Secret can be edited in BullPhish ID.

Directory Sync Preference

The Directory Sync Preference configuration determines how synced targets are handled in BullPhish ID after they have been deleted from an organization's directory resource.

The Directory Sync Preference options are:

Targets status remains unchanged on BullPhish ID: This is the default selection. When targets are deleted from synced directory groups:

The targets are removed from the synced BullPhish ID groups. However, targets in groups created manually in BullPhish ID are not affected.
Each target will still be available on the Targets page in its original Active or Inactive Status.

Deactivate targets on BullPhish ID: When targets are deleted from synced directory groups:

The targets are removed from the synced BullPhish ID groups. Targets in groups created manually in BullPhish ID are not affected.
The Status of targets removed from the directory will be updated to Inactive on the Targets page in BullPhish ID.

You select a Directory Sync Preference option when creating a new directory sync or you can edit an existing directory sync. The selected option goes into effect when the next directory sync occurs.

Here is the Directory Settings modal that is displayed when editing an existing directory sync. The Directory Sync Preference options are at the bottom.

NOTE Directory Sync Preference options are available for Azure, Google, and Passly. The configuration is unavailable for IT Glue. To change the Directory Sync Preference configuration for an existing directory sync, see the article Editing or deleting a directory sync .

Directories page

The Directories page is accessed via the Targets & Groups section in the navigation pane.

The Directories page displays the following:

Organizations that are integrated with a directory resource.
Directory type for which each organization is integrated.
Status of the integration.

You can create a new directory sync for an SMB organization via the + Add Directory Sync button.

Status

The Status column indicates one of the following sync statuses for each organization:

Connected: The BullPhish ID organization is integrated (synced) with the directory resource.
Syncing: The BullPhish ID organization is currently syncing with the directory resource.
Error: This status may be indicated in the following situations:

If there are syncing issues.
When a user enters expired active directory credentials, the synchronization cannot be completed successfully.
When a user removes permissions on the active directory site.

Integrating BullPhish ID with a directory resource

Access the applicable integration guide below:

Tutorial: Directories

Revision	Date posted
Global: Changed Azure to Microsoft Entra ID.	12/14/23
Intro para: Added - BP supports nested groups in Microsoft Entra ID and Google Workspace.	2/21/24
Added tutorial video.	8/23/24

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.