Platform
      Back to home
      1. CyberPedia
      2. Platform and Account/User Management
      3. Platform

      Setting up AD-Sync, Single Sign-On, and Email Whitelisting

      Get everything set up correctly

      Single Sign-On vs. CyberPilot app username and password

      AD-Sync and Single Sign-On

      You can make your administrative work easier with AD-Sync and Single Sign-On. By integrating with your Azure AD, users from your AD are automatically synchronized to the CyberPilot App and they log on to the platform with their usual Azure AD login and password.  

       

      CyberPilot app username and password

      It's not required that you use AD-Sync and Single Sign-On. Your users can also sign in to the CyberPilot app with a unique CyberPilot app username and password. 

       

      Whitelisting

      Regardless of how your user's login to the CyberPilot App, we always recommend that you whitelist emails from CyberPilot to prevent emails from getting stuck in spam folders.

      Guides

      We have two different setup guides, depending on how you want your users to login. 

      If you use AD Sync and Single Sign-On use this guide.

      If you use CyberPilot username and password use this guide.

       

      The guides will give you everything you need to do and know. But you can read more about AD-Sync and Single Sign-On below if you'd like. 

       

      About AD-Sync and Single Sign-On

      CyberPilot AD integration consists of two parts:

      • AD-Sync When a user is added to a specific group in your Azure AD, the user is also added to the CyberPilot app. If the user is removed from the Azure AD group, the user is disabled in the CyberPilot app.
      • Single Sign-On (SSO) When the user exists in the CyberPilot app, they log on to the platform with their Azure AD password.

       

      Requirements 

      • Integration can only be done with Azure AD cloud. If you use on-premises AD you may be able to connect it to Azure AD, so that the CyberPilot app can connect to the Azure AD.
      • If you have configured multifactor authentication in Azure AD, then it will work with the CyberPilot App. 
      • The CyberPilot app can integrate with one Azure AD per customer.
      • All uses to be synchronized with the CyberPilot App must be in one AD group. Support for multiple AD groups is on our roadmap.
      • Users synchronized with the CyberPilot App must have User principal name (username), First name, Last name, and Email filled out in your Azure AD. Without this information they cannot be synchronized to the CyberPilot App.
      • User properties Company Name, Department, Manager, Country, Job Title, Mobile Phone, and Office Location can also be synchronized to the CyberPilot App.

       

      The process for setting up AD-Sync and Single Sign-On 

      1. You must notify CyberPilot if you wish to use AD-Sync and Single Sign-On and appoint the IT employee, who is responsible for your Azure AD, with the task of setting up the AD integration for you. Make sure that the IT employee has an admin user in the CyberPilot App.
      2. CyberPilot assigns a subdomain to your account and lets you and the appointed IT employee know when it is ready.
        1. When a subdomain is configured for your account, you use https://***.app.cyberpilot.io (replace *** with the subdomain) to login to the CyberPilot app. 
        2. You coordinate with your IT employee on what users should be added to the CyberPilot app.
        3. On the planned start date your IT employee configures the CyberPilot app to synchronize with your AD and to use SSO. 
      3. When AD-Sync and Single Sign-On is configured, you are responsible for setting up internal processes for assigning users to the Azure AD group you have selected for the CyberPilot app.  

      Syncing users to specific groups or branches in the CyberPilot App

      Any group in your Azure AD can be mapped to any group, branch, or the general account in the CyberPilot App.

      In our guide, you can see the whole process for setting this up.

      In order to sync your users to branches in the CyberPilot App, you must:

      • Have multiple groups in your Azure AD
      • Each of these groups must be assigned to the CyberPilot Enterprise Application in your Azure AD

      The basic steps are: 

      1. Go to your "Account" menu and click on "Azure AD"'
      2. Click on "+ New mapping" if you want to add another sync
      3. Fill in the AD Group Object ID and under the "Add to" drop-down, select what that the group should sync to in the CyberPilot App (account, branch, or group) 
        1. If you want to sync the AD Group to a branch or group in the CyberPilot App, you will be prompted to choose which group/branch it syncs to.
        multiple ad groups
        map to branch
      4. Slide the toggle so that the Azure Sync is enabled
      5. Click "Save"

      You can repeat this for as many Azure Groups you want synced to the CyberPilot App. 

       

      Set a default language for users in an AD group

      When you are mapping a group in your Azure AD to the CyberPilot App, you can set up a default language for that mapping. This setting applies to new users created, not existing users who have already specified a language preference on the platform.

      Setting a language for the AD group mapping in this way will not overwrite existing users' language preferences. Instead, it will assign the selected language to every new user joining the CyberPilot App from this AD group.

      If a user chooses to change their language, their preference will be stored and never updated automatically.

      If you don't define a default language for a group or branch, it will inherit the default language from the account. A sub-branch will inherit the default language from it's parent branch.

      Here's an example of what it could look like if you are setting different default languages for mappings of AD groups to, e.g., a branch and a group. 

      Default language image

      Got a question?

      Contact us at support@cyberpilot.io