In this article, you will find information about how to synchronize the Azure Active Directory Groups and Users with the HEIMDAL Dashboard. This operation enables you to assign any of the endpoints from your environment to a HEIMDAL Dashboard Group Policy that is linked to an Azure Active Directory Group. To do that, you need to make sure that the SAML 2.0 Login feature is enabled and linked to your Azure Active Directory Tenant ID and that the Azure Active Directory Groups and Users are synchronized with the HEIMDAL Dashboard.
Enabling SAML 2.0 Login
In order to synchronize the Azure Active Directory Groups and Users, you need to make sure that the SAML 2.0 Login feature is enabled and linked to your Azure Active Directory Tenant ID. If SAML 2.0 Login hasn't been enabled yet, follow the instructions described in the following article to enable SAML 2.0 Login: https://support.heimdalsecurity.com/hc/en-us/articles/360019971018-SAML-2-0-Login
Synchronizing the Azure Active Directory Groups and Users
1. Log in to the HEIMDAL Dashboard using your HEIMDAL Dashboard credentials or the Azure Login functionality (this needs to be the user account that is assigned to an Enterprise customer, not a Reseller account).
2. Go to the Guide section and click on the Customer Settings Tab.
3. Click on Grant application consent.
4. You will be prompted to log in with your Microsoft credentials (in case you initially logged in with the regular login method):
5. Press Accept to grant permission to the Heimdal Security Dashboard Sync.
6. Synchronize the Azure Active Directory Groups and Users with the HEIMDAL Dashboard by pressing the Sync Users button:
7. The HEIMDAL Dashboard will read all the Azure Active Directory Groups found under your Tenant ID:
8. From the dropdown below, select what Azure Active Directory Groups will be synchronized with the HEIMDAL Dashboard (type in at least 4 characters to see the groups being displayed) and hit the Update button:
9. The selected Azure AD Groups can now be linked to any HEIMDAL group policy by accessing the Endpoints Settings -> General tab, where you can define a Specific Azure Groups that allows you to bind the current GP assigning to an Azure Active Directory Group or multiple Azure Active Directory Groups (Microsoft 365 Groups, Distribution Groups, Mail-enabled Security Groups, Security Groups). The users/devices that are members of the specified Azure Active Directory Group(s), will get the current Heimdal Group Policy;
The Azure Active Directory Groups and Users are automatically synchronized every 4 hours, so if a change is performed on an Azure AD Group or a new user is being added/remove to/from an Azure Active Directory Group, it will take 4 hours until the update will propagate.
Although RESELLERS can impersonate and add/edit the Azure Active Directory Tenant IDs on behalf of their ENTERPRISE Customers, they CANNOT synchronize Azure Active Directory Groups and Users on behalf of their ENTERPRISE Customers.