Overview
This article contains instructions to sync a PhishingBox group with Microsoft Group(s). This method of syncing is best for clients who want to sync groups from multiple Azure Tenants. Another reason to integrate at the Group level is to sync in multiple Microsoft Groups into one PhishingBox group.
There are two configuration options for syncing Microsoft groups -- App Settings and Log in to O365 (Deprecated). Use the links below to hop to a section:
NOTE: If you're only syncing groups from one Azure tenant (and also don't want to sync multiple Microsoft groups to one PhishingBox group), then it's advised to configure an Azure Integration (follow our Integrating an Account with Microsoft Entra ID (Azure AD) article to do this).
App Settings
Registering the Application
To start, navigate to the Azure portal and sign in. Once signed in, click the hamburger menu in the top-left of the portal and click Microsoft Entra ID. After navigating to Microsoft Entra ID, Click App Registrations in the navigation menu on the left-hand side.
Once in the App Registrations window, click the "New registration" button, located on the top of the page.
This will open the application registration wizard. Complete the following steps:
- Give the application a name.
- Under the Supported account types section, select the "Accounts in this organization directory only" option.
- Click the "Register" button on the bottom left-hand side of the wizard.
NOTE: A Redirect URI is not required.
Assigning Permissions
Now the application has been created and you will be redirected to the application overview. Note the Application (client) ID and Directory (tenant) ID. PhishingBox will need both, along with a secret, in order to connect to the directory. Before you enter the App ID and Directory ID into PhishingBox, the application needs API permissions. Click the "View API permissions" button under the Call APIs section, or the "API permissions" link in the navigation menu on the left-hand side.
After navigating to the API Permissions page, complete the following steps:
- Click the "Add a permission" button, located above the "Configured permissions" table.
- You will then need to select an API, select Microsoft Graph.
- Select Delegated permissions.
- Click the respective checkboxes for each permission below:
- Directory.Read.All
- Group.Read.All
- GroupMember.Read.All
- profile
- User.Read
- User.Read.All
- User.ReadBasic.All
- Click "Add permissions", located at the bottom of the Request API permissions form, to add the permissions to the application.
- Click the "Add a permission" button, located above the "Configured permissions" table.
- You will then need to select an API, select Microsoft Graph.
- Select Application permissions.
- Click the respective checkboxes for each permission below:
- Directory.Read.All
- Group.Read.All
- GroupMember.Read.All
- User.Read.All
- Click "Add permissions", located at the bottom of the Request API permissions form, to add the permissions to the application.
- After being redirected back to the application's API permissions page, click the "Grant admin consent" button on the application's API permissions page.
NOTE: Administrator consent will be required to grant the selected permissions to the application. The minimum admin privileges required to grant consent are Application privileges.
You will be asked to verify, click "Yes" to continue. If the permissions are granted successfully, is displayed in the 'Status' column for the respective permissions. Once you are done adding permissions, the API permissions page should look something like this:
Credentials
Next, the credentials needed for PhishingBox to connect will have to be collected. PhishingBox requires three distinct keys or ids in order to connect to your AD:
- Application (client) ID
- Directory (tenant) ID
- Client secret
IDs
The Application ID and Directory ID are displayed in the Overview tab of the application page. Click the Overview link in the navigation menu on the left-hand side.
The Application ID and the Directory ID will be displayed at the top of the page below the application's display name.
Client Secret
Click the Certificates & secrets link in the navigation menu on the left-hand side of the Azure portal.
Under the Client secrets tab, click the "New client secret" button.
You will be prompted to give the secret a description and select an expiry date.
NOTE: If you choose to allow the secret to expire, after expiration another secret will need to be generated and the integration will need to be reconfigured.
After the secret is generated, you will want to save/copy the secret value (circled in green in the below screenshot). If you navigate away from the page, the secret will be obscured and you will not be able to copy the secret value to the clipboard. If you do not save the secret or it is obscured, you can always generate another one. Keep in mind that if the secret entered in PhishingBox is deleted from the application registration or expires the integration will have to be reconfigured in PhishingBox.
Now that you have configured the application and have the IDs and secret on hand, your Azure AD can be integrated with a PhishingBox group.
PhishingBox Group Settings
- Navigate to the PhishingBox Portal > Targets / Groups > Create Group
- Input an appropriate Group Name
- Select Microsoft Graph (Office365/Azure AD) in the "Third-Party Syncing drop-down":
NOTE: You can also configure a sync for an existing group -- just navigate to the Edit Group page and select the Microsoft Graph option for Third-Party syncing. A tab for Microsoft Graph Settings will appear in Edit Group.
- Click "Create Group"
- In the Microsoft Graph Setting Tab, select "App Settings" for the type of AD Sync:
- Input the App ID, Tenant ID, and Secret for the Azure App
- Click "Get Groups"
- Select the Group(s) you want to sync into the PhishingBox Group
- Click "Update Group"
Log in to O365 (Deprecated)
NOTE: This import option is deprecated and it's advised to use the App Setting option instead.
- Navigate to the PhishingBox Portal > Targets / Groups > Create Group
- Input an appropriate Group Name
- Select Microsoft Graph (Office365/Azure AD) in the "Third-Party Syncing drop-down":
NOTE: You can also configure a sync for an existing group -- just navigate to the Edit Group page and select the Microsoft Graph option for Third-Party syncing. A tab for Microsoft Graph Settings will appear in Edit Group.
- Click "Create Group"
- In the Microsoft Graph Setting Tab, select "Log in to O365 (Deprecated)" for the type of AD Sync:
- Check the "Update Microsoft login credentials":
- Click "Update Group"
- You'll be redirected to a Microsoft login page -- input your credentials and click "Sign in"
NOTE: The Microsoft account used to log in must have at least Application Administrator privileges.
- Once logged in, you will be redirected back to PhishingBox
- Select which groups you want to include in the sync. If you simply want to sync everyone on the account, select "Sync All Users"
- Click "Update" and your targets will be synced
Synced Attributes
PhishingBox can pull in the following fields from the Graph/Azure integration:
PhishingBox Field | Azure Attribute |
last_name | surname |
first_name | givenName |
mail (if empty, then userPrincipalName) | |
company | companyName |
title | jobTitle |
city | city |
country | country |
department | department |
phone_mobile | mobilePhone |
zip | postalCode |
state | state |
address_one | streetAddress |
name | displayName |
integration_id | identities |
manager | displayName |
phone_business | businessPhones |
employee_id | employeeid |
language | preferredLanguage |
Comments
0 comments
Please sign in to leave a comment.