Creating and importing users

Before you create and launch your campaign, you must create or import your learners.

There are three ways to import your learners:

• Adding a single user

• Importing users with a CSV file

• Importing users with LDAP

Typically, the option to add a single user is used in the preliminary stages. You can create single users to test your SSO/SAML2 configuration or to add a small number of users to allow them to review the system and content. Before going to production you will import the balance of your user community's information. This is done by either populating the example .csv and importing them, or by configuring a connection to your LDAP (Active Directory). The following fields are utilized when manually creating or importing users from a .csv or LDAP Directory:

Field	Description
First Name	Denotes the first name of the user. This should be represented in title case as this is how the user name will appear in the system, reports and completion certificates.
Last Name	Denotes the last name of the user. This should be represented in title case as this is how the user name will appear in the system, reports and completion certificates.
Email	Denotes the email of the user. This should match the email for the user. When configuring SSO/SAML2 authentication, this email must match the value being passed from the authentication solution. If it does not match, the user will not be recognized by the system and the user will be presented with an error.
Display Language	This is the initial default language setting for the user. When they log in to the Learner App, this setting denotes what language the Learner App content will be displayed in. The user can change this to any of the currently supported languages after logging in the first time.
Department	While this field is labeled Department, it does not need to contain a department name. However, whatever unique values appear in this field will be used when assigning training campaigns and outputting report data.
Title	While this field is labeled Title, it does not need to contain a title. However, whatever unique values appear in this field will be used when assigning training campaigns and outputting report data.
Manager Email	The manager email is the email of the person the user reports to. These manager emails must also be users included in the system, meaning you cannot refer to any email that is not part of the imported user community. This field is used for advanced notifications (copy manager). If you do not populate this field, or the mapped attribute in LDAP is a null value, you will not be able to use this functionality.

To add a single user:

1. Go to Users from the Navigation Menu.

2. Select Add a single user from the Import Users dropdown menu.

   

   The Add New User dialog box is presented.

   

3. Complete the form and select Save.

To import users with a CSV file:

1. Go to Users from the Navigation Menu.

2. Select Import via CSV file from the Import Users dropdown menu.

   

   The Import Users via CSV file page is presented.

   

3. Download the example file by clicking on the example.csv button.

   

4. Open the example.csv and delete the sample data but do not delete the first row or change the values in the first row.

   

5. Populate the example.csv with your user data.

   While the columns department and job_title are labled as such, you do not need to specify departments or titles in these columns. The unique values you include in these two columns will be used to assign learners to training as well as to group users in reports. For example, you may wish to populate company names in department and city names in job_title if this is how you wish to group your users for campaign assignments.

6. Save the file as a CSV UTF-8 file type.

7. Click on the Click or drag file to this area to upload to navigate to the file or drag and drop the saved file in to the Click or drag file to this area to upload field to prepare for upload.

8. Select the language you would like to assign to all users included in the .csv from the Display Language dropdown menu. If you wish to upload groups of users with different default languages, then create a separate .csv by language, include the users who should be assigned that default language and name it accordingly so that you know what language you should assign when uploading the .csv.

   

9. Select Upload Users.

   You will receive a summary of your upload with any warnings or errors:

   

10. Select Upload to complete the upload.

    An import results screen will be presented.

    

Importing users with LDAP

For Premium level service and Partner permission users, administrators may import users from an LDAP Directory server or a Microsoft Active Directory server. If this method is used, you must map the appropriate attributes from the LDAP Directory to the correct Portal attributes.

Once configured, any changes to user entries in the LDAP or Microsoft Active Directory will be periodically synchronized to the Security Awareness and Training Service. This includes user deletion and changes to attributes such as surname, title, department, and manager mappings.

A firewall rule may be required to allow the service to connect to the Directory in order to synchronize user data. Do not add users until you have fully verified the LDAP configuration and filter is returning the expected results. You can use a third party LDAP browser to do this (such as Softerra LDAP Browser).

Directory attributes are case sensitive. Here are the default Directory attributes (for Microsoft Active Directory). It is important that all Directory attributes are present and populated for the service to operate correctly.

To create an LDAP configuration:

1. Go to Users in the Navigation Menu.

2. Click Import Users and then select Import via LDAP from the dropdown menu.

   

3. Click Create Configuration.

   

4. Complete the LDAP Configuration settings.

   

   Field	Description	Notes
   Name	Give your connection a meaningful name.	For example, you can have multiple configurations each pointing to different OU levels within your Directory. The name should reflect the type of connection and location of the data that will be imported in this configuration.
   LDAP Server URL	Provide the IP address or FQDN of the LDAP server you are configuring for user import.	This must be the externally accessible IP or FQDN for the server. Do not enter a URL.
   Base DN	Enter the top-level OU that you would like to import users from.	You can specify all users from the top of the Directory or a single OU within the Directory Information Tree (DIT) structure. If you wish to specify multiple OUs from different locations in the Directory, you can create multiple configurations or use the Search Filter field to specify more specific data locations.
   Search Filter	Enter the search filter you wish to identify users from within the DIT structure. The default (all users) should be set to: (objectClass=*)	The default (all users with any objectClass) is: (objectClass=*). A deployment specialist can help with a well-formed LDAP filter. Currently the length limit for the LDAP search filter is 255 characters. If your value is larger than 255, will get an error message similar to: Data too long for column ‘search_filter`” in debuginfo server response was shown. This column is in the database table mdl_local_users_ldap_servers.
   Port Number	Enter the port number that your Directory listens on.	Default registered ports are: 389 (ldap) and 636 (ldaps). Ensure that you set the correct port corresponding to the Connect Mode. LDAP or LDAPS which dictates the protocol used to bind to the Directory.
   User DN	Enter the Directory username that will be used to allow the service to bind to your Directory.	This should be the full DN of the user.
   Password	Enter the corresponding password for the User DN Directory username that will be used to allow the service to bind to your Directory.
   Connect Mode	Select the protocol you will use that corresponds to the Port Number above (i.e. LDAP or LDAPS).	The service currently does not support Azure Active directory (Entra).

   Before configuring this section, contact your Directory administrator to obtain the Directory attributes being used to store the following information. Default Directory attributes for Active Directory have been provided. All data points mentioned below should be present and populated either in the default attribute, or a different attribute.Attribute names are case sensitive.

5. Complete the LDAP Attribute Mapping section.

   

   Service Field Name	Directory Attribute	Notes
   First Name	givenName	Enter the Directory attribute where the user’s first name information is stored. By default, in Active Directory, this is the givenName attribute.
   Last Name	sn	Enter the Directory attribute where the user’s first name information is stored. By default, in Active Directory, this is the sn (surname) attribute.
   Email	mail	Enter the Directory attribute where the user’s email is stored. By default, in Active Directory, this is the mail attribute.
   Title	title	Enter the Directory attribute where the user’s first name information is stored. By default, in Active Directory, this is the title attribute.
   Department	description	Enter the Directory attribute where the user’s department information is stored. By default, in Active Directory, this is the department attribute.
   Manager	manager	Enter the Directory attribute where the user’s first name information is stored. By default, in Active Directory, this is the manager attribute. If this attribute is not populated, the advanced ‘copy manager’ on email communications will not function.

   In the table, the Title and Department fields can be mapped to other attributes. The unique values harvested by these two attributes will dictate how you assign training campaigns to users and report on campaigns. This means that if you map the Title field to city, then you will be able to assign and report on training by city names. If the Department field is mapped to company, then you will be able to assign training campaigns and report by the unique company values that are harvested.

6. Select the Localization for End User desired Display Language from the dropdown menu. This applies to all users in this LDAP configuration. It sets the initial (default) language that the Learner App will user when users log in for the first time. Users can change this language after their first log in.

   

7. Click Save Configuration.

   If any of your LDAP Configuration settings are incorrect, you will receive the following error:

   

   You can get assistance by sending an email to infosec_awareness@fortinet.com.

   If successful, you should now be redirected and see your configuration saved on the Import Users via LDAP screen:

8. You can now select Sync to begin synching your user data into the service.

   

   The Status should change to Synced.

   

   The synchronization of users can take several hours to start and even longer to complete, depending on the number of users. LDAP synchronization is run by regularly scheduled tasks, so be patient. If users do not synch within 24 hours, open a ticket by sending an email to infosec_awareness@fortinet.com.