Configuring permissions in your SafeTitan portal is the last step in setting up access to Azure AD, SSO and DMI. You'll need to do this for each of the three applications — AD, SSO and DMI — as described below.

Azure Active Directory (AAD) Sync

  1. In your SafeTitan portal, select User Manager > AD Sync Configuration.

  2. On the next screen, select the Azure Sync tab.

  3. To enable Azure AD synchronization with the portal, select the Enable Azure AD Sync checkbox.

  4. Populate your Application ID and Secret that you noted in the previous steps, along with the Tenant ID.

  5. Configure the user fields with their Active Directory attribute.


    Users may authenticate using Mail or UPN (User Principal Name). If users within the Azure tenant authenticate using their UPN Attribute, then do the following:

    • From the Email Attribute Mapping dropdown menu, select username.

    • Within SSO Authentication settings, enter: in the Username Claim field.

  6. Select Save.

  7. Select Test Synchronization Configuration to confirm that the settings you have saved are correct before you trigger synchronization. You'll be asked to confirm your selection in a pop-up window; select Test Synchronization.

    A message will be displayed to indicate either the success or failure of the test synchronization.

    • If the synchronization has been successful, it means that the synchronization has been able to pull users from the IDP. This means that the connection with Azure has been verified and you can proceed to to Step 8 to trigger the synchronization.

    • If it has failed, then it is advisable to check your settings to ensure that you have entered the correct data. You can then test the synchronization again.

  8. Once you are satisfied that your settings are correct and you have saved them, select Trigger Synchronization Now. You'll be asked to confirm your selection in a pop-up window; select Trigger Synchronization. The synchronization is added to a queue.


    The length of the synchronization process will vary depending on the traffic in the system as well as the size of the organization; that is, the number of users who are being processed by the system.

  9. You can select View Sync History to see the progress of the synchronization and also to see a list of previous triggered user synchronizations. Symbols indicating success SFT-Success-Symbol.jpg, warning SFT-Warning1-Symbol.jpg and failure SFT-Warning-Symbol.jpg are shown for each entry.

    Select the hyperlink under the Date column where you can view the various stages of the synchronization, which include:

    • Queued: The first stage in which the synchronization has been initiated and is in a queue, waiting for the system to trigger it.

    • Triggered: Synchronization is being executed.

    • IDP Pull: Stage in which the data for users is validated and they are pulled from their IDP. This stage also determines which users are added, updated or removed, which is executed in the next three stages.

    • Add Users: Users are added to the system. When completed, the number of users added is displayed.

    • Update Users: This stage is for updating user details in the system. When completed, the number of updated users is displayed.

    • Remove Users: Users are removed from the system. When completed, the number of users removed is displayed.

    The status for each stage is displayed, for example, Processing, Completed, Not Started, and so on. When a successful synchronization has been executed, you can view the list of users and the result for each, which indicates whether they have been added, updated or removed.

  10. Additional support for understanding the Synchronization process can be found by selecting the following items in the UI:

    • View Synchronization Log: By selecting View Synchronization Log, you can see the log details of a particular synchronization, and observe how the system processed each user.

    • View User Audit: Select View User Audit to see the system processing details based on the user.

Single Sign On (SSO)

  1. In your SafeTitan portal, select Configuration > Authentication Settings.

  2. From the Authentication Type dropdown menu, select OpenIdConnect.

  3. For each of the fields, enter the following details:

    • Post logout redirect URL: https://[your_domain_name], where you need to enter your company's domain in [your_domain_name].

    • Redirect URL: https://[your_domain_name], where you need to enter your company's domain in [your_domain_name].

    • Authority: This field must be entered in one of the following two ways:

      • [Your_Tenant_ID]

      • 


        The word common in the URL denotes Microsoft’s common gateway, meaning the indirect path to login.

    • Client ID: This is the Application ID you were given in Step 6 when you registered an application in the Microsoft Azure App Registration Portal.

    • Client Secret: This is the password/secret value generated when you created an Application Secret.

    • Domain Hint:

    • Username Claim: If left blank, this defaults to preferred username. Note that it can be updated to a claim of your choosing; for example, a UPN (user principal name) claim could be:

  4. Select Save.

Direct Mail Injection

  1. In your SafeTitan portal, select Configuration > Phishing Email Settings.

  2. On the next screen, select the Microsoft Graph API Delivery tab.

  3. Enter the Tenant ID, and select Save.

  4. Select the Microsoft Graph API Phishing Email Delivery checkbox. (On/Checked)

  5. Select Manual Azure Graph API Application.

  6. Populate the Application (client) ID field and the Client Secret field. (Note that in Azure they are referred to as Client ID and Secret Value.)

  7. Select Save Graph API Settings.