Before you create and launch your campaign, you must create or import your learners.
There are three ways to import your learners.
There are three ways to import your learners:
Typically, the option to add a single user is used in the preliminary stages. You can create single users to test your SSO/SAML2 configuration, or, to add a small number of users to allow them to review the system and content. Before going to production you will import the balance of your user communities information. This is done by either populating the example .csv and importing them, or by configuring a connection to your LDAP (Active Directory). The following fields are utilized when manually creating or importing users from a .csv or LDAP Directory:
Field | Description |
First Name | Denotes the first name of the user. This should be represented in title case as this is how the user name will appear in the system, reports and completion certificates. |
Last Name | Denotes the last name of the user. This should be represented in title case as this is how the user name will appear in the system, reports and completion certificates. |
Denotes the email of the user. This should match the email for the user. When configuring SSO/SAML2 authentication, this email MUST match the value being passed from the authentication solution. If it does not match, the user will not be recognized by the system and the user will be presented with an error. | |
Display Language | This is the initial default language setting for the user. When they log in to the Learner App, this setting denotes what language the Learner App content will be displayed in. The user can change this to any of the currently supported languages after logging in the first time. |
Department | While this field is labelled Department, it need not contain a department name. However, whatever unique values appear in this field will be used when assigning training campaigns and outputting report data. |
Title | While this field is labelled Title, it need not contain a title. However, whatever unique values appear in this field will be used when assigning training campaigns and outputting report data. |
Manager Email | The manager email is the email of the person the user reports to. These manager emails must also be users included in the system. I.e. you cannot refer to any email that is not part of the imported user community. This field is used for advanced notifications (copy manager). If you do not populate this field, or, the mapped attribute in LDAP is a null value, you will not be able to use this functionality. |
How to add a single user
1) Select Users from the Navigation Menu, then, select Add a single user from the Import Users button in the upper right hand corner of the screen:
The Add New User dialog box is presented:
| If the Department Lead check box is selected, then this user will receive reports for all users who match their Department field value if the corresponding Department Leads option button is selected in the Report Setup tab of the Campaign configuration wizard. |
2) Complete the form and select Save.
How to import users via CSV file
1) Select Users from the Navigation Menu, then, select Import from CSV file from the Import Users button in the upper right hand corner of the screen:
The Import Users via CSV File page is presented:
2) Download the example.csv by clicking on the example.csv button:
3) Open the example.csv and delete the sample data but DO NOT delete the first row or change the values in the first row:
| If the department_lead column value is set to ‘1’ (true), then this user will receive reports for all users who match their Department field value if the corresponding Department Leads option button is selected in the Report Setup tab of the Campaign configuration wizard. |
4) Populate the example.csv with your user data.
| While the columns department and job_title are labled as such, you need not specify departments or titles in these columns. The unique values you include in these two columns will be used to assign learners to training as well as to group users in reports. For example, you may wish to populate company names in department and city names in title if this is how you wish to group your users for campaign assignments. |
5) Save the .csv as a CSV UTF-8 file type.
6) Click on the Click or drag file to this area to upload to navigate to the file OR drag and drop the saved file in to the Click or drag file to this area to upload box to prepare for upload.
7) Select the language you would like to assign to all users included in the .csv from the Display Language drop-down. If you wish to upload groups of users with different default languages, then create a separate .csv by language, include the users who should be assigned that default language and name it accordingly so that you know what language you should assign when uploading the .csv.
8) Select the Upload Users button.
After selecting the Upload Users button, you will receive a summary of your upload with any warnings or errors:
9) Select the Upload button to complete the upload
An import results screen will be presented:
How to import via LDAP
For premium level service and partner permission users, administrators may import users from an LDAP Directory server or a Microsoft Active Directory server. If this method is used, you must map the appropriate attributes from the LDAP Directory to the correct Portal attributes.
Once configured, any changes to user entries in the LDAP / Microsoft Active Directory will be periodically synchronized to the Security Awareness and Training Service. This includes user deletion and changes to attributes such as surname, title, department, and manager mappings.
| A firewall rule may be required to allow the service to connect to the Directory in order to synchronize user data. Do not add users until you have fully verified the LDAP configuration and filter is returning the expected results. You can use a third party ldap browser to do this (e.g. Softerra LDAP Browser). |
Before configuring the LDAP user import, we recommend testing your firewall rule and developing a good LDAP filter that returns only the users that will be taking the training. You can refer to this article if you wish to perform this verification on your own:
How to create an LDAP configuration:
1) Select the Users item in the left-hand menu, select the Import Users button, and then select Import via LDAP menu option.
2) Select the + Create Configuration button.
3) Complete the LDAP Configuration settings section:
Field | Description | Notes |
Name | Give your connection a meaningful name. | For example, you can have multiple configurations each pointing to different OU levels within your Directory. The name should reflect the type of connection and location of the data that will be imported in this configuration. |
LDAP Server URL | Provide the IP address or FQDN of the LDAP server you are configuring for user import. | This must be the externally accessible IP or FQDN for the server. Do not enter a url. |
Base DN | Enter the top-level OU that you would like to import users from. | You can specify all users from the top of the Directory or a single OU within the Directory Information Tree (DIT) structure. If you wish to specify multiple OUs from different locations in the Directory, you can create multiple configurations or use the Search Filter field to specify more specific data locations. |
Search Filter | Enter the search filter you wish to identify users from within the DIT structure. The default (all users) should be set to: (objectClass=*) | The default (all users with any objectClass) is: (objectClass=*). A deployment specialist can help with a well-formed LDAP filter. Currently the length limit for the LDAP search filter is 255 characters. If your value is larger than 255, will get an error message similar to: “Data too long for column ‘search_filter`” in debuginfo server response was shown. This column is in the database table mdl_local_users_ldap_servers.” |
Port Number | Enter the port number that your Directory listens on. | Default registered ports are: 389 (ldap) and 636 (ldaps). Ensure that you set the correct port corresponding to the Connect Mode (below): LDAP or LDAPS which dictates the protocol used to bind to the Directory. |
User DN | Enter the Directory username that will be used to allow the service to bind to your Directory. | This should be the full DN of the user. |
Password | Enter the corresponding password for the User DN Directory username that will be used to allow the service to bind to your Directory. |
|
Connect Mode | Select the protocol you will use that corresponds to the Port Number above (i.e. LDAP or LDAPS). | The service currently does not support Azure Active directory (Entra). |
| Before configuring this section, contact your Directory administrator to obtain the Directory attributes being used to store the following information. Default Directory attributes for Active Directory have been provided. All data points mentioned below should be present and populated either in the default attribute, or a different attribute. Attribute names are case sensitive. |
4) Complete the LDAP Attribute Mapping section:
Service Field Name | Directory Attribute | Notes |
First Name | givenName | Enter the Directory attribute where the user’s first name information is stored. By default, in Active Directory, this is the givenName attribute. |
Last Name | sn | Enter the Directory attribute where the user’s first name information is stored. By default, in Active Directory, this is the sn (surname) attribute. |
Enter the Directory attribute where the user’s email is stored. By default, in Active Directory, this is the mail attribute. | ||
Title | title | Enter the Directory attribute where the user’s first name information is stored. By default, in Active Directory, this is the title attribute. |
Department | department | Enter the Directory attribute where the user’s department information is stored. By default, in Active Directory, this is the department attribute. |
Manager | manager | Enter the Directory attribute where the user’s first name information is stored. By default, in Active Directory, this is the manager attribute. If this attribute is not populated, the advanced ‘copy manager’ on email communications will not function. |
| In the above table, the Title and Department fields can be mapped to other attributes. The unique values harvested by these two attributes will dictate how you assign training campaigns to users and report on campaigns. I.e. If you map the title field to city, then you will be able to assign and report on training by city names. If the department field is mapped to company, then you will be able to assign training campaigns and report by the unique company values that are harvested. |
5) Select the Localization for End User desired Display Language from the drop-down menu. This applies to all users in this LDAP configuration. It sets the initial (default) language that the Learner App will user when users log in for the first time. Users can change this language after their first log in.
6) Click the Save Configuration button at the bottom of the screen:
If any of your LDAP Configuration settings are incorrect, you will receive the following error: 
You can get assistance by sending an email to infosec_awareness@fortinet.com
If successful, you should now be redirected and see your configuration saved on the Import Users via LDAP screen:
7)You can now select the Sync link to begin synching your user data into the service:
The Status should change to Synced:
| The synchronization of users can take several hours to start and even longer to complete, depending on the number of users. LDAP synchronization is run by regularly scheduled tasks, so be patient. If users do not synch within 24 hours, open a ticket by sending an email to infosec_awareness@fortinet.com |
After the LDAP synchronization has completed you may wish to set the department_lead flag for specific users. To do this:
1) Select Users from the navigation menu, search for the user using the Search by email or name text box and select Edit
2) Check the Department Lead check box for this user.
You will see an icon added to the Department column to indicate this user has been assigned the department lead entitlement:
| If the Department Lead check box is selected, then this user will receive reports for all users who match their Department field value if the corresponding Department Leads option button is selected in the Report Setup tab of the Campaign configuration wizard. |
 | If the Department Lead check box is selected, then this user will receive reports for all users who match their Department field value if the corresponding Department Leads option button is selected in the Report Setup tab of the Campaign configuration wizard. |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article