Knowledgebase
User Provisioning Options
Posted by on 01 July 2014 10:53 AM
User Provisioning Options

When a subscribing organization is using the Proofpoint Essentials service the minimum configuration is that one single domain is filtered by the Proofpoint Essentials service and adding users to the Proofpoint Essentials interface is an essential part of configuring a domain belonging to a subscribing organization.

NOTE: It is important to note that only registered users benefit from all the Proofpoint Essentials features and email addresses that remain unregistered or are marked as invalid will not have inbound or outbound email processed by Proofpoint Essentials.

 

Registered users benefit from many of the standard features of Proofpoint Essentials including:

  • Quarantine access
  • Quarantine summary digest email report
  • Ability to Release content from the quarantine
  • Processing of outbound email delivery
  • Processing of inbound email delivery without a “Non-registered email address disclaimer”
  • Allow Rules
  • Block Rules
  • Emergency Inbox

 

In order to meet the needs of our subscribers, User Provisioning can be handled in a number of ways:

  • LDAP Discovery
  • SMTP Discovery
  • CSV Import
  • Manual Creation

 

LDAP Discovery

LDAP Discovery is the default method of adding user to the Platform. This allows admins to import their users' email addresses and security groups directly from a client’s Microsoft Active Directory. LDAP Discovery is a one way synchronization for your protection and requires read only permission of an Active Directory server.

Please contact Microsoft support for any questions regarding your Active Directory settings.

Configuration of LDAP discovery requires a basic understanding of Active Directory and requires some minor firewall modifications: see LDAP Discovery

Adding Users by Active Directory

  1. While logged into the user interface, navigate to Company Settings 
  2. Go to User Config tab.
  3. Select the Active Directory radio button.
  4. Select the initial profile of the users you are loading.

    End Users receive a welcome letter once added to the system. The welcome letter will include details about the quarantine email as well as login information to access the user interface.
    Silent Users do not receive a welcome letter when loaded into the system. Their profile can be changed (i.e. to an end user) at a later stage.

  5. Specify the URL or IP Address to access the organization’s Active Directory. Port 389 (LDAP) will need to be accessible to Proofpoint Essentials IPs in order for this method to be used.\
  6. Enter an Active Directory username and password that can be used to import email-enabled objects such as users, Security Groups and Distribution Lists.
  7. Enter the Base DN
    1. This is the LDAP query that Proofpoint Essentials will execute to capture all mail-enabled object information.
    2. If you do not know what your base DN is please consult your network administrator.
  8. Choose what items you would like to sync.
  9. Choose additional sync options (e.g. updated synchronized accounts, etc.).
  10. Choose if you would like to enable a daily sync between Proofpoint Essentials and the organization’s Active Directory.
  11. Click Save.
  12. The Active Directory connection information will be validated and, if successful, a result set will be displayed for review. If the data is accurate, click Proceed to import the users. The Active Directory sync will overwrite previously created accounts along with their permissions. Therefore, you will need to update the organization admin account. Refer to the Manually Adding Users section in order to update user settings.

 

SMTP Discovery

When enabled, SMTP discovery will accept email traffic for non-registered users based on predefined settings (e.g. number of times where the SMTP address has been identified). It will also send out a weekly report to the organization administrator so that they can set the address as either invalid or active.

Adding Users by SMTP Discovery

  1. While logged into the user interface, navigate to the Company Settings > User Config tab.
  2. Select the SMTP Discovery radio button.
  3. Select the initial profile of the users you are loading.
    1. End Users receive a welcome letter once loaded into the system. The welcome letter will include details about the quarantine email as well as login information to access the user interface. Silent Users do not receive a welcome letter when loaded into the system. Their profiled can be changed (i.e. to an end user) at a later stage.
  4. Update SMTP Discovery settings based on preferences.
    1. Inbound Detection Threshold: The number of times Proofpoint Essentials should see this email address before including it in the SMTP Discovery weekly digest.
    2. Expiration: The number of times the address should appear in the SMTP Discovery weekly digest before expiring.
    3. Expired Addresses Default to New User: When enabled will automatically make an address a licensed user once inbound detection and expiration settings have been met.
    4. Auto-add Detected Alias Addresses: Will automatically add an address as an alias when identified.
    5. Auto-add New Users Detected via Outbound: If the organization is filtering outbound email through Proofpoint Essentials, than this setting will automatically create licensed users for non-registered accounts.
    6. Report on New Users: Will deliver a report to the organization administrator identifying new users that have been automatically created.
    7. Report on New Aliases: Will deliver a report to the organization administrator identifying new aliases that have been automatically added.
    8. Include Admin Contact: Will include an admin contact in the report.
  5. Click Save.

 

CSV Import

Due to the complexity of CSV Import it is only currently available to resellers. The current issue is with the possibility of overriding current list of users.

CSV text must be pasted into the dialog box under Management > CSV Import. And should be formatted First Name, Last Name, Primary Email address, followed by other address separated by commas.

When loading users by CSV, please ensure the following:

  • The CSV file should not contain a header row.
  • The CSV file should contain the following data:
    • First Name
    • Last Name
    • Primary SMTP Address
    • Additional aliases (aliases should be separated by commas)

 

  1. While logged into the user interface, navigate to Company Settings > User Config tab.
  2. Select the CSV Upload radio button.
  3. Select the initial profile of the users you are loading.
    1. End Users receive a welcome letter once loaded into the system. The welcome letter will include details about the quarantine email as well as login information to access the user interface.
          Silent Users do not receive a welcome letter when loaded into the system. Their profile can be changed (i.e. to an end user) at a later stage.
  4. Copy and paste the contents of the CSV file containing the accounts you wish to load.
    1. Use an application such as TextEdit or Notepad to view the contents of the CSV file.
  5. Specify the delimiter used in the CSV file (e.g. comma, tab).
  6. Map the fields to the order of the columns in the CSV file.
  7. Choose if SMTP Discovery should remain enabled.
  8. Click Save.
  9. The CSV content will be validated and, if successful, a result set will be displayed for review. If the data is accurate click 'Proceed' to import the users.

NOTE: The CSV import will overwrite previously created accounts along with their permissions. Therefore, you will need to update the organizaton admin account. Please refer to the Manually Adding Users section in order to update user settings.

Manual Creation

Manual creation allows for the individual creation of user accounts and assignment of aliases as well as the elevation of user privileges.

  1. While logged into the user interface, navigate to the Users & Groups > Users tab.
  2. Click on Add a User.
  3. Enter the user’s first name.
  4. Enter the user’s last name.
  5. Enter the user’s primary email address.
  6. Select the user’s privileges.
    1. End Users receive a welcome letter once loaded into the system. The welcome letter will include details about the quarantine email as well as login information to access the user interface.
    2. Silent Users do not receive a welcome letter when loaded into the system. Their profile can be changed (i.e. to an end user) at a later stage.
  7. Enter a password for the user (Optional).
  8. Click Save

NOTE: New users are registered every half-hour. Therefore mail will not flow to the new user until the change is made. If SMTP Discovery is enabled, users will be able to receive email immediately.


ERROR: This domain name does not match domain registered in the license key file (cms.orlinpilot.com), allowed domains: support.excelmicro.com, please change the product path to match the domain under Admin CP > Settings > General Settings
This product will not work properly unless untill that value is changed.

For more information please contact Kayako support at https://my.kayako.com