Learners & Groups
Table of Contents:
- Creating Users
- Managing Individual Learners
- Importing Multiple Users
- Managing Groups
- Active Directory Synchronizer
Once you have completed this section, you will be able to:
- Understand how learners are counted in SecurityIQ
- Create a single learner manually
- Create multiple learners by importing a CSV file
- Create groups
- Assign learners to a group
- Delete a group
- Understand how groups are used in SecurityIQ
As you learned in the Planning section, groups will be a key part of effectively and efficiently delivering security awareness training and simulated phishing attacks to your learners, as well as reporting on their progress. In this section, you will learn how to create learners manually or by importing a large number of them via a CSV file and assigning those learners to the appropriate groups.
Before we begin creating learners, it will be helpful to review how SecurityIQ handles licensing. When you subscribe to SecurityIQ, you are purchasing “seats” within the system. Much as with a physical classroom that may have 20 seats that are occupied by students at any given time, students will come and go throughout the year. When a new student arrives to take the place of one who left, you don’t purchase a new seat, you simply re-assign the seat of the student who left. In the same way, when a learner leaves your organization and a new one takes their place, you do not need to purchase an additional seat, you will simply delete the old learner from the system and add the new one.
There are two quick and easy methods for enrolling learners in SecurityIQ. If you only need to add one or two learners, you can create them manually. In certain situations, however, such as enrolling a large number of learners during the setup process or as part of seasonal hiring, it is more convenient to enroll multiple learners at once, which can be done by importing a comma separated (CSV) file. We will cover both methods.
The only information needed to create a SecurityIQ learner is the first and last name and the email address. No passwords are required in order for learners to use SecurityIQ. It is possible to provide additional information for a user, which can be used to customize the learning experience, and we will explore those options in the Importing Users section.
To create a single user:
- From the main menu, click “Learners” and then “Individuals”.
- Click the “New Learner” button.
- Enter the leaner’s first name, last name, and email address (these three fields are required).
- By default, the learner will be assigned to the All Learners group. If you would like to assign them to other groups, simply click the group name in the Available Groups section. As you select these, they will appear in the Selected Groups section.
- Click “Save” once you have added your learner’s information and assigned them to the appropriate groups.
Figure: New Learner Entry
To modify an existing user:
- On the main menu, hover over “Learners” and click “Individuals”
- In the Learners section, you can click the magnifying glass to search for a user or click the left or right arrows to scroll through the pages to the desired learner. Once they have been located, hover over their name and click the pencil icon to edit their record.
- On the Edit Learner page, you can update their name and update which groups they are assigned to.
- To add a learner to a new group, click the desired group in the Available Groups list and it will be moved to the Selected Groups list.
- To remove a learner from the group, click the desired group in the Selected Groups list and it will be moved to the Available Groups list.
- Click “Save”
Figure: Learners List
Figure: Edit Learner
To delete a learner:
In order to delete a learner from SecurityIQ, the learner must not be part of a running campaign. If you wish to remove a learner who is currently enrolled in an active campaign, you must wait for the campaign to finish or end it manually
Importing Multiple Users
Importing users is the ideal method for enrolling learners when you are first configuring SecurityIQ. In addition, the import method allows you to include additional information about your learners that can be used to customize the emails they receive and provide a truly realistic and engaging phishing experience.
A sample CSV file is available for download on the Import page. Simply download this file and fill it out or use it as a template for creating your own.
In the Planning section of this manual we discussed the importance of knowing how to group your users. During the import process we will put that planning to work. Each line of the import file will contain all information related to a single learner.
For the purpose of this document, we will walk through the process of completing the provided template file and using it to import our new learners.
To create your CSV import file:
- On the main menu, hover over “Learners” and click “Import”.
- Download the sample CSV file using the “Download Sample CSV File” link at the bottom of the page.
- Open the sample CSV file.
- Delete all rows below row 1. You should now see a sheet that looks like the Blank Import Template image below.
- Add information for all of your learners to the sheet. Only the first_name, last_name, and email columns are required. The additional columns can be used to customize your PhishSim email templates and it is recommended that you provide this information if possible.
- If you wish to add a learner to a group when the import is complete, include the group name in the group column. If you enter a group name that does not yet exist, it will be created during the import. If you would like to include the learner in more than one group, copy and paste the row containing the learner’s information and then change the group name in the pasted row. You may do this as many times as you need in order to include the learner in the desired number of groups. The Completed Import CSV File Example image below provides an example of how your file might look when adding a single learner to multiple groups.
- Save the CSV file.
- In the CSV Learner Destination section, select the desired group option for your learners:
- Group Listed in CSV – This option will assign the learner to the group you have listed in the group column of the CSV file.
- Existing Group – Choose from a dropdown menu of existing groups. All learners in the CSV file will be added to that group.
- New Group – Define a new group to assign all imported users to.
- In the Behavior for Existing Learners section, select what you would like to do when a learner in your import file already exists:
- Update Learners – Use the information in the CSV file to update the existing learner’s information.
- Ignore Learners – If an imported learners already exists in SecurityIQ, the imported entry will be skipped.
- In the Choose CSV File section, click “Choose File” and locate your template file.
- Click “Preview Upload” and confirm that no errors have occurred.
- Complete the import process by clicking “Upload Learners”.
- You will now see you new learners listed.
Figure: Blank Import Template
Figure: Completed Learners Import CSV File Example
Figure: Learners Import from CSV
Figure: Preview CSV File
A learner can belong to one or more groups. These groups can then be used in PhishSim and AwareEd campaigns to deliver targeted training to specific learners based on their role or job function.
Groups can either be created during the CSV import process, while creating new users individually, or they can be manually created.
To manually create a group:
- On the main meny, hover over “Learners” and click “Groups”.
- Click “New Learner Group”.
- Enter the Group Name.
- Select at least one existing learner from the Available Learners section or add a new user by entering their information in the Add New Learner Manually section. As users are clicked or manually added, they will be displayed in the Selected Learners section.
- Click “Save” once all changes have been made.
The new group is now ready to be used in PhishSim and AwareEd campaigns.
Figure: Create a New Group
To delete a group:
Figure: Group is In Use
- On the main menu, hover over “Learners” and click “Groups”.
- Hover over the name of the group you wish to delete and click the “Trash Can” icon.
- In the Delete Target Group prompt, click “Delete” to continue or “Cancel” to stop.
- If the selected group is part of an existing PhishSim or AwareEd campaign, the campaing will need to be deleted before the group can be removed from they system. If this action is required, please see the Deleting a Campaign in the PhishSim or AwareEd section of this manual for information on how to perform that process.
Active Directory Synchronizer
The SecurityIQ Active Directory Synchronizer (ADS) utility provides an efficient and automated method for managing SecurityIQ learners and groups via Active Directory. There are two components used in the synchronization process. The ADS utility, which can be run from a server or workstation with Microsoft RSAT installed, allows an administrator to select user groups and/or organizational units (OUs) within Active Directory, and then have those groups, OUs, and their members transferred into SecutiyIQ. The ADS utility can either be executed from the command line by providing the required arguments, either via a user interface or through the use of a scheduled task. The ADS Settings page within SecurityIQ defines how the synchronized data will be handled. There are a few important settings which much be changed prior to conducing your first synchronization, which we will cover here.
Figure: Active Directory Synchronizer Page
Before beginning the utility installation, let’s review the Active Directory Synchronizer options within SecurityIQ:
Active Directory Utility
Secret Key: This key is used by the ADS utility to authenticate to SecurityIQ. It will be entered in the GUI or used as a command line parameter when running the utility.
Download: This is the link to the latest version of the ADS utility.
Only Add New Learners: When a synchronization occurs, only new users and groups will be created.
Update Existing Learners: When a synchronization occurs, in addition to creating new users and groups, the process will also update any existing SecurityIQ learner accounts. It is important to note that if this option is selected, users who were previously synchronized with SecurityIQ but no longer exist in the synchronization data (due to being disabled or removed from Active Directory) will be flagged for deletion within SecurityIQ. They are not automatically deleted, but they are displayed under the Learners To Delete tab. The administrator then has the ability to delete them if their account is no longer needed.
|IMPORTANT – Before conducting your initial import, you must enable the “Override safety switch on next sync” option with the Active Directory Synchronizer section of the SecurityIQ web portal. The initial import will fail if this step isn’t taken.|
Override safety switch on next sync: If the number of changes to be made to users within SecurityIQ is greater than 10% of your total number of learners, the sync will be rejected. In order to allow large changes (such as when you initially import your learners), this box must be checked. Once this box is checked, it will be automatically reset after the next successful synchronization.
The Active Directory Synchronizer Change Log page displays an overview of synchronization activity between the ADS untility and SecurityIQ. If any changes were made during the synchronization, a “Download CSV” link will be available under the Changes and Errors columns. This document will provide a detailed report of any changes that took place during the sync.
Figure: ADS Change Log
Learners Flagged for Deletion
Learners who were previously synchronized with SecurityIQ but no longer exist in the synchronization data due to being disable or removed from Active Directory will be flagged for deletion within SecurityIQ. These learners are not automatically deleted, but they are displayed under the Learners To Delete tab. The administrator then has the ability to delete them if their account is no longer needed.
Figure: Learners Flagged for Deletion
To delete all Learners Flagged for Deletion
- On the Active Direcotry Synchronizer page, click “Learners To Delete”.
- Click the “Delete All” button.
- If all of the flagged users are eligible to be deleted, you will be prompted to confirm your deletion.
- Note: In order to delete a learner, it must not be part of any campaign.
Active Directory Synchronizer Installation
Active Directory Synchronizer System Requirements
- PowerShell 3.0 or higher
- Windows 7 SP1 or higher
- Remote Server Administration Tools (RSAT) required if not run on a domain controller
- .NET 3.5 or higher
- An Active Directory user with Read Only access
To install the Active Directory Synchronizer
- On the main menu, hover over “Learners” and click “Active Directory Synchronizer”.
- Click the “Download” icon and a download of ActiveDirectorySynchronizer.zip will begin.
- Create a directory on the Windows PC or server from which you will be running the utility.
- Extract the contents of ActiveDirectorySynchronizer.zip to your newly created folder.
To execute the ADS utility from the command line
- Open the command prompt and navigate to the location of AD-IMPORT.EXE which you prevoiusly extracted.
- Provide the arguments for the Username needed for the Active Directory connection along with its password, as well as the License Key.
- Example: AD-Import.exe -arguments -U <Username for AD Read Access> -P <Password> -license_key <Key provided by SIQ Team>
To execute the utility via its GUI
- Double click AD-IMPORT.exe
- Enter a the username and password of the AD user with read-only privilages alongwith the License key listed in the Active Directory Synchronizer section of SecurityIQ.
- To have all items within selected OUs synchronize with SecurityIQ, click the “Options” button to the right of Organizational Unit, then choose the OUs you would like to synchronize.
- To choose specific groups to synchronize with SecurityIQ, click the “Options” button to the right of Group/s. Then choose the groups you would like to to synchronize.
- If you would like to save the entered information and use it next time you run the utlility, check the “Save Info?” box. (The password will be encrypted within the local config file.) If you do not save this information, you will be required to re-enter it the next time the utility is run.
- Click “Done” when complete.
Depending on the number of groups, OUs, and users that are contained within them, it may take a few minutes for the synchronization to complete.
To execute the utility via a scheduled task
It may be desirable to execute an automatic syncronization from time to time. This can be accomplished using a Windows Schedule Task.
- Prior to scheduling the task, perform a manual syncronization via the GUI. Be sure to enter all of the required information and check the “Save Info” box before clikcing “Done.” This will save the sync settings into the config file; this will be used by the utility during the execution of the scheduled task.
- Create a scheduled task and set the action to run AD-IMPORT.exe
- Define the schedule for your synchronization to take place.